Passbase vs. WatchGuard AuthPoint vs. Yubico YubiKeys

We use multiple authenticators at my company. We use WatchGuard AuthPoint just for our VPN for security purposes. The app works very well and over the past year we've only had a handful of issues with the authentication service, and these were resolved relatively quickly. We do have to remind people to enable push notifications from the app, or have the app open when they need to use it to authenticate, otherwise they won't get the push to approve. The biggest issue I've found is that people will forget to do this and then say that the VPN isn't working - the VPN is working, it's just that they didn't get/approve the push from AuthPoint in time.

Incentivized

I think, as I said, it's perfectly suited for second-factor authentication where all you have to do is a security team registers the key and you put it in your laptop and then you use it as a second factor. I think that's the best use case governing all access to making it a mandatory second factor so not relying on your cell phone or authenticator app, you just have this hardware thing which is much more secure and you can carry it with you as well when you are traveling.

Incentivized

• Works well with the free Authpoint client and the OpenVPN clinet.
• Token management is simple and hosted completely in the cloud to reduce overall complexity
• Setup was simple and and staighforward
• Suppports several authentication methods we have used both RADIUS and SAML effectively, but ADFS, IDP, RDWeb, and RESTful API, and other custom apps are supported.
• Geofencing for RDP has been very useful as it is independant of our firewall geofencing. This is quite useful for organizations like us who do not Geofence at at the firewall level so as to provide global access to resources on the DMZ.

Incentivized

• Remote access. I'm able to sign documents with the certificates that we have placed on our Yubico YubiKeys, so it's nice to be able to sign a document from anywhere, from any computer with my YubiKey instead of having to look for an adapter for my common access card.

Incentivized

• Email support is SLOW unless I want to allow a stranger to access my production firewall. That is never allowed here, so our hands are tied in terms of being able to get support in less than 48 hours.
• Again, support takes far too long because you refuse to employ any staff that works in US time zones during normal business hours.
• There has to be another option besides: 1) you take full control of my systems or 2) I wait on SLOW email support that isn't that great.

Incentivized

• It can be about access control because either right now it's just you have access or you don't have access. I think there can be a use case where you are allowed a particular set of servers and not a particular set of servers. I think maybe it's there or we don't use it, but I haven't seen that. I think I've used Yubico YubiKeys at two companies and I haven't seen that. Maybe that's something that can be added.

Incentivized

Today to ensure our ISO 27001 certification it is important that we maintain this solution. Today it is part of the way any employee within the organization works, we no longer have any other way of working and it is the simplest way to ensure that access to the workstation is done with MFA.

Incentivized

As for implementing YubiKey its simple so I don't see us using anything else as we have experienced no issues so fare. Adding these to our environment is still new for us currently but in the transition phase I only see us buying YubiKey. It is highly rated and well known and cost is reasonable so no need to find another solution.

Incentivized

After initial setup, it practically runs itself. Onboarding new users is fast and easy as it should be. The AuthPoint mobile app is small and simple to use. The only reason I do not give it a 10 is that I frequently get complaints from end users that the AuthPoint app is "constantly downloading". In fact, it's not downloading anything and that what the users are seeing in the app is a timer for the 6-digit code that changes every minute.

Incentivized

I give slightly better than average rating because of the complexity in using a Yubikey. It is not as easy as native push notifications for 2FA products, however, it provides much better strength. Rating this higher or lower would be a disservice to people reading this review. If you are in the market for a hardware 2FA tool, Yubikey will be a great asset in your toolbox.

Incentivized

Has rarely been unable to use; if that were the case, it was operator error

Incentivized

We have not experienced any issues with availability which is very important when you are dealing with a company that holds the keys to the gate. We have had more issues with availability from our SaaS providers before with authentication but that was on their end. YubiKey has worked every time for us over the course of the last 6 or so months we began testing phase.

Incentivized

No apparent problem besides a couple of times that systems weren't working

Incentivized

We have not seen any lag in loading pages and getting into systems or sites. In comparison to other 2FA and MFA options it is actually faster most of the time to authenticate due to not having to type in. We require users to have long passwords and when there is an option given for password less they jump on it with excitement. As we explore going password less on their PC's the YubiKey is going to make their lives a lot easier to access the resources they need.

Incentivized

WatchGuard support is always quick and reliable. They have urgency levels that you are able to select when creating your support ticket, and they respond in accordance to the severity that you have set. I have never had an issue with getting someone on the phone in the same business day, even for very low priority issues.

Incentivized

We have only interacted with support once but it was quick and easily answered. Mostly just questions regarding adding this to certain apps.

Incentivized

It was an Onsite demo at the ditributor with the benefits of Watchguard Authpoint. Was very nice to see the abilities of the product. This Demo was a few years back, since then Authpoint changed allot. It is very nice for partners that you can get this demo without any aditional cost.

Incentivized

We use the online training for all our employees. There are both sales and technical trainings available and there even is a technical certification. You can use this for the Watchguard Partner Program which can give you aditional benefits. Every now and then you have a webinar that discusses multiple Watchguard products.

Incentivized

the first time it takes more effort. It is helpful to already understand how each authentication type works. Then it's much easier to understand the MFA solution that you implement. It is useful to check the release notes from time to time and update the key parts of the Watchguard Authpoint. Authpoint Gateway, Logon App, RDWeb... Also, it's useful to set up notifications when something goes wrong or sometimes check the statistics of how many requests are being approved/denied, etc.

Incentivized

I figured it all out on my own with the excellent product documentation provided by Yubico. I even managed to produce a backup YubiKey in case I lost my frequently used one. This was crucial when I temporarily lost the original.

Incentivized

I would slot Authpoint (as a product) as better than ESET but not Duo. ESET has the same limitations as Watchguard in the OTP support. It also is an on-prem installed console rather than a cloud, which increases cost and maintenance requirements. The duo now supports standard OTP for admin accounts, so it can be managed by a team. Duo support however leaves a lot to be desired and gives Watchguard the edge

Incentivized

Yubico YubiKeys has been a leader in the security key market, and I think they have a new product we just read about two days back and they can store up to a hundred private keys now. So I think this is what it distinguishes them from the market, apart from this, whatever features we need personally and for our customers. So they provide all those features, but versus the other brands.

Incentivized

We are a medium-sized company. We don't need rapid scaling.

Incentivized

For us I feel like the ease of deployment has made this product very appealing, overall this will make the scalability very easy for us to push out once we roll out to our users and the management tools that we have looked at will make the admins like me happy as it is clear and easy to use. The rollout process looks to be very straight forward from the demos that we have looked at regarding the enterprise tools.

Incentivized

• We currently have 300 users on Authpoint, and most of them use insecure passwords. Authpoint gives us peace of mind that we don't have to police individual employee passwords.
• In line with the comment above, with so many people in our organization using insecure passwords, I'm sure that Authpoint has already saved us from many potential security breaches.
• Security breaches can cost a lot of money. Preventing them saves the company money and helps to achieve our bottom line.

Incentivized

• I think it's the flexibility in being able to let users pick the type of authentications that they want to use. Some are comfortable with the touch device on the physical Yubico YubiKeys. Others prefer the mobile app. So it provides flexibility for our users to choose how they want to authenticate without running a file of our security requirements.

Incentivized