© 2021 Yubico authentication at scale authentication Enable strongpasswordless Passwordless advocate Passwordless CISSP Saminathen, Ashvin © 2020 Yubico © 2020 © 2021 Yubico The P@5$W0r4 paradox The P@5$W0r4 ● ● This makes passwords insecure (and costly): (and insecure passwords makes This be: to have passwords that dictates practice Best ○ ○ ○ ○ ○ ○ ○ Passwords are highly susceptible are highlyPasswords susceptible to phishing attacks is Resetting passwords one ofthebiggest in costs IT support are relatively Passwords easyto crack (people down)them often write are difficult to rememberPasswords Unique and notre- Changed regularly Complex used across services across used 2 © 2021 Yubico Not Not all authentication createdis equal ● ● ● ● phishing credential for target Common and hard sustain to Costly Knowngaps usability Deployed everywhere Username and password penetration attack attack 80% rate ● ● ● Basic 2FA:SMS, phishing credential for target Common attacks and software network to that vulnerable are stacks technology existing Uses - purpose Not email, mobileemail, built for security for built 10% penetration attack attack rate - 50% ● ● ● Highly phishing resistant phishing Highly required software client or data, stored connection, network No - Purpose authentication Strong Strong built for security for built penetration attack attack 0% rate © 2021 Yubico How OTP/mobile push is phished push is OTP/mobile How Victim Fake login Fake Attacker Credentials OTP/Mobile Push OTP/Mobile page …seconds later …seconds Authentication Fake successful login Web services Successful login login Successful by attacker 4 © 2021 Yubico We need something better!!! something We need The needforstrong passwordless authentication © 2020 Yubico © 2020 © 2021 Yubico Something youSomething require the user to provide a password at login. form of authentication authenticationany Passwordless is that doesn’t passwordless? is What ● PIN know Something youSomething ● ● Security key card Smart have Something youSomething ● ● ● ● Iris Voice Face Fingerprint are 6 © 2021 Yubico strong passwordless multi passwordless strong public utilizing standards Open What is FIDO2 passwordlessWhat is FIDO2 authentication? —without compromise. andscale usability, security, improve to Yubico sought and Microsoft Authenticator Authenticator Protocol FIDO FIDO Client to CTAP - factor authentication. factor - key cryptography with phishing protections to enable enable to protections phishing with key cryptography Client/Platform Application Platform Browser W3C Web AuthenticationAPI WebAuthn server FIDO2 7 © 2021 Yubico How do I use passwordless passwordless use I do How YubiKeys with Microsoft Azure Active Directory Active Azure Microsoft with YubiKeys authentication? © 2020 Yubico © 2020 © 2021© Yubico 2020 Yubico What is needed makeWhat is needed to passwordless work? security keys (YubiKeys) keys security Microsoft Azure AD Azure Microsoft Compatible FIDO2 FIDO2 Compatible (any edition) Edge, Chrome, Safari, etc.) Safari, Chrome, Edge, (latest version of Microsoft Microsoft of version (latest Compatible webCompatible browser Computer login requires requires login Computer Microsoft Windows 10 Windows Microsoft (1903) or higher or (1903) 9 © 20212016 Yubico © 20212016 Yubico © 20212016 Yubico © 2021© Yubico 2020 Yubico Where does passwordless fit enterprise? the fit in passwordless does Where Secure privileged privileged Secure account users (to (to users account prevent account account prevent Privileged Privileged accounts breaches) mobile restricted restricted mobile enable efficient enable efficient Secure call Secure centers for for centers users restricted Mobile Mobile log - in) ( and workstation users users workstation Protect shared shared Protect efficient log efficient workstation mobile phone mobile compared to to compared (and enable (and Shared Shared - in, in, workforce (and (and workforce Enable remote Enable remote enable secure enable secure access from access from workforce Remote Remote home) Improve UX and UX Improve office workers workers office security for for security Office 365 Office workers Office Office - Protect corporate corporate Protect system access by 3rd parties parties 3rd by compliance) (protect IP, IP, (protect 3 rd user party Safeguard your Safeguard customers’ end customers’ ( customers secure their their secure accounts) customer customer End 13 © 20212016 Yubico ● ● support: environment andcloud on-prem traditional both provides The YubiKey YubiKey: The bridge to passwordless Multiple protocol support with the YubiKey the Multiple with support protocol Microsoft Azure AD AD Azure using FIDO2Microsoft PIV using Directory Active Microsoft © 2021 Yubico Microsoft Topology Overview Topology Microsoft More info can be found More befound can at info https://yubi.co/msftyk © 2021 Yubico YubiEnterprise Services YubiEnterprise Customer Demand Customer Strong authentication Strong authentication YubiEnterprise YubiEnterprise Subscription at scaleat YubiEnterprise YubiEnterprise Delivery © 20212019 Yubico © 2019 Yubico What next? Showcase during Featured Partner Partner Featured Visit the Yubico Yubico the Visit Microsoft Ignite Microsoft Learn more Learn Visit www.yubico.com/passwordless Developer Program resources for rapid rapid for resources Access developer developer Access integration for more information. for to to learn how you can TryMicrosoft + Contact Yubico Yubico Contact get started get YubiKey © 20212020 Yubico CONFIDENTIAL CONFIDENTIAL - YUBICO ONLY INTERNAL 18