Contact Us

Passwordless Guides and Best Practices

Is phone authentication unphishable?

Is Phone Authentication Safe?

Smartphones have become an integral part of our daily lives – who doesn’t own a smartphone nowadays? Unfortunately, with this growing reliance on smartphones comes an important concern to consider: the safety of phone authentication. While phone authentication is widely perceived as a convenient and secure authentication method, phone authentication is not safe. In this blog, we will explore the dangers of relying solely on phone authentication.

How to Go Passwordless in Entra with Entra CBA. How to Setup Entra CBA.

How to Set Up Entra CBA

Entra CBA (Certificate-Based Authentication) is by far the best way to secure your organization via Entra MFA. In this article, we will show you how to set up Entra CBA passwordless authentication in 9 easy steps (that’s less than an hour’s worth of steps!).

Learn how to Secure Your Azure IoT Device

Azure IoT Device Security is at Risk – Secure Your IoT Device Today!

The fledgling state of the IoT industry often drives manufacturers to prioritize speed over security, hastening to introduce their products before ensuring robust protection. Consequently, they might resort to hardcoded credentials or delegate security responsibilities to hardware vendors. Such lapses present a goldmine for hackers. Click here to learn the best ways that you can improve your Azure IoT device security!

How to Remotely Onboard Users with Verifiable Credentials

Passwordless Onboarding with Azure Verifiable Credentials

Azure Verifiable Credentials are Microsoft's response to the question of how you can validate that your new employee is who they say they are when they are onboarding to your organization. They even want to go further and have organizations such as Universities add the person's degrees and other information into verifiable credentials, which would allow organizations to validate the education of the person. Check out this blog to learn all you need to know about Azure Verifiable Credentials and how to use them for remote passwordless onboarding.

Unphishable MFA keeps your organization secure

How Phishing-Resistant MFA Improves Your Organization’s Security Posture

Let’s cut right to the chase – if you want your organization’s cybersecurity posture to rival that of any organization in the world, phishing-resistant MFA is the way to go. Why? With unphishable MFA, there are no passwords for hackers to steal! No matter what steps you take to make a password "strong," there are always hackers who can take it from you. That's where phishing-resistant MFA (or, unphishable MFA) steps in.

Endpoint Management Best Practices; The Best AD Linux Alternative; AD Linux Alternative; How to Do Endpoint Management

Active Directory Linux Alternative: A Better Approach to Endpoint Management

For experts well versed in Microsoft Active Directory, the natural inclination is to domain join Linux Virtual Machines (VMs) with Active Directory. The appeal and logic here is in centralizing Linux endpoint management; however, aligning Linux with a system originally intended for Windows can bring about a "metric f*%$-ton" of unexpected challenges... such a having to run a bunch of highly-privileged agents to emulate Windows, or having to debug from a Linux machine. ...It’s a royal P.I.T.A. The following will give you the quick and dirty as to the best way to do this, which may be counterintuitive to your preconceived notions.

You need MFA if you want cyber insurance

Cyber Insurance – Why Implementing MFA is Crucial for Your Organization

With the rising costs associated with cybercrime, many insurance providers have stated that companies seeking cyber insurance need to take measures to reduce the risk of cyberattacks against them being successful. If organizations adhere to this ask and take precautionary cybersecurity measures, there is a reduced chance of a successful cyberattack and, as such, a reduction in the sum of payouts from the insurance providers. This seems like a win-win, but how can companies best take these precautions? By implementing MFA.

Rethinking Authentication - Focus on the WHOLE Process, Not Just the Method

Rethinking Authentication: Focus on the WHOLE Process, Not Just the Method

While we certainly do appreciate discussions around tech-driven security, we're convinced that the advancement in present-day authentication and the future of Zero Trust authentication isn't merely about the method, but it revolves around the system. Even top-notch security is ineffective if end-users find it cumbersome and IT struggles to implement it. Basically, what we're trying to say here is that, yes, the method in which you choose to authenticate is cool, but the PROCESS associated with that method has much more impact on all facets of your business. Click here to learn more about how we need to rethink authentication.

The best passwordless authentication methods

Best Passwordless Authentication – Method(s) for Success

Deciding to go passwordless is one thing, but deciding HOW to ACTUALLY do it is another thing altogether. We’ve done our best to summarize the major redeeming qualities of the three most prominent passwordless authentication methodologies - Certificate-Based Authentication (CBA), FIDO2, and Phone. Check out this blog for a high-level synopsis of each authentication method, their ideal use cases, and other key characteristics regarding their employment.

