Interview: Yubico’s Chief Solutions Officer explains why Yubikey security keys are valuable for business
7 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
There is no doubt that YubiKey is a great tool for consumers. As we explained, it can help you stay secure and add another layer of two-factor authentication to your personal accounts like Twitter, Instagram, a Microsoft Account, and so much more.
However, YubiKey is also in use across the world by enterprises and small businesses alike. Microsoft and YubiKey also have a shared goal, too of securing logins and helping keep accounts safe. OnMSFT had a chance to sit down with Jerrod Chong, Yubico’s Chief Solutions Officer, to talk about what YubiKeys can do for business.
How can YubiKey help small businesses and enterprises?
To begin our conversation, Jerrod Chong and I chatted about YubiKey for small businesses and also enterprises. Chong and I talked about how security is often a challenge for smaller groups as solutions like Windows Hello webcams or fingerprint readers can be expensive, and don’t always work across platforms. We also got into how YubiKey is compatible with all open security standards such as FIDO U2F, FIDO2, WebAuthn, and Smart Card/PIV.
There are also the challenges of using different services, too, like AWS, GSuite, Microsoft 365, and more. He tells me this is something Yubico has in mind when it thinks of helping small businesses and enterprises, especially in their security transition.
For these smaller groups, YubiKey can an inexpensive solution. It is cross-platform to allow for secure logins on various services which we mentioned above. It also is easy to deploy and manage, with a simple 5 step configuration, distribution, enrolling, backup, and revoke process.
“Buying YubiKey is far more valuable from an authentication perspective. It’s very common to see an iPhone user using Windows or a Mac user with an Android. Interoperability is special for YubiKey as it allows the users to traverse various technologies,” said Jerrod Chong.
For larger groups, Yubico also has its own YubiEnterprise Subscription, which helps solve this. Jerrod Chong mentioned that YubiKey’s products are used and trusted by 9 of the top 10 internet companies and 2 of the top 3 financial, retail, healthcare, and research institutions globally.
With YubiEnterprise Services, enterprises can easily procure and distribute YubiKey authentication solutions for employees at scale. This is for enterprises with more than 750 users. The service lets these groups purchase YubiKeys on a per-user basis. They also can upgrade easily to the latest YubiKeys as they become available, and access Yubico experts with always-on technical support. More information on that is available here.
Can you tell me about Yubico’s partnership with Microsoft?
If you didn’t already know, Yubico and Microsoft have a deep relationship. YubiKey has been rated as the #1 security key for Azure AD Authentication, and Microsoft’s own IT team switched to passwordless authentication, too. In fact, over 90 percent of Microsoft’s employees sign in without entering a password. YubiKey support is built into Windows 10, Microsoft Edge, and Microsoft Accounts with Microsoft Account Guard. Yubico also recently partnered with Microsoft to help make elections secure, as well.
Point is, in addition to their original partnership with Google on the FIDO Universal 2nd Factor (U2F) standard, Jerrod Chong tells me that Yubico works with major tech giants, to ensure secure logins are safe, easy, and available for everyone. Microsoft has also been key in Yubico’s journey and with rolling out open security standards such as FIDO2 and WebAuthn.
“Early in our mission, we had to identify the biggest tech giants in the world that we could work with. We need the platform, and we needed the browser and the operating system. Part of our mission is to help everyone. Microsoft Account Guard is part of that” said Chong.
Which YubiKey is right for small businesses, and which is right for consumers?
As we covered in our initial review, YubiKey has quite a diverse product lineup. The YubiKey 5 Series is the most popular, but there is also the FIPS series, YubiHSM, and the Security Key series, too. I was curious which key is right for who. Jerrod Chong was happy to answer and tell me it’s all about giving users choice, regardless of platform. He pointed to how YubiKeys are built on an open standard that works across major platforms, so choosing a key isn’t too hard for potential buyers.
“YubiKey takes the approach that you can take control of the things you want to have. Maybe you want to change from Google to Apple? It’s a way to control that, and it’s a way to encompass the security, usability in something tangible,” said Jerrod Chong.
I actually experienced this when I tried the YubiKey 5Ci, which works across both iOS and Android thanks to the lighting port, and USB-C port. Jerrod Chong and Yubico PR pointed me to YubiKey’s comparison tool a method for choosing the right key. Simply scroll down in the chart, and you’ll be able to find the right key for your own business, enterprise, or personal needs. You also can take this survey to find which YubiKey is right for your needs.
What are your thoughts on recent high-profile hacks, and how can YubiKey help prevent these?
With things like the SolarWinds attacks, as well as common phishing schemes making headlines, I was curious to see where YubiKey could have stepped in to help and help avoid scenarios like this. Chong was happy to discuss these issues with me. In most cases, he told me these types of hacks were mainly about the escalation of privileges. Creating a barrier and slowing down potential hackers with YubiKey and multi-factor authentication are things that could have helped out.
“There’s one common theme, and it’s an escalation of privileges. No matter how you got in, in most cases, it’s a phishing attempt, but if you don’t have phishing resistance and multi authentication, you’re giving attackers a free-range environment.”
Chong also told me that it’s about monitoring, too, and seeing the number of authentication requests. “We strongly believe that if people create this barrier, you’ll make hackers rethink their strategy and cost vs rewards,” he said.
Other thoughts and what’s ahead for YubiKey
Our interview ended with a question that I was really eager to ask. I was curious, how does Yubico take customer feedback into consideration, and what’s ahead for Yubico? On this, Jerrod tells me that Yubico gets feedback and requests from direct users, enterprises, as well as Microsoft and Google’s product team. The company is always listening and is eager to add support for more services. Sometimes, they even read Amazon reviews and take those into consideration, too.
“The top thing people are asking us is two-fold. What new services are being added, but they tend to ask us when our bank is doing it? We’re working on this and it is happening. People always want new form factors and capabilities. We need to keep our eyes open for new things and what devices and communications people are using,” said Chong.
To close, Chong was excited to talk about biometrics. This is something that’s been a topic of discussion during the global pandemic. “We are exploring […] and we are going to release a biometric device later this year,” Chong said.
You can learn more about YubiKey’s journey, and buy a Yubikley for yourself here. We thank Yubico and Jerrod Chong for their time!
