Contact Us

Passwordless Guides and Best Practices

what are the best passwordless authentication methods FIDO2 and Smart Card Authentication

What are the Best Passwordless Authentication Methods?

Discover the future of security with Passwordless Authentication! Learn how it enhances security by eliminating passwords, comparing methods like Phone-based, Certificate-Based, and FIDO2 for the best fit for your org

How to Stop SSH Key Sharing with SSO and SSH Certificates

How to Stop SSH Key Sharing with SSH Certificates

Enhance SSH security without sharing keys Use SSO and SSH certificates for safe, easy access. Learn to implement best practices and technology for secure SSH

How to Enable SSO for SSH with Entra ID

How to Enable SSO for SSH with Entra ID

As organizations continue to digitize and operate in increasingly cloud-centric environments, the importance of secure, manageable, and auditable authentication mechanisms cannot be overstated. We all know that breaches can lead to unauthorized access, data theft, and potentially catastrophic security incidents. While enhancing SSH authentication might not be the first thing that comes to mind when we talk about IAM and going passwordless, it certainly aligns with the broader need for robust security practices that safeguard against evolving threats.

How To Implement Phishing Resistant Authentication In Entra ID with Entra CBA and FIDO2 Passkeys

How To Implement Phishing Resistant Authentication In Entra ID

Learn how to implement phishing resistant authentication in Entra ID with Entra CBA and FIDO2 passkeys and start your journey to a passwordless future.

Are Yubico YubiKeys phishing resistant? Can YubiKeys be phished? Unphishable YubiKey. Phishing-resistant YubiKey.

Are Yubico YubiKeys Phishing Resistant?

One of the biggest questions that we’ve seen across sales calls, Reddit forums, conferences, and more is “Are YubiKeys phishing resistant?” Honestly, it’s a valid question – YubiKeys have been pretty prominently featured in the push for passwordless authentication but are they phishing resistant?

What Are the Best Phishing Resistant Authentication Methods?

The Most Effective Phishing Resistant Authentication Methods to Use

Choosing to adopt a phishing-resistant authentication method is one thing – figuring out the best way to implement said method is an entirely different challenge. In this blog, we will be outlining the key advantages of the two leading phishing-resistant authentication methods

How phishing resistant authentication improves your security

How Phishing Resistant Authentication Bolsters Security

Phishing resistant authentication is a game-changer for security and user experience. Learn how it improves your security and user experience.

How to onboard FIDO2 keys or Yubikeys in Azure for remote users

FIDO2 Key Onboarding for Remote Employees in Azure

Once you have decided to go passwordless with FIDO2 keys, the next step is to onboard them. This guide will help you onboard FIDO2 keys in Azure for remote users.

Implement Phishing-Resistant Authentication in Azure with FIDO2 and Entra CBA

How to Implement Phishing-Resistant Authentication in Azure

This comprehensive blog explores the importance and methodology of implementing phishing-resistant, passwordless authentication methods within Azure. It dives into the critical need for organizations to adopt a security-first culture amidst rising cybersecurity threats, emphasizing the role of unphishable credentials in enhancing data protection.

Phishing Resistant MFA – Secure Authentication for Businesses in Entra ID and Microsoft 365

Phishing Resistant Credentials – The Modern Security Blanket

Discover the essential guide to deploying phishing-resistant multi-factor authentication (MFA) for the modern workforce in our latest blog. Learn how smartcards and FIDO2 security keys create a robust defense against phishing scams, protecting your organization's credentials and integrity. Understand the urgent need for security upgrades in light of the rising sophistication of cyber threats, and how going passwordless with security keys not only enhances protection but also supports a proactive security posture.

Setup phishing resistant authentication in Azure and Microsoft 365 with Entra CBA

Implement Phishing Resistant Authentication in Entra CBA

Are you ready to implement phishing resistant authentication in Entra CBA? In this guide, we provide insight on how you can go passwordless in Entra ID, from the "gotchas," to important links, to step-by-step tutorials, all to ensure you're well prepared.

