Go passwordless
Strong authentication that eliminates passwords and delivers a more secure and frictionless login experience.
Passwords are no longer the answer
Large scale data breaches and credential theft put user accounts at risk for account takeover.
3.3 Billion
stolen credentials reported in 2017
81%
of data breaches from weak/stolen passwords
123456
the most commonly used password along with the word password.
The hidden time and cost of passwords
The average user struggles to manage passwords for a dozen or more accounts.
21 hours
per person, each year, spent on password resets
20-50%
of helpdesk calls are for password resets
$70
the average estimated cost of a password reset
#1
support cost is password resets
What is passwordless authentication?
Passwordless authentication is any form of authentication that doesn’t require
the user to provide a password at login. There are many different implementations of passwordless authentication today. While traditional multi-factor authentication (MFA) approaches are highly phishable and vulnerable to remote account takeover attacks, modern MFA approaches, including passwordless MFA offer strong phishing resistance and are proven to stop account takeovers in its tracks.
Enterprises that eliminate passwords report better business and security outcomes
New research finds organizations using passwordless technologies experience the fewest phishing attacks, are more productive and achieve greater levels of employee satisfaction.
Think there is only one way to do passwordless?
Think again.
There are many roads to phishing-resistant passwordless, and all roads lead to stronger security and a better user experience. Organizations can choose to implement smart card passwordless, FIDO2 passwordless using a biometric or a PIN, or a hybrid passwordless approach involving a mix of smart card and FIDO2 passwordless, depending on their existing infrastructure and user scenarios. And, the user can simply authenticate using a passwordless device, such as a hardware security key that can support both smart card and FIDO2 protocols to verify their credentials with the application or system.
Smart card passwordless
Smart cards are a step toward passwordless, and many companies already use them for secure access to sensitive resources and systems. Organizations that have a primarily on-premises infrastructure, or have a BYOD environment should consider implementing a smart card-based passwordless approach. This offers both the benefits of strong security and a passwordless user experience. Smart cards are eminently less phishable than a password-based system, and used effectively in some of the most security-conscious organizations in the world today.
FIDO2 passwordless
FIDO2 is the newest FIDO Alliance specification for authentication standards, and WebAuthn is a web-based API that allows websites to update their login pages to add FIDO-based authentication on supported browsers and platforms. This is an evolving security ecosystem that will make crossing the bridge to passwordless easier. Cloud-first organizations, or one that has a mix of cloud and on-premises infrastructure can pursue a FIDO2 passwordless strategy. Organizations with cloud-based applications like Office 365 or other SaaS applications, and using any of the existing Identity Providers can consider a FIDO2 passwordless approach.
Hybrid passwordless
Increasing organizations are opting to choose a combination of two different types of passwordless approaches to create a solution that solves their passwordless needs. As an example, customers are opting to go with FIDO2 passwordless for computer login and federated web apps, while choosing a smartcard passwordless approach for secure remote access (RDP, VPN, VDI). In this manner organizations can adopt a passwordless strategy to map to specific use cases, given their environments and user segments.
Looking for a FIPS validated solution for passwordless login into Microsoft Azure AD?
Learn about the YubiKey 5 FIPS Series the industry’s first FIPS 140-2 validated hardware security key lineup to support Smart card, FIDO2 and hybrid passwordless.
“Passwordless login represents a massive shift in how billions of users, both business and consumer, will securely log in to their Windows 10 devices and authenticate to Azure Active Directory-based applications and services.”
How does passwordless work?
Passwordless authentication is made possible by the new FIDO2 open authentication standard co-authored by Yubico and Microsoft, along with members of the FIDO Alliance.
Single factor (passwordless):
authenticator + touch/tap
Replaces weak passwords with a hardware authenticator for strong single factor authentication.
Multi-factor (passwordless):
authenticator + touch/tap + PIN
Multi-factor with combination of a hardware authenticator with user touch and a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.
Unlock the 2023 Gartner® Market Guide for User Authentication
According to Gartner®, “Attacks against incumbent multifactor authentication (MFA) methods are driving interest in phishing-resistant MFA and robust identity verification for credentialing and account recovery.”
Embrace Zero Trust, level up your cybersecurity, and enhance employee and customer experiences! Explore Gartner user authentication recommendations for safeguarding against account takeovers (ATOs) and see why we are a Representative Vendor.
Gartner, Market Guide for User Authentication, Ant Allan, James Hoover, Robertson Pimentel, 23 August 2023.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Learn more about modern MFA and going Passwordless
Is your organization ready to go passwordless? Here is a list of questions to check your readiness
Government of Nunavut turns to phishing-resistant YubiKeys and experiences a bridge to passwordless.
Read the Bridge to Passwordless Whitepaper Series
Delivering strong authentication and passwordless at scale
Thousands of companies and millions of end-users use YubiKey to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 3 of the 5 leading financial and retail companies, and several of the largest governmental entities around the world.
Risk reduction, business growth, and efficiency enabled by YubiKeys
A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.
BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!
YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month
YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model
Get started
Find the right YubiKey
Contact our sales team for a personalized assessment of your company’s needs.
- QR codes within enterprise security: Key considerations and best practices
Every second, a phishing attack takes place. In fact, over 80% of cyber attacks are a result of stolen login credentials from attacks like phishing – mostly due to the relatively low cost and high success rate to execute these attacks. Unfortunately, this pattern will continue to grow as attackers become more sophisticated, utilizing tools […]
Read more - Yubico joins CISA and the Joint Cyber Defense Collaborative’s High-Risk Communities Protection initiative to continue helping secure high-risk individuals and organizations
We’re honored to share that today we are joining the Cybersecurity & Infrastructure Security Agency (CISA) as they launch a new webpage to provide resources for high-risk individuals and organizations to receive the tools they need to protect themselves online. This webpage is the product of the Joint Cyber Defense Collaborative’s (JCDC) High-Risk Communities Protection […]
Read more - Microsoft’s Surface Pro 10 for Business enables NFC-based passwordless authentication with YubiKeys
Microsoft has consistently been a pioneer and architect of digital innovations that raises the bar for what technology can accomplish – especially within cybersecurity. Their mission to empower every organization to achieve more is highlighted in advancements in new products – including today’s announcement of Surface Pro 10 for Business which prioritizes security and user […]
Read more - Five tips to maximize your consumer-facing passkey implementation
Passkeys have taken the online security world by storm since their inception in mid-2022, even if the underlying technology can technically be traced back to FIDO2 and its breakthrough onto the world stage in 2018. Popularity has no doubt exploded due to their widespread adoption by the world’s largest tech companies – who also happen […]
Read more