Passwordless vs MFA, Passwordless Authentication vs MFA, Passwordless vs Multi-Factor Authentication, Passwordless Authentication vs Multi-Factor Authentication

Passwordless Authentication vs. MFA

Passwordless authentication and multi-factor authentication are often mistaken for each other. While passwordless is a subset of MFA, MFA is usually used to refer to authentication methods that involve a password as one of the two factors. Conversely, passwordless authentication does away with passwords altogether. If an intruder gets hold of any authentication aspect, they still can't access the account unless they also control the user's phone or hardware key.

Are YubiKeys unphishable? Can YubiKeys be phished? Unphishable YubiKey. Phishing-resistant YubiKey.

Are YubiKeys Unphishable?

Not going to lie, I procrastinate A LOT, and one of the ways I do it is spending time on Reddit. One of the subreddits I spend a lot of time on is the r/YubiKey, and in there I see people asking all the time if YubiKeys are unphishable, and the answer is - it depends on which features you are using. So, let’s break down each of the YubiKey’s features and see which ones are unphishable.

What is Zero Trust SSH?

What is Zero Trust SSH?

In today's day and age, secure communication is essential for protecting sensitive information and preventing cyber-attacks. One common way to achieve secure communication is by using the Secure Shell (SSH) protocol, which is a widely used cryptographic network protocol for securely exchanging data over a network; however, not all SSH implementations are the same. In particular, there is a difference between traditional SSH and zero trust SSH. In this post, we will explain what zero trust SSH is and why most compliance certifications, such as PCI, require SSH key rotation.

The Best Duo Alternative for Entra ID (Azure AD). Best Duo Alternative for Passwordless Authentication.

Duo Alternative for Entra ID (Azure AD)

If you’re reading this, you are probably looking for a way to secure your Azure AD (Entra ID) identity with conditional access, multifactor authentication, or network authentication and probably looked at Duo; however, either their pricing or user experience has you looking at an alternative. Luckily, we are here with the alternative, and the best part of it is that it is (mostly) free (or you are already paying for it without knowing it)! Read here to find out all you need to know about the best Duo alternative for Entra ID!

How to go passwordless in Entra ID

How to Go Passwordless in Entra ID – The Ultimate Guide

If you are reading this, it’s almost certain that you’ve been tasked with helping your organization go passwordless. Perhaps it’s because Management heard that compromised passwords play a key role in 80+% of cybersecurity breaches, or maybe it’s because of the cyber insurance incentives and discounts for going passwordless. Why you are here is not as important as what you are going to learn. In this guide, Keytos will guide you on how to go passwordless in Entra ID (Azure AD), from all the “gotchas”, to links, to step-by-step guides for each process, to the pointers that helped us follow Azure Identity best practices and go fully passwordless.

What to do if you lose your YubiKey or Authenticator device

What Happens if I Lose my YubiKey or Microsoft Authenticator Device?

2FA and MFA are some of the best ways your organization can protect users' accounts without going passwordless, though we at Keytos are massive proponents of passwordless authentication. Some of the best ways to implement MFA are hardware keys (such as YubiKeys) and apps (such as the Microsoft Authenticator app). While these MFA methods are fantastic, they have one glaring flaw – as physical devices, they are able to be lost. It is not hard at all to imagine someone losing their YubiKey or their mobile device somewhere, somehow – so, what happens if an employee loses their device?

Is passwordless unphishable? Is passwordless authentication unphishable? Can passwordless be phished? Is passwordless phishing-resistant?

Is Passwordless Authentication Unphishable?

Passwordless authentication seems to be the talk of the cybersecurity world as of late! Going passwordless is a great way to bolster your organization’s cybersecurity posture due to the problems with using passwords and general inefficiencies of other authentication methods. While passwordless authentication is known as the most secure form of authentication out there, is it unphishable? Check out this blog to find out!

True Passwordless Security

True Passwordless Security - Ensuring the Safekeeping of Your Company's Data

Unlike solutions such as Multifactor Authentication (MFA) and Single Sign-On (SSO), which still cling to passwords in some way, true passwordless authentication waves them goodbye. Everything is done without a single password in sight, eliminating one of the most vulnerable attack vectors. It's about time we step into the future of secure access. Check out this blog to learn all you need to know about true passwordless security.

