In this series, Microsoft identity team members share their reasons for loving passwordless authentication (and why you should too!). In this post, Sue Bohn continues the series by sharing another benefit of passwordless.
I love passwordless because of how much customers benefit from the increased security and convenience that one passwordless option offers in particular—security keys. At Microsoft Ignite 2019, we showcased Azure Active Directory support for FIDO2 security keys. During an Ignite side chat with Joey Snow, I showed the audience my personalized security key with a bling decal, conveniently attached to my bracelet. It makes it so easy to quickly access it to sign into my personal or work accounts.
My security key provides not only strong authentication but also works with multiple online services in addition to Azure AD. With security keys, you simply insert the key into your Windows 10 machine (via USB, NFC, or Bluetooth), the key authenticates your identity, and you can start working right away. And it doesn’t require typing upper and lowercase letters, numbers, a special character, and your favorite emoji!! A security key is especially handy when devices are shared or when you cannot bring you phone into your place of work, such as a factory floor or retail store. Security keys are so portable you can even wear it!
In the past 18 months, thousands of organizations are trying the experience. Enterprise customers have been piloting passwordless authentication with their security departments and their executive teams to increase identity protection. For example, Keepmoat Homes wanted to modernize the authentication experience for their employees and make it portable, so they chose Windows Hello for Business and Yubikeys which they say provided “the most secure form of single sign on and multifactor authentication with a frictionless end user experience.” During the US election last year, we saw security key adoption by campaigns, thinktanks, and other government entities as part of Microsoft’s Account Guard program. Because security key uses FIDO2 standards, it mitigates phishing attacks and offers more security to use with digital services.
Top security keys
With a growing number of people interested in using security keys for authentication, our team recognizes the need to create a robust partner ecosystem. This gives our customers more choices in form factors including biometrics. You can check out the Microsoft Compatible Security Key partner list, a list of several devices from security key providers that have been tested with Azure Active Directory and Windows 10.
A broad ecosystem gives our customers choice in keys that deliver a higher fit to our customers’ needs. Today our customers tell us the key form factors they most often use are USB-based factor, NFC, and smartcards. Nearly 40% of the universally used security key models have a fingerprint reader. If you’re not sure which one to select, consider these top 7 security keys vendors, based on usage with Azure AD*:
Yubico’s Yubikey 5 NFC (Near Field Communication) (link)
Yubico’s Security Key (link)
If you are a Systems Integrator (SI) interested in building your passwordless practice, register for Yubico’s System Integrator Pilot Program.
Feitian BioPass K27 (link)
Feitian ePass FIDO2 NFC Authenticator (link)
Enterprise customers interested in piloting FIDO2 keys can register for Feitian’s Pilot Program.
Ensurity ThincC (link)
Thales IDCore FIDO2 Authenticator (link)
- TrustKey (Formerly eWBM)
TrustKey G310 (link)
AuthenTrend ATKey.Pro FIDO2 (link)
AuthenTrend ATKey.Card (link)
Small business customers interested in piloting AuthenTrend’s FIDO2 key and card can register here.
- HID Global
HID Cresendo C2300 (link)
Get in touch!
I hope you find this blog useful, and perhaps I inspired you to glam up your own security key! Please get in touch with me (@Sue_Bohn) and our Security Key partners if would like more information about the ease of use and portability of FIDO2 security keys and how they might work in your own organization.
*Based on Security Key usage with Azure Active Directory is as of Feb 2021. We highlight up to two keys per brand. Microsoft takes privacy seriously. We remove all personal data and organization-identifying data, such as company name, from the data before using it to produce reports. We never use customer content such as the content of an email, chat, document, or meeting to produce reports.
Check out the other posts in this series:
Learn more about Microsoft identity:
Thanks for that
The issue is integration with MacOS if we want to use the key as to log-in in the session
© Microsoft. This article was originally published by Microsoft Azure Active Directory Identity Blog. You can find the original article here.