YubiKeys are an easy way to significantly improve authentication security and, with digital certificates, can even provide a high degree of identity assurance.
However, the native Yubikey configuration and personalization tools aren’t quite sufficient to support the mass deployment of security keys to a large organization. To get the most out of a YubiKey, it requires additional programming via command line – which quickly becomes untenable if you need to program more than a couple dozen keys.
As an official YubiKey Partner, SecureW2 has developed a YubiKey-compatible SCMS with a multitude of features that improve the authentication security a YubiKey provides and facilitates rapid deployment at any scale via automatic Yubikey configuration software.
Expanded YubiKey MFA Options
With the increasing emphasis on multi-factor authentication security, hardware security keys like the YubiKey are seeing widespread adoption. A single YubiKey can satisfy multiple factors of authentication itself since it supports several authentication methods natively:
- One time passwords
- Biometric authentication
- Physical touch authentication
- PIN authentication
- NFC authentication
The native features are impressive, but one simple addition transforms the YubiKey from a functional MFA device into a security Swiss Army Knife – X.509 digital certificates.
By configuring a YubiKey with a digital certificate issued by your PKI, you can use the Yubikey to authenticate to any number of applications or services. Instead of the limited catalog of Yubico-supported services, you can use the certificate stored on the device to tie the device to the identity of a user in your IdP and enable authentication to anything you can authenticate certificates against.
Our customers frequently use this feature to use YubiKeys for Wi-Fi, VPN, and desktop login, but it also has applications for integrating YubiKeys into internal tools and processes.
Program YubiKeys in Bulk for Enterprise Deployment
The typical workflow for bulk programming YubiKeys is, well, not much of a “flow” to be honest.
Yubico’s Personalization Tool is the only native method for configuring multiple keys at a time, but it doesn’t support many of the new models of YubiKey and is being deprecated anyway. That creates a big problem for the many organizations that want to deploy keys simultaneously or foresee the need to reset/reconfigure YubiKeys with any frequency.
To be fair, Yubico will pre-program keys for you (if you meet the minimum order quantity of 500), but this is only helpful if a) don’t already have YubiKeys and b) don’t expect to need to reconfigure or reset your keys. After all, when a YubiKey’s PIN and PUK have to be reset, the whole device factory resets for security reasons.
As anyone who has managed a PKI knows, certificate revocation and reissuance is a constant process. Pre-programming YubiKeys is only helpful once, then every subsequent configuration will require manual command line programming for each key. This may be fine for some technical end users, such as developers, but this limits your YubiKey solutions to development applications.
YubiKey Smart Card Management Solution (SCMS)
Our YubiKey SCMS is the only automatic YubiKey programming software that scales to your needs. There’s no need to waste time programming each key individually, and certainly no need to compromise security for the sake of convenience.
Digital certificate-based authentication is the ultimate combination of security and ease-of-use. As a passwordless authentication, users don’t have to remember or enter any credentials for authentication. They also have a much longer lifetime than the typical 90-day password reset cycle, alleviating significant burden from IT.
Using digital certificates to authenticate with security keys is a breeze with our YubiKey SCMS. It can integrate into your existing PKI, or you can leverage SecureW2’s turnkey Managed PKI and certificate enrollment services to take advantage of our suite of automatic certificate lifecycle management tools. When you consider the vastly improved security of certificates and the virtually unlimited integration opportunities, using certificates on YubiKeys is a no-brainer.
We have affordable options for organizations of all sizes. Contact us here to learn more about how our YubiKey SCMS can handle all of your YubiKey programming and certificate management needs.