Yubico YubiKeys

YubiKeys are incredibly effective for protecting against phishing attacks, as they require physical interaction and can't be remotely compromised. They're ideal for safeguarding high-value targets (executives, IT admins, those handling sensitive data), enhancing remote access security, and often help meet industry compliance regulations. However, the initial hardware cost may be a concern for large-scale deployments with many low-risk users. Users prone to losing small items or scenarios involving older, incompatible systems might pose logistical challenges. Nonetheless, YubiKeys remain robust when addressing phishing-based attacks and securing privileged accounts. Consider a targeted rollout balancing security gain against potential hardware costs and user needs.

For securing your most sensitive accounts, systems, and data that require strong access controls, YubiKeys offer excellent protection by strengthening your organization's authentication strategy. Rather than relying solely on passwords or mobile-based two-factor methods for your highest-risk user logins, YubiKeys provide rock-solid multi-factor authentication tied to a tamper-resistant physical device. This eliminates many of the vulnerabilities associated with passwords and mobile authenticators alone. By requiring both a password and the possession of a YubiKey for access, you can drastically reduce the risks of unauthorized logins, even in the event of password leaks. YubiKeys also provide phishing protection by cryptographically verifying legitimate sites, preventing spoofing attacks.For infrastructure like production servers, databases, and network equipment where compromised access would be catastrophic, YubiKey-secured logins should be mandatory for administrators and engineers. Similarly for business-critical software as a service accounts and registrar/DNS logins where hijacking could shut down the business.

Yubico YubiKeys' bios, its physical presence, and the UV feature are really great for things like full disk encryption(LUKS2) or SSH keys(ed25519-sk). Yubico YubiKeys' bios are also very nice as backup devices since I can have the backup sitting on my desk and not have to worry about other people being able to use it.

They are a great backup MFA device because it isn't safe to only have one MFA token. They are also good for anyone who doesn't want to use a smartphone as their MFA device. They have a FIPS-validated solution for anyone who works in government or government contracting.

Yubico YubiKeys should be used across all business and personal applications. Yubico YubiKeys are a great way to keep access to enabled systems secure. Any online access that allows for Yubico YubiKeys should be enabled to be used with it so that in case of lost access or breach, physical YubiKey is the best way to recover.

Yubico YubiKeys are great for hybrid applications that support both modern and legacy authentication methods. For example, for web-based applications that are federated behind an IdP, the Yubico YubiKey WebAuthn (FIDO2) mechanism is the gold standard of phishing-resistant MFA. The same Yubico YubiKey (if a supported model) can also be used as an OTP hardware token so that the user does not have to use 2 different roaming authenticators for logging into all their applications. One YubiKey to rule them all!

Yubico YubiKeys shines when used as part of a larger MFA solution. It provides a very flexible component, however, it remains dependent on the infrastructure and environment in which it is deployed.

Yubico YubiKeys work great as smart card replacements. We utilize them in conjunction with DUO for MFA at the desktop level, and we can configure the YubiKey as a secure key for Duo, as well as configure DUO to allow logon using smart cards to bypass the DUO requirement, which simplifies Windows logon using a PIN plus the YubiKey.

I love using Yubico YubiKeys everywhere it is supported. I believe it provides the best security and ease of use.

Unlike SMS or Authenticator based MFA, Yubico YubiKeys provide phishing resistance to protect against MITA. It also provides easy passwordless login which eases the user flow and decreases the need for password resets

Yubico YubiKeys are durable, lightweight, easy to use, support several authentication protocols, and have an enterprise management option.

It's great for accessing your account while traveling our using a remote computer. It's less appropriate to use on a daily basis from your main desktop or laptop.

Works very well for MFA, both at the server and VPN. FIDO/FIDO2 also works very well.

Yubico YubiKeys are well suited for 2-factor and OTP authentication. They are not well suited for non-security applications.

any corporate associate activities that must be done with secure passwords and easy to use applications. Eliminates necessity to MEMORIZE and then make MISTAKES that slow down customer service.

The ability to have a high security posture and guard for protection of data and access

Data control, and for our environment, the keys help up to ensure privacy protection. HIPPA compliance is a critical need. Limiting electronic prescription writing on certain enabled laptops also fulfills a requirement. Having the Yubico key portable allows movement through the office, and not limited to a specific work station. It helps with workload efficiency.

It works well for personal home use and in my business use as well. The security of it is the key to my usage. Sometimes access is difficult, which is really not the fault of the YubiKey. Occasionally, it will need to go upside down, which creates problems.

As long as users physically carry the Yubikey with them they can securely authenticate with our SSO architecture. The only problem with the Yubikey is limited support for mobile devices at this time. So much more secure with various threat actors targeting It infrastructure these days...

Yubico YubiKeys is excellent everywhere and always, especially as a backup to TOTP authentication. In some cases, perhaps you can't use a USB A, C or NFC, so you'll have TOTP. In other cases, you might not have your TOTP device, but you can use the USB or NFC options. Different methods of security are always nice.

The Yubikeys work well for us in both a Windows and Mac environment. Stores plenty of types of keys to cover both your AD logins and a good number of websites or custom applications for 2FA. Easy configuration with their platinum partner Userlock that also gives a huge amount of insight into user login/logoff patterns along with PC control.

If you are needing phish resistant MFA (which YOU do!), Yubico is one of the leading brands out there -- so highly recommend them. They are very sturdy/resilient, so should last very long.

They can be not so easy to use when you are trying to authenticate from a mobile device, so areas for improvement there.

SSO applications
Privilege access management

Personal life protecting your most sensitive accounts. Professional life, protecting all of your accounts. IAM deployments, either through the use of a local SSO, Federated IdP, or right on the appsec stack, have demonstrated extreme value. Yubikey works well at the front door and continuous authentication deployments.

Most organizations should adopt Yubikeys to help them protect their identity

We have two distinct user bases; 'typical knowledge workers' and 'users without assigned endpoints, emails, etc., who work in a secured room.' As such, Yubikeys is an easy solution for Strong MFA.