As the cyberthreat landscape evolves and becomes more sophisticated, users and organizations alike need to consistently stay phishing-resistant to create a strong defense against cyber attacks. Moving beyond the technology of phishing-resistant MFA to focusing on the end user is key to creating phishing-resistant users who are consistently protected with authentication that moves seamlessly with them, across devices, platforms and scenarios, and secures all aspects of their online user account lifecycle including onboarding, authentication and account recovery. Biometric-based authentication, using modern security keys, can not only foster phishing-resistant users but also deliver a passwordless experience that enhances user productivity and delight.
The Solution: YubiKey Bio Series – FIDO Edition delivers the gold standard of biometric authentication, with a smooth passwordless experience
The YubiKey Bio Series – FIDO Edition, creates phishing-resistant users who can accelerate to a passwordless experience with high levels of productivity and assurance. The YubiKey Bio – FIDO Edition and YubiKey C Bio – FIDO Edition deliver the convenience of biometric login with the added benefits of Yubico’s hallmark security, reliability, and durability assurances. Biometric fingerprint-derived credentials are stored in a secure element that helps protect them against physical attacks. The result is a single, portable, and trusted hardware-backed root of trust delivering a seamless login experience across different devices, operating systems, and applications. The YubiKey Bio – FIDO Edition leverages the full range of MFA capabilities outlined in the FIDO2 and WebAuthn standard specifications. The convenience of simply touching the key to authenticate (no PIN entry during day-to-day authentication) also helps drive the adoption of safer passwordless sign-in so everyone can be more secure and efficient.
Fingerprints are never stored on the YubiKey Bio. However, what is stored are templates of fingerprints, derived from the fingerprints presented to the YubiKey. Whenever a finger is presented to a YubiKey, a template is created and then compared to the stored template and if there is a match, the application or service authentication succeeds. And finally, fingerprint templates never leave the YubiKey.
Key capabilities include:
- Adheres to the most stringent hardware security requirements with fingerprint templates stored in the secure element on the YubiKey Bio
- Supports FIDO2/WebAuthn and FIDO U2F
- Works across platforms supporting WebAuthn such as Windows, macOS, ChromeOS, and Linux and across browsers such as Edge and Chrome
- Available in both USB-A (“YubiKey Bio – FIDO Edition”) and USB-C (“YubiKey C Bio – FIDO Edition”) form factors with biometric support
With the lineup now on the latest 5.7 firmware, the Bio Series – FIDO Edition has newly added the following capabilities:
- Added flexibility on managing PINs: Assure that a temporary FIDO2 PIN set by, for example an administrator during enrollment, is forced to be changed by the end user upon first use. In addition, organizations can configure a minimum PIN length on the YubiKey to meet corporate and regulatory compliance mandates.
- Support for more passkeys: While current YubiKeys offer a sufficient number of FIDO2 credentials (also known as passkeys) to meet most (enterprise) user needs, there has been expansion of the storage for up to 100 passkeys.
- Better asset tracking and use of allowed authenticators: Available on custom programmed keys, the new Enterprise Attestation capability allows identity providers to assure that only authenticators approved by the organization are being used and the availability of serial numbers further enables asset tracking.
- Enhanced PIN complexity for compliance: This capability, when enabled, will apply to all YubiKey applications that rely on PINs, including FIDO2. Organizations can rely on the fact that users are not using simple, common, or easy to guess PIN’s.
Original post here.