Does Microsoft Active Directory Work With Linux?

Does Linux Work with Active Directory?

If you’re a Microsoft Active Directory expert, your first instinct for managing access to your Linux endpoint(s) is probably to domain join your Linux VMs to Active Directory. The TL;DR here is that this is an awful idea. You’re going to run into issues with DNS, Privileged Agents, No MFA, and just a generally not the best or most secure user experience.

Should you set required affinity binding to high in Azure CBA?

Should I Set Required Affinity Binding to High in Entra CBA?

You're probably following a guide on how to set up Entra CBA and came across Required Affinity Binding on the Entra ID portal, and are wondering whether you need it. Worry not – when Microsoft confuses you, Keytos has you covered! In this blog, we will go over what Required Affinity Binding is and whether or not you should set it to High in Entra CBA.

You need to use SSH certificates if you want to SSH the right way

SSH Certificates are the Best Way to Do SSH Effectively

SSH is widely used and considered to be the standard for remotely managing Linux systems; however, it was designed in 1995, when computers were accessed by a handful of people in a local network. To help SSH scale to current cloud scale, using legacy SSH keys that do not expire becomes impossible - this is why organizations such as Facebook, Uber, Netflix, and Keytos have transitioned to SSH certificates. In this blog, we will explore why SSH certificates are the best way to do SSH effectively.

How to Use Unphishable Authentication Methods in Azure Active Directory

How to Deploy Unphishable Authentication in Azure

In order to effectively implement passwordless authentication in Azure throughout your organization, you need to first reflect on the entire user lifecycle. This involves processes like creating a user account without a password, distributing hardware keys (e.g., YubiKeys), onboarding users and personal computers, authenticating on the network, implementing conditional access, and enabling passwordless entry to non-Active Directory resources like Linux systems. We know that that can be a massive headache; while we can't provide you with Ibuprofen, we can help alleviate that headache by diving into each of these aspects! Let's take a closer look!

How to use Yubico YubiKey for Microsoft Entra CBA (Azure CBA)

How to Use YubiKeys for Entra CBA

Since its initial announcement in 2022, Microsoft has significantly enhanced Entra CBA across various platforms. In their most recent update on December 13, 2023, Microsoft announced that these enhancements encompass support for certificates on different devices and compatibility with external security keys, such as YubiKeys. In this blog, we will tell you all about what this updated system provides users with as well as how to use YubiKeys for Entra CBA!

How FIDO2 Prevents Phishing Attacks

How Does FIDO2 Prevent Phishing?

In this wild world of cybersecurity that we find ourselves in, organizations constantly seek robust solutions to combat threats like phishing. A breakthrough in this anti-phishing agenda is the adoption of FIDO2 keys for passwordless (unphishable) authentication! In this blog, we will explore how FIDO2 keys offer an unphishable credential, setting a new standard in secure authentication.

What is FIDO2?

What is FIDO2 Authentication?

The FIDO2 standard, an evolution of FIDO, offers improved security and user convenience by removing the reliance on passwords. This results in a more secure, user-friendly, and modern method of verification, reducing the risk of fraud in online interactions. FIDO2’s purpose is straightforward: it allows us to leverage biometric data stored on our computers or mobile devices (such as fingerprint scanners, touch ID, face ID, external tokens, etc.) for accessing websites and applications. This blog will take a deep dive into these two points to help you gain a better understanding of the ins and outs of FIDO2.

How to use Yubico YubiKey for for iOS devices with Azure AD (Entra ID)

How to Use a YubiKey in iOS Devices with Entra ID

If you are trying to implement unphishable credentials in Azure, you've probably looked at FIDO2 and Entra CBA (Certificate-Based Authentication); however, after taking a closer look, you will see that FIDO2 is still not fully supported in iOS, only in browsers, meaning that if you want to use phishing-resistant authentication in iOS you must use certificate-based authentication with Azure CBA (Entra CBA). As of writing this blog, only YubiKeys are supported for Entra ID mobile authentication. In this post, we will cover the full process on how to get your YubiKeys ready for iOS authentication.

