Yubico YubiKeys

We're using it for MFA in the business, using it primarily with a password manager, to generate passwords, long and encrypted passwords, and then also to help us protect us with email.

• That's a tough question because right now we haven't had any problems since using it. Again, using with our password managers has just been pretty clean. I haven't had anybody object to using it. They all think it's cool. It could be because they're a bunch of nerds yet.

Bitwarden, LastPass for Business

We use YubiKeys to secure our access to various cloud platforms with hardware backed passkeys. This creates trust with the customers we service, and ensures that we can recuperate credentials from members that leave our organization. The advantage is that we do not have to rely on additional software and that the YubiKeys are standards compliant. They are also extremely resilient. We used the first generation of keys originally, and almost all of them are still working fine. For us, the one-time cost of a YubiKey is an especially good investment vs the recurring cost of other tooling.

• WebAuthN support
• PKCS11 compliant

• Serious risk reduction
• Less support needed for customers that use YubiKeys
• Certainty that certain credentials can never be copied

1Password

Yubico YubiKeys are an essential part of our logins. When hired, every employee in my business unit receives a YubiKey 5c Nano along with their laptop. Since we are a hybrid workforce and many of us work from home, this allows us to log in with phishing-resistant MFA to all of our SaaS applications that are protected by Duo. Since WebAuthn is the standard from the start, this ensures that the highest level of protection is enforced from an authentication perspective. This has solved the issue of wondering whether or not users are logging in securely from disparate locations. It is also easy for users to authenticate with the tap of a finger to access critical applications - even in a Passwordless workflow!

• Multiple authentication methods supported (FIDO2 + AES/OTP)
• Ease of use
• Provisioning/user onboarding

• Reducing breaches (phishing-resistant MFA)
• Passwordless (quicker, easier, safer logins)
• End user self-enrollment (no administrative setup for WebAuthn)

Cisco Duo

Cisco Duo, Google Chrome, FreeRADIUS

Our organization prioritizes security at all levels, especially for accounts with sensitive access. We've strategically integrated YubiKeys into our authentication processes to protect both IT operations and high-profile individuals like our CEO, CFO, and sales team. These hardware tokens address multiple critical business security needs: Phishing Defense: Passwords are inherently vulnerable to phishing attacks. YubiKeys provide a phishing-resistant layer of security, guarding against unauthorized access even if credentials are compromised. Mitigating Account Takeovers: YubiKeys significantly decrease the risk of account takeovers. This is a major benefit for privileged users and employees handling sensitive data. Streamlined Admin Access: Our IT administrators use YubiKeys for simplified, secure logins to privileged Microsoft accounts and critical firewalls. Scope of Use: We've implemented YubiKeys across our IT administrator team and for high-profile end users with elevated access requirements. This provides robust protection for essential infrastructure and sensitive company data. We aim to expand YubiKey adoption throughout the organization in the future for maximum security coverage.

Several years later and these YubiKeys are still going strong. We've not encountered any issues, and they've been through the wringer (literally - several been through several washing machine cycles).

• Physical security

• Additional overhead requiring access the the physical token has been a bit difficult selling point.

Fortinet FortiGate, Mimecast Email Security Cloud Integrated, Microsoft 365

Yubico YubiKeys are used throughout our organization, and I use them in my personal life to solve the challenges of both very strong authentication (often privileged) and portable authentication (FIDO in my pocket). Through a combination of WebAuthn credentials and X509 credentials, Yubico YubiKeys are the backbone of our most secure authentication scenarios.

I began using Yubico YubiKeys with the first gen and Yubico OTPs, but the FIDO Alliance has driven Yubico YubiKeys to be a premier tool in a broader mixed-security strategy, where secure hardware keys are used for privileged or portable secure authentication, or in step up (PAM) scenarios.

• WebAuthn is today's primary use factor, and is supported by all the keys.
• X509/PIV is a second for environments that use PKI today (given proper minidriver rollouts)
• The durability and ease of use of the key are essential for folks who will be carrying it around

• WebAuthn is an automatic security win, adding hardware keys where your security model calls for it is a natural choice. The automatic support for this makes this easy to integrate into your existing strategy at a reasonable cost/key for the quality.
• For privileged scenarios, the risk reduction opportunity is significant. You can leverage hardware keys for privileged access that integrate well within existing identity platforms (like Microsoft) so roll-out is a simple matter of config.
• The 6 Ps apply here, deployments must be planned carefully to ensure the impacted users are ready. Else you will see key loss, helpdesk demand, etc. Plan the deployment well so that users know what they are doing on day 1.

Microsoft Entra ID, Google Identity Services, Microsoft 365