Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Deploy Yubikeys For Secure Wi-Fi in WPA2-Enterprise Network

Key Points
  • A PIV-enabled Yubikey performs RSA or ECC sign/decrypt using a private key stored on a smartcard with PKCS#11. You can integrate Yubikeys with a WPA2-Enterprise to use public-private key cryptography for an enterprise organization
  • Yubikeys provides an extra layer of security through MFA in an authentication lifecycle. You can populate Yubikeys with digital certificates for superior certificate-based authentication and prevent over-the-air attacks.
  • SecureW2 partners with Yubico for superior Yubikey management. This system attests multiple keys, integrates with your directory, and authenticates desktop, VPN, and Wi-Fi logins in a WPA2-Enterprise network.

Security keys are useful tools for hardening your devices with an additional factor of authentication. Did you know that same protection can be extended to your network?

SecureW2, a Yubico Partner, has developed an industry-first software solution that allows you to reconfigure your Yubikey to authenticate with certificates instead of credentials.

While Yubikeys are already a powerful multi-factor authentication device, making the switch to certificates increases their security exponentially. Certificates have a number of advantages over credentials, including:

  • Certificates are tied to the identity of a person or device, unlike credentials, meaning you know exactly who is using the network and for what. A person can’t ‘lend’ their coworker their certificate to login.
  • Certificates are the best protection against over-the-air-attacks like the man-in-the-middle attack.Certificates are virtually impenetrable, unlike passwords. Even if a bad actor managed to intercept your data during login they would still lack the vital private key, rendering the attack useless.
  • Certificates reduce burden on your IT department because they eliminate the need for password-reset policies, which inevitably cause massive confusion every 60 or 90 days. Certificate lifetimes are 20+ years.

In order to utilize certificates in your organization, you need a WPA2-Enterprise network that uses the EAP-TLS authentication protocol for 802.1x. If you aren’t already using EAP-TLS , SecureW2 can integrate into your existing infrastructure and fill in the gaps to create a fully-featured EAP-TLS-based network with no forklift upgrades.

Advantages of Security Key Wi-Fi Logon

Using a security key to access Wi-Fi has benefits both to the individual and the organization as a whole.

Security keys are simply convenient. It totally removes the need to remember credentials (and to rememorize passwords every couple months). You can keep one at your desk or on your key ring and access the Internet with the same ease you normally do.

If you happen to lose your key or forget it at home, you’re not necessarily locked out of the network. You can use backup authentication methods such as credentials or one-time keys sent to a phone.

Not to mention the incredible security provided by physical security tokens. Methods of authentication fall into one of a few categories:

  • Something you know
  • Something you are
  • Something you have

Most security measures depend on the first of those methods (a password is ‘something you know’). Biometric security, while not ubiquitous, is a fairly common ‘something you are’ route.

Rarely does cybersecurity venture into ‘something you have’ territory. That’s exactly what security keys are – and it makes the system they protect practically immune to most standard attacks. The asymmetric cryptographic foundation is virtually uncrackable and hackers aren’t known for physically stealing objects off of your person.

There are few cybersecurity measures as cost-effective and easy to implement as security keys.

How to Login to Wi-Fi with a Yubikey

The only way to use a Yubikey to access WiFi is with SecureW2’s unique security key-certificate solution. Here’s our guide on configuring Yubikeys for certificates.

Once your Yubikeys have been enrolled for and issued certificates, you can use them to access WiFi. Here’s an overview of the process:

Install the SecureW2 Yubikey Configuration Client

With your Yubikey inserted into the computer, run the Yubikey Configuration. The link can be found in your SecureW2 Management Portal. Below is a GIF summary of the process – it only takes a couple minutes!

yubikey wifi

Follow the instructions to complete setup.

Accessing WiFi with a Yubikey

After setup is complete, open your Network and Internet Settings menu and locate the SSID that you previously configured to authenticate with certificates. Select it and click Connect.

A dialogue box similar to the following should pop up:

yubikey wifi

Enter the PIN attached to the connected Yubikey for Wi-Fi access.

From now on, access to the secure Wi-Fi network will be restricted unless the user has a properly configured security key.

Learn about this author

Patrick Grubbs

Patrick is an experienced SEO specialist at SecureW2 who also enjoys running, hiking, and reading. With a degree in Biology from College of William & Mary, he got his start in digital content by writing about his ever-expanding collection of succulents and cacti.

Deploy Yubikeys For Secure Wi-Fi in WPA2-Enterprise Network