SSH vs. X509 Certificates - What's the Difference? SSH Certificates vs X509 Certificates – What's the Difference Between SSH and X509 Certificates?

X.509 vs. SSH Certificates: What's the Difference?

It's common to encounter misconceptions that SSH certificates are identical to or interchangeable with X.509 certificates, but this is simply incorrect. This blog will concisely explore the nature of SSH certificates, why you ought to be using them, and the fundamental differences that set them apart from X.509 certificates.

The Beginner's Guide on How to Set Up Passwordless Authentication in Azure

Passwordless Authentication in Azure - The Beginner's Guide

In the following guide, we aim to provide insight on how you can go passwordless in Azure AD. We intend to cover everything from all the "gotchas," to links, to step-by-step tutorials for each process, to the pointers that'll ensure you're up-to-date with Azure Identity Security Best Practices. Click here to learn more!

How you can do SSH even better than the world's biggest companies.

How Industry Leaders Do SSH

Did you know that a 2017 study showed that a cybersecurity attack happens every 39 seconds? Organizations clearly need to prioritize reinforcing their defense strategies. Facebook, Netflix, and Uber are three great examples of top companies doing SSH the right way. Click here to learn more about how these companies do SSH and how you can follow in their footsteps.

Are CBA and MFA the same thing?

Is Certificate-Based Authentication (CBA) Considered MFA?

Are you trying to secure your organization with phishing-resistant credentials but are confused by all the options? You've come to the right place! In this post, we explain if Certificate-Based Authentication (CBA) is considered MFA, as well as the different types of phishing-resistant credentials you can set up in Entra ID.

How to set up a Yubico YubiKey in Azure AD / Entra ID for secure multifactor authentication

How to Setup YubiKey in Azure AD for Secure MFA

With the rising importance of securing Entra ID (fka Azure AD), it's essential to explore enhanced security measures. One of the most effective methods is, without question, the use of hardware keys such as a YubiKey. This blog will guide you through setting up a YubiKey, registering it, and enrolling it with Entra ID.

How to stop getting phished: use phishing-resistant MFA!

Prevent Phishing Attacks with Phishing-Resistant MFA

Businesses of all shapes and sizes have relied heavily over the past decade or so on e-mail filters and educating their employees about phishing as their main deterrents. While well intentioned, it’s almost altogether useless. Think about it this way… what’s the last employee training session you actually paid attention to? Simply put, the reliance on traditional employee vigilance and email filtering systems is proving to be insufficient against modern, sophisticated phishing schemes. So where do we go from here? The answer lies in the implementation of phishing-resistant Multi-Factor Authentication (MFA). Click here to learn more!

How to manage SSH keys at scale

How to Manage SSH Keys at Scale

As organizations transition to a zero-trust model, passwordless SSH becomes the only way to protect your SSH endpoints. The first thing that comes to mind is using SSH Keys. They are cryptographically secure, native to Linux so no custom PAM or agent must be running on the endpoint; however, SSH keys are hard to manage. As a result, many organizations are looking for an SSH key management solution where the keys are centrally managed and can be rotated by the service. In this blog, we will do a deep dive into the best way to manage your SSH keys at scale.

how to onboard users for passwordless authentication without an initial password

The Chicken and Egg Problem for Passwordless - How To Create Passwordless Users Without a Password

So, you're trying to go passwordless to avoid all the problems associated with passwords, but you can't stop thinking to yourself, "How on Earth do you create a passwordless identity without first having a password?" You're not alone! We consider this the cybersecurity iteration of "The Chicken and Egg" conundrum. Click here to learn more!

How to Save Money on Cyber Insurance

How to Reduce Cyber Insurance Rates

With any luck, you’ve come across this post about saving money on cyber risk insurance as part of a proactive vendor selection or shopping process. Another probable scenario is that you’re already insured, and you’re simply exploring less expensive options. Either way, you’ve most likely thought to yourself at one point in time, "Why is this so expensive?" and "What can I do to lower the premium?" Click here to learn the answers to those questions!

