Yubico YubiKeys is a secure easy to use solution that has made our company more secure
Overall Satisfaction with Yubico YubiKeys
We currently use Yubico YubiKeys for our higher at risk users that have access to sensitive company information. For us it is an easy secure way for them to be secured and not worry about unauthorized access to sensitive data we need protected. It also assures that we reduce the risk as much as possible for risk of credential theft.
-we are now exploring the ways that YubiKeys can also be used for personal security of items and the different ways to implement the service and hardware to get the most benefit for our company and people.
-we are now exploring the ways that YubiKeys can also be used for personal security of items and the different ways to implement the service and hardware to get the most benefit for our company and people.
Pros
- Fast easy authentication to hardware and software
- Easy for users to use
- Easy to keep up with
Cons
- We have had a couple of instances of issues with the key not working correctly intermittently
- Some issues with users breaking keys as some models are slightly flimsy
- Overall we are happy so I can’t think of anything else
- Easy to set up
- Overall great hardware
- Small form factor
- Many different options for hardware style
- Defiantly a reduction in password resets for some higher level users that we had issues with in the past
- Feeling secure in the knowledge that our data is secure with using Yubico YubiKeys
- Easy to integrate and use with our windows products
The impact is is very large for us with the use of Yubico YubiKeys and we feel safe and secure knowing the users have this secure device and having to have it on hand to gain access to resources. We sleep better at night knowing that phishing and ransomware risk is greatly reduced for our high risk users and the service has been reliable.
Our users love the Yubico YubiKeys specifically for how small and un-intrusive the device is to carry. They feel more secure with less risk of someone getting their credentials and causing harm to the company. Technical users and implementers feel confident in the security and have less to worry about with it lowering our surface area of risk.
We have thought about just trying another competitor for due diligence but have not explored that option yet. We went with Yubico YubiKey due to hearing about it at a conference and decided to start experimenting with the solution. We are pretty decided on what we are going with for a rollout but will explore another just to show that we had options. We will not put the effort into full experimentation of the product but more of just a side by side comparison on controls, ease of implementation and reviews.
Do you think Yubico YubiKeys delivers good value for the price?
Yes
Are you happy with Yubico YubiKeys's feature set?
Yes
Did Yubico YubiKeys live up to sales and marketing promises?
Yes
Did implementation of Yubico YubiKeys go as expected?
Yes
Would you buy Yubico YubiKeys again?
Yes
Using Yubico YubiKeys
10 - So we are just now rolling out YubiKeys in our organization. Currently just the high level personnel and high level access people with sensitive access to data. So our C levels and IT people have been rolled out first for testing and working out an issues along the way we may run into in the wild between the different applications we have before we offer this company wide.
6 - So there are 7 of us total, we have 4 desktop support and 3 Engineers that if needed for escalation past what desktop can do. As far as skills go, the main thing with support is just adjusting the user to how it works and setup for first time use. Rarely once configured is there anything that we have to do unless replacing a damaged/lost item.
- be as phish proof as possible with our applications
- remove credential theft as a worry in our system
- moving towards a password less organization
- I was told they feel cool and like a spy having to carry one of these
- using the multi device authentication for the new Iphones
- people have even used the same yubikey for their homes and devices
- looking at some of the blockchain ideas to secure wallets
- thinking about implementing the secure print for our HR and accounting depts.
- We are looking into the encryption and signing of emails for sensitive documents
- looking at the physical access options for entry to buildings and rooms
- I am exploring adding this as a key to get into our VPN for the company
- as we migrate to GitHub our software devs are exploring a requirement for the code repositories
Evaluating Yubico YubiKeys and Competitors
- Cloud Solutions
- Scalability
- Integration with Other Systems
- Ease of Use
The number one factor for us is going to be the Ease of Use. For us we need something that is not complicated to use or implement. There are so many other things that are complicated within our networks and having this as a set and forget type device for access control is very helpful to everyone.
No, Yubikey is well known and when it comes to dependability and good reputation is more important than anyone offering a better price. With a well known company there are more likely more integrations of use. In my experience companies tend to developed integrations/connections/compatibility first for well known and highly used companies that are stable.
Yubico YubiKeys Implementation
- Implemented in-house
Change management was minimal - Our team is maybe a little weird since we are so small there wasn't a lot of change management due to being able to learn and test this in our small inhouse group then releasing it to our test user group. Being as small as we are some of our change management is just saying hey I'm doing this thing. Works for us but maybe bigger teams not so much and would be more important to implement.
