The UF2 protocol is designed to replace weak and static passwords with strong hardware-backed public/ private key credentials. UF2 originates from the collaboration between Yubico and Google. Yubikey FIDO2 keys (figure 1) are hardware-based security keys that use the U2F open authentication standard which is backed by the FIDO Alliance. In the case of a Yubikey, it could be a PIN or fingerprint and in the in the case of the Microsoft Authenticator app, a PIN, fingerprint or face recognition. In addition to passwordless authentication, it is strongly recommended that also a second authentication factor is configured. Passwordless authentication via the Microsoft Authenticator app or Yubikey is not a substitute of Multifactor Authentication (MFA). The use of Yubikey FIDO2 is also considered strong because it requires a physical touch. Moreover, people often face difficulties in remembering passwords, which results in the use of weak and easy-to-retrieve passwords. The use of passwords is outdated, since even the most complex passwords are vulnerable to phishing. Using this security key, it is not necessary to remember and use (unnecessarily complex) passwords. In this blog post I will describe the functionality and configuration of the Yubikey FIDO2 in combination with Microsoft Azure AD. Using paswordless sign-in it is possible to authenticate with a fingerprint, face recognition or a Universal 2 Factor (U2F) open authentication standard such as the Yubikey FIDO2 (Fast IDentity Online) key, rather than with a username and password. As indicated in my previous blog post about passwordless sign-in via the Microsoft Authenticator, passwordless sign-in is becoming more and more popular.
0 kommentar(er)