What are the benefits of multi factor authentication (MFA)?

What are the Benefits of MFA?

There are quite literally thousands of companies around the world that still rely on password-based authentication. They’ve probably haven’t ever researched the topic, and outlining the benefits of MFA compared to passwords would be exceptionally useful. Check out this blog to learn all about the benefits of MFA and why MFA is better than traditional authentication methods.

How to create SSH certificates on your own

How to Create SSH Certificates

Did you know most SSH endpoints have around 200 SSH keys and 90% of them are not used? It's pretty clear that SSH keys are so last season, and that SSH certificates are the way to go when it comes to adhering to the highest standards of cybersecurity/authentication. In this blog, we will show you why SSH certificates are the way of the future, as well as how to set up SSH certificate authentication on your own!

Is phone authentication unphishable?

Is Phone Authentication Safe?

Smartphones have become an integral part of our daily lives – who doesn’t own a smartphone nowadays? Unfortunately, with this growing reliance on smartphones comes an important concern to consider: the safety of phone authentication. While phone authentication is widely perceived as a convenient and secure authentication method, phone authentication is not safe. In this blog, we will explore the dangers of relying solely on phone authentication.

How to Go Passwordless in Entra with Entra CBA. How to Setup Entra CBA.

How to Set Up Entra CBA

Entra CBA (Certificate-Based Authentication) is by far the best way to secure your organization via Entra MFA. In this article, we will show you how to set up Entra CBA passwordless authentication in 9 easy steps (that’s less than an hour’s worth of steps!).

Learn how to Secure Your Azure IoT Device

Azure IoT Device Security is at Risk – Secure Your IoT Device Today!

The fledgling state of the IoT industry often drives manufacturers to prioritize speed over security, hastening to introduce their products before ensuring robust protection. Consequently, they might resort to hardcoded credentials or delegate security responsibilities to hardware vendors. Such lapses present a goldmine for hackers. Click here to learn the best ways that you can improve your Azure IoT device security!

How to Remotely Onboard Users with Verifiable Credentials

Passwordless Onboarding with Azure Verifiable Credentials

Azure Verifiable Credentials are Microsoft's response to the question of how you can validate that your new employee is who they say they are when they are onboarding to your organization. They even want to go further and have organizations such as Universities add the person's degrees and other information into verifiable credentials, which would allow organizations to validate the education of the person. Check out this blog to learn all you need to know about Azure Verifiable Credentials and how to use them for remote passwordless onboarding.

Unphishable MFA keeps your organization secure

How Phishing-Resistant MFA Improves Your Organization’s Security Posture

Let’s cut right to the chase – if you want your organization’s cybersecurity posture to rival that of any organization in the world, phishing-resistant MFA is the way to go. Why? With unphishable MFA, there are no passwords for hackers to steal! No matter what steps you take to make a password "strong," there are always hackers who can take it from you. That's where phishing-resistant MFA (or, unphishable MFA) steps in.

Endpoint Management Best Practices; The Best AD Linux Alternative; AD Linux Alternative; How to Do Endpoint Management

Active Directory Linux Alternative: A Better Approach to Endpoint Management

For experts well versed in Microsoft Active Directory, the natural inclination is to domain join Linux Virtual Machines (VMs) with Active Directory. The appeal and logic here is in centralizing Linux endpoint management; however, aligning Linux with a system originally intended for Windows can bring about a "metric f*%$-ton" of unexpected challenges... such a having to run a bunch of highly-privileged agents to emulate Windows, or having to debug from a Linux machine. ...It’s a royal P.I.T.A. The following will give you the quick and dirty as to the best way to do this, which may be counterintuitive to your preconceived notions.

You need MFA if you want cyber insurance

Cyber Insurance – Why Implementing MFA is Crucial for Your Organization

With the rising costs associated with cybercrime, many insurance providers have stated that companies seeking cyber insurance need to take measures to reduce the risk of cyberattacks against them being successful. If organizations adhere to this ask and take precautionary cybersecurity measures, there is a reduced chance of a successful cyberattack and, as such, a reduction in the sum of payouts from the insurance providers. This seems like a win-win, but how can companies best take these precautions? By implementing MFA.