- learning to keep your personal token with you at all times
- Learning the steps to implement this with our different products, as the process isn't the same between products
- the need for 2 physical token, and different form factors finding the right one between the different interfaces
Yubico YubiKeys Training
- No Training
For many I would suggest training, since I am and IT professional I can figure things out very quickly and have an idea how it works. For our end users I would have to either train them from my documentation of instructions or find some type of online source for their training and questions they may have.
Configuring Yubico YubiKeys
We have not developed any yet but that will come as we plan the final phase for roll out to our users in mass. That has not become a subject yet as we are still in testing phase for the next few months. Once we are past that then we will get together as an implementation team and sort that out before we begin. We will rely on guidance from Yubico best practices to outline how best it will work for us.
No - we have not done any customization to the interface
No - we have not done any custom code
We have not done any different or additional configuration or customization at this point. We do have hopes for our software team to integrate this within our custom software that we have built to make things more secure on our in house products. Once they get to a point where they can start working on integrating Yubico into our systems that will be a whole other project.
Yubico YubiKeys Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
We are still experimenting at this point and dogfooding this within certain users until we decide to roll out in mass. When we do roll out we do like to have the comfort of a support team behind us for when we need it and to be able to access it immediately to quickly resolve any issues. So when we do go company wide support will be be important to us.
So what really got us started with exploring this was going to the RSA conference and talking with the reps there and what all the YubiKey can support and how they are adding more and more things that it can be used for we opened up exploring this option more and more. Last year we played with a few, but with how the landscape is looking with threats we are wanting to find the most secure way to access our resources and not have to worry about credential theft as much. I would say the Reps at RSA were very knowledgeable and gave us lots of detail and insight to want to explore more.
Using Yubico YubiKeys
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using | None |
- The 2FA is a breeze for us and very usefull
- Going password less for our systems was very fast and easy
- using the FIDO2 protocols on some of our systems was easy
- integrating into our LastPass environment was a breeze and gives us reassurance we are protecting a very critical resource.
- I would say compatibility issues in which waiting on certain platforms to integrate is a difficult sell to management who want a single uniform way to authenticate.
- Having to have multiple keys as a backup per person, Not sure of a good solution but having to keep up with 2 keys for the just in case loss or damage of a key is cumbersome.
- The different form factors of I haven't done any firmware updates as of yet as I am a little on the it's not broken so why fix it, and risk breaking it. Having usb-c to usb-a within different devices but again that is kind of a cumbersome on having to use adapters at times for users.
- I have not yet done firmware updates for my key or anyone else, I am an it's not broken so why fix it mentality with it due to if something were to go wrong I am not wanting to replace it. I have not personally gotten a second key yet but I should.
Yes - I have used this with my iPhone a few times with iPhone via USB-C and also the NFC on certain apps but I have only began to explore this option recently. I have it set for my LastPass on iphone, Google drive and account, and for my personal coinbase account.
Yubico YubiKeys Reliability
Integrating Yubico YubiKeys
- Custom software written in house
- we have a custom application that our software team has designed we are exploring authentication types to build and integrate with on our roadmap
We are exploring authentication types with our custom software that runs our company and this would definitely be a type of authentication I would prefer for high security. I have added this as a suggestion to the software team as we move into 2FA/MFA/Password less exploration for our application and integration.
- API (e.g. SOAP or REST)
I don't know that I have any advice besides deciding on what you need an integration for and how you would like the integration to work. Our software team is good at seeking consultation and support from companies they are writing to integrate with. The only advice would be to feel out how well they work with you for support and creating customizations. Their team so far had been excellent at answering questions and how best to frame the project.
Relationship with Yubico
Once we go into talks the main thing is going to be determining the supply of product and licenses we will need and negotiate based on an initial estimate. We generally will only start off with a year of support as we go into anything new as skeptics and after the year decide to go multiyear support once we have determined how and the best way for us to be supported.
In the past dealing with our vendors having a good relationship with the vendor and your sales rep is key. He is an advocate for us and that comes with years of working together. We are straight forward and will ask and tell what we need and the level of support we are expecting. It's always nice to have a vendor and same sales rep to go to but when eventually you get assigned to another person we try to establish the same relationship and trust by being upfront of what we expect and what works for our company.
Upgrading Yubico YubiKeys
- the feeling of security on sensitive products
- not having to remember all different passwords
- the hope of pushing the company to a zero trust environment
- I would like to see a physical key with storage built in and integrated with they key somehow. I have to carry a key plus my flashdrive of tools on my keychain and makes it kinda bulky.
Yes - Once we get through our period of exploration and take this to our directors to approve a company wide roll out we will be exploring which plan would benefit us whether it be Professional or Enterprise version. But once we have the green light we will roll out a full version of sorts and have a support team to back us up for any issues along the way.
Comments
Please log in to join the conversation