Organizations on the passwordless journey are challenged to deliver to their users a true passwordless experience with a high level of security without compromising productivity.

To discover how biometric authentication supports secure and seamless passwordless logins, CybersecAsia recently had the opportunity to review the Yubikey Bio developed by Yubico.

Designed to offer strong biometric authentication options via a fingerprint reader, the YubiKey Bio Series is available with the latest FIDO protocols and comes in convenient USB-A and USB-C form factors.

The YubiKey Bio, built primarily for desktops, also offers strong multi-factor authentication (MFA), where a user can use a password and add another layer of security using the authenticator and biometrics to verify the user – with support for both biometric- and PIN-based logins.

In keeping with Yubico’s design philosophy, the IP68-rated crush-resistant YubiKey Bio does not require any batteries or software drivers. The key seamlessly integrates with the native biometric enrolment and management features supported in Windows 10 and Azure Active Directory, making it quick and convenient for users to adopt a phishing-resistant passwordless login flow.

We find that it meets stringent hardware security requirements, with fingerprint templates stored in the secure element on the key – a separate built-in secure chip – and that it also works out-of-the-box with macOS, Chrome OS, Linux, Chrome, and Microsoft Edge.

With regards to U2F protocols, the Yubikey Bio supports FIDO2/WebAuthn.

It would be useful to note that Yubico is the principal inventor of the WebAuthn/FIDO2 and U2F authentication standards adopted by the FIDO alliance, and is the first company to produce the U2F security key and a multiprotocol FIDO2 authenticator.

The verdict

Organizations in Asia Pacific are increasingly putting security requirements in place for biometric-based authentication for their users. Those on the passwordless journey are challenged to deliver to their users a true passwordless experience with a high level of security that cannot be easily breached, yet without compromising on efficiencies and productivity.

A secure passwordless login experience, backed by biometrics, not only enhances the user experience with a simplified workflow, but also increases productivity in scenarios such as shared workstation environments where fast and secure task-switching between users delivers greater productivity and overall efficiency.

In this regard, the Yubikey Bio delivers the goods.

With no connection to the internet provided, information in the key cannot be copied or stolen. While centralized servers with stored credentials can be breached, the data in the Yubikey is encrypted with strong public key cryptography where only the public key is stored on the server, eliminating risks.

The icing on the top for enterprises in the region: the YubiKey dramatically reduces one of the top IT support costs – password resets.

In addition, Yubico provides good documentation for a tool that is already easy to deploy in the first place.

At a selling price of US$80-$85 each, the Yubikey Bio could be your best cybersecurity investment in 2022, for a combination of strong defense against today’s sophisticated phishing attacks and user convenience.