The Problem with Passwords

The Problem with Passwords

Passwords have been around for decades and are a well-established form of cybersecurity – that is, until hackers started figuring out more and more ways to get around so-called secure passwords. So then, what is the problem with using passwords? Simply put, passwords lack the high levels of security necessary to combat the ever-advancing technology accessible to hackers and bad actors. In 2021 alone, over 6 billion credentials were leaked, and more than 60% of breaches were caused by stolen credentials. That is simply unacceptable. But what is the reason why passwords are not secure?

How Passwordless Authentication Works, Passwordless Onboarding Explained

How Passwordless Authentication Works

Passwordless authentication is a scorching hot topic in the cybersecurity world. The name seems self-explanatory - there are no passwords - but how exactly does passwordless authentication work? Check out this blog for a high-level overview of the inner workings of passwordless authentication.

How to ship YubiKeys, global YubiKey shipping made easy

How to Ship YubiKeys Worldwide with Ease

Hardware keys (like YubiKeys) are great ways to go passwordless – in fact, we’re such huge fans that CEO Igal Flegmann has two whole keychains dedicated to YubiKeys! One of the pain points surrounding YubiKeys, though, is the shipping process. At Keytos, we believe that passwordless authentication is the future and nothing should get in the way of implementing it, so we’re here to make shipping YubiKeys worldwide easy. Check out this blog to learn how shipping YubiKeys is made easy with Keytos.

The four horsemen of data breaches - phishing attacks, weak and stolen credentials, misconfigured cloud databases and services, malware and ransomware

The 4 Horsemen of Data Breaches

Data breaches can stem from a variety of reasons, but some consistently emerge as the most typical or common culprits. Breaches have evolved from isolated incidents to headlines that regularly dominate the news cycle. From deceptive phishing schemes to the sheer negligence of cloud configurations, the avenues for breaches are broad. With household names like LinkedIn and the UK's National Health Service falling prey to cyber-attacks, no entity seems immune. In this post, we'll delve deep into the four most common types of attacks associated with data breaches, providing real-world incidents that exemplify the gravity and repercussions of such vulnerabilities. Strap in as we navigate the treacherous waters of cybersecurity shortcomings.

How to Deploy FIDO2 Keys in a Cloud Only Deployment

How Do You Deploy FIDO2 Security Keys in a Cloud-Only Deployment?

This post takes a look at the high-level steps associated with the process of deploying FIDO2 keys efficiently in a cloud-only environment. Additionally, we'll guide you through the maze of choices, pointing you towards the most credible vendors and solutions available in the market.

Does Azure support FIDO2?

Does Azure Support FIDO2? A Quick Lesson in Passwordless Authentication

The short answer is exactly that - short. Yes, Azure does support FIDO2. As there always seems to be with Microsoft, though, there is one glaring exception to this rule. Check out this blog to learn more about this exception and why your organization should start using hardware keys!

On-Premises Active Directory using FIDO2 – Passwordless Authentication – Am I Doing This Right?

On-Premises Active Directory using FIDO2 – Passwordless Authentication – Am I Doing This Right?

The growing demand amongst businesses of all shapes and sizes for passwordless authentication has brought FIDO2 to the forefront of the cybersecurity community. As businesses continue to adopt hybrid work environments, there is an increasing need to find solutions that integrate well with both on-premises and cloud-based systems. In the following post, we’ll discuss how FIDO2 can be implemented for on-premises Active Directory (AD) and how you can use PIV certificates to complement FIDO2 for legacy systems.

YubiKey cost, YubiKey price, How much does a YubiKey cost?

How Much Does a YubiKey Cost?

You will almost certainly encounter the question of how much YubiKeys cost on your journey of going passwordless. With CISOs becoming increasingly cost-conscious, understanding the price of security keys is a critical piece of information when it comes to selecting the right hardware for your organization. We applaud you for exploring the undisputed industry leader in passwordless solutions, Yubico, and their increasingly popular YubiKey! Read here for a detailed breakdown of the features of the various options available as well as the associated costs.

What are SSH Certificates? SSH Certificates Explained.

SSH Certificates Explained

SSH certificates are the best way to avoid the many issues that come with using SSH keys. In this blog, we take a look into what SSH certificates are & how SSH certificates work.

