The YubiKey Bio range has been highly anticipated; Yubico already has a tremendous reputation for its hardware-based security devices, so much so that even the “bad guys” themselves recommend you use a YubiKey instead of SMS or email MFA if you want to avoid being compromised. Now there’s a truly passwordless experience that leverages biometrics. It includes a fingerprint sensor while retaining classic YubiKey features like durability and water resistance.
The YubiKey Bio is a new type of key from Yubico, but one which can effortlessly transform your security regime, and which can serve as an ideal starter to the world of passwordless security. If you’re still relying on passwords and using text messages or email messages for multi-factor authentication perhaps the YubiKey Bio is the device to help you transition to a more secure world. What user interface could be simpler than pressing your own finger against it?
iTWire tried both out, using the USB-A model on a Windows desktop PC and the USB-C model on a MacBook Pro, helped by Alex Wilson, Yubico’s director of solutions engineering for Australia Pacific and Japan. However, you can also simply head to yubico.com/start for all the information you need.
While you can begin working with the YubiKey immediately, Yubico also has a handy Authenticator app for Windows, macOS, Linux, and also Android and iOS, which allows you to check and upgrade firmware, as well as inspect the fingerprints and credentials stored on the key. iTWire used the app to register multiple fingerprints on each YubiKey - because sometimes the key might be plugged into this side of us or the other, or it may be more convenient to use a different hand at different times.
This said, you don't need to use the Authenticator app for regular usage. Chrome allows you to manage your security key right from inside its settings - chrome://settings/securityKeys - and you can also use Microsoft Window’s sign-in options settings to do likewise. In fact, the more you use your YubiKey the more you will find support for them baked-in already to the operating systems and applications you are already using, because Yubico uses standard protocols developed and agreed to by manufacturer alliances.
As an example, iTWire registered the Bio keys with Office 365 allowing easy sign-in using nothing but a fingerprint. Yet, my account is still safe and secure. Others don’t have my fingerprint - or my key, on which the fingerprint is stored.
The one little catch iTWire found with Office 365 is security keys may not be enabled by default in your tenancy; this was easily fixed - we logged into portal.azure.com, browsed to Azure AD / Security / Authentication methods, then clicked to enable FIDO2 security keys. After that it was effortless to add the security key as an option for Office 365 from the Account / Security menus.
Once we'd enabled security keys as an option inside Azure AD, and registered the security key as a login option within our Office 365 account, all we had to do on every subsequent visit to Office 365 was to select the security key option, touch the key, and that was it. No text messages, no typing, no fuss.
Similarly, we could add the security key to Gmail via its Manage Account / Security menu path.
Additionally, Facebook, Dropbox, Twitter, even AWS and more ... iTWire happily went along exploring each and every app we use to look for the ‘security key’ option in its settings. If it was there, then it worked with the YubiKey Bio and once we’d paired the app with our keys, all subsequent visits required simply a fingerprint press.
Now, you might recognise your account still has a password, and indeed it does - but we all know many people reuse passwords because they’re complicated and we have so many apps. The YubiKey Bio can be your gateway to setting up the more complex unique password-per-site policy that you really know you ought to have. You can set the most complicated passwords you like for any site - it doesn’t even matter if you don’t remember them. The important thing is you register the site with your YubiKey and from then on, you log in with simply a fingerprint press with the confidence your password won’t end up in a data breach, or if it does, no other account is similarly compromised.
Really, if you're not already using a passwordless device then you owe it to yourself, to your bank account, to your private email, to your staff, to your employer, to make 2022 the year you take security up a notch - and there’s no better way to start than with the YubiKey Bio. There’s nothing simpler to remember than plugging in a USB key and pressing your fingerprint.
The keys are built with Yubico's hallmark hardware security that millions of consumers and enterprises around the world are relying on each day, with a frictionless login experience. With the YubiKey Bio, your biometric fingerprint is all that’s needed for secure, convenient authentication.