Yubico YubiKeys Review
February 16, 2024
Yubico YubiKeys Review
Score 5 out of 10
Vetted Review
Verified User
Modules Used
- YubiKey 5 Series
- YubiKey 5 FIPS Series
- YubiKey 5 CSPN Series
Overall Satisfaction with Yubico YubiKeys
Our organization prioritizes security at all levels, especially for accounts with sensitive access. We've strategically integrated YubiKeys into our authentication processes to protect both IT operations and high-profile individuals like our CEO, CFO, and sales team. These hardware tokens address multiple critical business security needs: Phishing Defense: Passwords are inherently vulnerable to phishing attacks. YubiKeys provide a phishing-resistant layer of security, guarding against unauthorized access even if credentials are compromised. Mitigating Account Takeovers: YubiKeys significantly decrease the risk of account takeovers. This is a major benefit for privileged users and employees handling sensitive data. Streamlined Admin Access: Our IT administrators use YubiKeys for simplified, secure logins to privileged Microsoft accounts and critical firewalls. Scope of Use: We've implemented YubiKeys across our IT administrator team and for high-profile end users with elevated access requirements. This provides robust protection for essential infrastructure and sensitive company data. We aim to expand YubiKey adoption throughout the organization in the future for maximum security coverage.
- Ensure we extend the security to cover physical (what you have).
- Ties into many third party OATH solutions out of the box.
- Provides robust defense against man in the middle attacks by ensuring our encryption layers are secure.
- Key recovery with the onboard chip requires a third party toolkit.
- Physical security
- Additional overhead requiring access the the physical token has been a bit difficult selling point.
The impact of Yubico YubiKeys for our organization's security level and risk exposure has been significant. We have seen a dramatic decrease in successful phishing attacks, particularly those targeting privileged accounts. This has helped mitigate the risk of ransomware and account take overs. YubiKeys have also helped us to secure our devices and corporate systems by providing an additional layer of authentication that's nearly impossible to compromise remotely. Overall, YubiKeys have been a valuable investment in our security posture, reducing our risk exposure and protecting our most sensitive resources.
The CFO loves our security improvements as they've helped to reduce the cost of our cybersecurity insurance. The CFO also hates the security improvements because they add an additional layer of overhead and end users don't like the need to log in so frequently.
Unliking rotating cyperkeys (RSA tokens), YubiKeys doesn't rely on additional hardware other than the key itself. They are less expensive and much easier to manage within the organization. Granted, they won't provide the same verification as an RSA token, but they do add the physical layer security for a much reduced cost and management process.
Do you think Yubico YubiKeys delivers good value for the price?
Yes
Are you happy with Yubico YubiKeys's feature set?
Yes
Did Yubico YubiKeys live up to sales and marketing promises?
Yes
Did implementation of Yubico YubiKeys go as expected?
Yes
Would you buy Yubico YubiKeys again?
Yes