The Problem with Using SSH Keys

What is the Problem with SSH Keys?

SSH keys present a plethora of problems, and the majority of engineers have not received proper security training on the best practices. How can your organization circumvent the problems of SSH keys? Read here to find out!

Best practices for going passwordless on-premises use FIDO2 or SmartCard?

FIDO2 for On-Premises Active Directory. Is it the Right Way to Go Passwordless?

One of the most common questions when going passwordless is how do you support legacy systems, While Microsoft supports FIDO2 on premises, the best solution, is to use SmartCard for legacy and FIDO2 for modern authentication.

ROI of Passwordless Authentication

What's the ROI of Going Passwordless?

Passwords have become an integral part of our daily lives, but have you ever stopped to think about the actual cost of using them as your primary means of authentication? I’m talking about in terms of both time & money. Well, here at Keytos, we certainly have! Read here as we delve deeper into the hidden costs associated with conventional password-based authentication.

MFA vs 2FA, multi-factor authentication vs two-factor authentication, two factor vs multi factor authentication

2FA vs MFA – What You Need to Know

2FA (Two-Factor Authentication) and MFA (Multi-Factor Authentication) are two of the most popular and mainstream acronyms in the realm of cybersecurity. What do they mean? Which is best for your organization? Click here to find out all you need to know about 2FA vs MFA!

Azure CBA go Passwordless In Azure with Azure (Entra) Certificate Based Authentication

How to Go Passwordless In Azure with Entra CBA (Certificate Based Authentication)

Stop phishing attacks with Microsofts unphishable credentials by using PIV X.509 certificates in Azure with Azure certificate based authentication (CBA) and become a fully passwordless organization.

Are passwords secure? What are alternatives to passwords?

Passwords Are Not Secure! Challenges and Modern Authentication Alternatives

We’re exceptionally thankful for all that passwords have done for us; but, as things progress, we're discovering a glaring issue - passwords, as we know them, are rapidly becoming an outdated and unreliable method of authentication. Here are some of the most common shortfalls...

The History of Passwordless Authentication in Linux

Passwordless Authentication in Linux Over the Years

Going passwordless in Linux has never been easy - we get it. As a matter of fact, the history of passwordless authentication in Linux is equally as fascinating as it is triggering. Let's take a deep dive, shall we?

Does Microsoft Active Directory Work With Linux?

Does Active Directory Work With Linux?

If you’re a Microsoft Active Directory expert, your first instinct for managing access to your Linux endpoint(s) is probably to domain join your Linux VMs to Active Directory. The TL;DR here is that this is an awful idea. You’re going to run into issues with DNS, Privileged Agents, No MFA, and just a generally not the best or most secure user experience.

How to create PIVKey certificates for Azure CBA (Certificate Based Authentication) and AD Smart Card Authentication

How to Onboard PIVKey Smart Card Certificates for Azure CBA and AD Smart Card Authentication

When looking at passwordless options, you might have heard of PIVKey smart cards. PIVKey is a great option for passwordless authentication with a smartcard, however, it is not the easiest to onboard. This is why we created this guide to help you onboard PIVKey smart cards to Azure CBA and AD Smart Card Authentication.

How to go passwordless in Azure AD and Entra ID without Temporary Access Pass (TAP)

How To Onboard To Azure FIDO2 Without Temporary Access Pass (TAP)

With cybersecurity you are as secure as your weakest point. Therefore, if you implement Azure passwordless and use TAP to onboard, attackers will target your TAP issuing process to gain access to your infrastructure. Learn how to remove the human from this process and use self-onboarding to passwordless authentication.

How to enable passwordless authentication in Azure AD and Entra ID with FIDO2 and Azure CBA using Yubikeys

How To Use YubiKeys for Azure CBA and FIDO2 in Entra ID

When looking at passwordless options, the first option that comes to mind is YubiKeys. While they are awesome once you issue them, they are not the easiest to onboard. This is why we created this guide to help you onboard YubiKeys to Azure CBA and FIDO2.

How to Enable YubiKeys and FIDO2 as Auth Methods for MS Office 365 Apps

How to Enable YubiKeys and FIDO2 as Authorization Methods for Microsoft Office 365 Apps on macOS or iOS

Passwords alone are no longer considered secure, and organizations worldwide are moving towards passwordless authentication methods. One such method is using hardware tokens like YubiKeys and the FIDO2 protocol. But how can you enable these methods for Microsoft Office 365 apps on macOS or iOS? Read this blog to learn how!

Going passwordless what are the benefits?

The Security and User Experience Benefits of Going Passwordless

Going passwordless is no only exponentially more secure, it has also been shown to improve productivity and reduce wasted time. This page is the perfect starting point to learn more about about which passwordless method is best for you.

SMB Phishing Prevention - How to Prevent Phishing as an SMB

How to Prevent Phishing as a Small Business

The number of phishing attacks has risen sharply over the years. For small businesses, relying solely on employee awareness and email filters isn't enough. The answer? Unphishable credentials. Read on to find out how unphishable credentials can help secure your small business.

How To Go Fully Passwordless in Azure AD (Entra ID) with FIDO2 and Azure CBA - create passwordless users in Azure AD

How To Go Fully Passwordless in Azure AD (Entra ID)

The only way to stop attackers from phishing your passwords is to remove them completely. Learn how to go fully passwordless in Azure AD (Entra ID). From setting up FIDO2 and Azure CBA to creating passwordless users in Azure AD, we cover it all.

What is Azure CBA and how to get started with Azure CBA

Azure CBA – What is it? Who Needs it? How to Get Started?

Traditional password-based authentication methods are no longer sufficient to protect sensitive company data and infrastructure. To address these concerns, Azure Active Directory (Azure AD) offers passwordless authentication to enhance protection and improve the user experience. Read on to learn more about Azure CBA and how to get started!

What's the difference between FIDO2 and Smartcard authentication?

Difference Between FIDO2 and Smartcard Authentication

When looking at passwordless authentication, the two most popular options are FIDO2 and Smartcard authentication, but what is the difference between the two? Which one should you use? in this blog we discuss the difference between FIDO2 and Smartcard authentication and which one is best for each scenario.

Unphishable and Phishing resistant credentials for Azure

Unphishable Credentials For Azure and On-Premises - Cheaper and More Secure than Password-Based Authentication

With phishing attacks on the rise, organizations are moving to phishing resistant /unphishable credentials to protect their organizations. However, extra security is not the only benefit; they are also saving money.

How To Enable Self Onboarding for Passwordless (FIDO2, Azure CBA, and Phone Authentication) In Azure

How To Enable Self Onboarding for Passwordless (FIDO2, Azure CBA, and Phone Authentication) In Azure

As more organizations move to cloud-based solutions, the importance of secure and compliant authentication methods has become increasingly critical. While passwordless authentication methods are the pinnacle of security, they have a reputation of being incredibly tedious to set up. Learn how EZCMS can help you improve security while removing onboarding friction with FIDO2, Azure CBA, and Passwordless Phone Authentication.

SSH certificates cause data breaches

SSH - The Weakest Point In Your Infrastructure

SSH has become the weakest point in cloud security and hackers have noticed. Over the past few years we have seen an exponential increase of cyber attacks targeted to SSH. Organizations adopting zero-trust architecture must take a hard look at their existing identity management for SSH.

Manage access to Linux with EZSSH

Do Not Domain Join Linux VMs to Active Directory

While Domain joining your Linux machines to Active Directory might sound like a good way to do identity and access management for Linux at scale. Linux was not designed for this, and in the long term it will cause more issues than it solves. The solution SSH Certificates!

Azure Active Directory Login to Linux

AAD Login for Linux Machines is Here!

SSH Keys were designed for a time when SSH was protected by a strong network barrier. With today's zero trust world a stronger passwordless identity story is needed. This is why we created the first agent-less AAD based authentication for Linux endpoints.

How to rotate SSH Keys

The New way to rotate SSH keys is here!

At cloud scale simple tasks such as SSH key management become exponentially harder to do. Large companies such as Lyft and Facebook have moved on to SSH Certificates time for you to make the jump too!

How SSH Certificates Work

How SSH Certificates Work

SSH has become a target in the latest round of security breaches. Learn how SSH Certificates are the best way to protect your infrastructure by removing the need of life cycling SSH keys and improving user experience.

SSH Certificates

Are you still using SSH Keys? Start using SSH Certificates today!

SSH Keys have been the security standard for the last few decades. Time to modernize with a more secure and easy to lifecycle solution SSH Certificates.