Rethinking Authentication - Focus on the WHOLE Process, Not Just the Method

Rethinking Authentication: Focus on the WHOLE Process, Not Just the Method

While we certainly do appreciate discussions around tech-driven security, we're convinced that the advancement in present-day authentication and the future of Zero Trust authentication isn't merely about the method, but it revolves around the system. Even top-notch security is ineffective if end-users find it cumbersome and IT struggles to implement it. Basically, what we're trying to say here is that, yes, the method in which you choose to authenticate is cool, but the PROCESS associated with that method has much more impact on all facets of your business. Click here to learn more about how we need to rethink authentication.

The best passwordless authentication methods

What are the Best Passwordless Authentication Methods?

Deciding to go passwordless is one thing, but deciding HOW to ACTUALLY do it is another thing altogether. We’ve done our best to summarize the major redeeming qualities of the three most prominent passwordless authentication methodologies - Certificate-Based Authentication (CBA), FIDO2, and Phone. Check out this blog for a high-level synopsis of each authentication method, their ideal use cases, and other key characteristics regarding their employment.

Passwordless vs MFA, Passwordless Authentication vs MFA, Passwordless vs Multi-Factor Authentication, Passwordless Authentication vs Multi-Factor Authentication

Passwordless Authentication vs. MFA

Passwordless authentication and multi-factor authentication are often mistaken for each other. While passwordless is a subset of MFA, MFA is usually used to refer to authentication methods that involve a password as one of the two factors. Conversely, passwordless authentication does away with passwords altogether. If an intruder gets hold of any authentication aspect, they still can't access the account unless they also control the user's phone or hardware key.

Are Yubico YubiKeys unphishable? Can YubiKeys be phished? Unphishable YubiKey. Phishing-resistant YubiKey.

Are YubiKeys Unphishable?

Not going to lie, I procrastinate A LOT, and one of the ways I do it is spending time on Reddit. One of the subreddits I spend a lot of time on is the r/YubiKey, and in there I see people asking all the time if YubiKeys are unphishable, and the answer is - it depends on which features you are using. So, let’s break down each of the YubiKey’s features and see which ones are unphishable.

What is Zero Trust SSH?

What is Zero Trust SSH?

In today's day and age, secure communication is essential for protecting sensitive information and preventing cyber-attacks. One common way to achieve secure communication is by using the Secure Shell (SSH) protocol, which is a widely used cryptographic network protocol for securely exchanging data over a network; however, not all SSH implementations are the same. In particular, there is a difference between traditional SSH and zero trust SSH. In this post, we will explain what zero trust SSH is and why most compliance certifications, such as PCI, require SSH key rotation.

The Best Duo Alternative for Entra ID (Azure AD). Best Duo Alternative for Passwordless Authentication.

Duo Alternative for Entra ID (Azure AD)

If you’re reading this, you are probably looking for a way to secure your Azure AD (Entra ID) identity with conditional access, multifactor authentication, or network authentication and probably looked at Duo; however, either their pricing or user experience has you looking at an alternative. Luckily, we are here with the alternative, and the best part of it is that it is (mostly) free (or you are already paying for it without knowing it)! Read here to find out all you need to know about the best Duo alternative for Entra ID!

How to go passwordless in Entra ID

How to Go Passwordless in Entra ID – The Ultimate Guide

If you are reading this, it’s almost certain that you’ve been tasked with helping your organization go passwordless. Perhaps it’s because Management heard that compromised passwords play a key role in 80+% of cybersecurity breaches, or maybe it’s because of the cyber insurance incentives and discounts for going passwordless. Why you are here is not as important as what you are going to learn. In this guide, Keytos will guide you on how to go passwordless in Entra ID (Azure AD), from all the “gotchas”, to links, to step-by-step guides for each process, to the pointers that helped us follow Azure Identity best practices and go fully passwordless.

What to do if you lose your YubiKey or Authenticator device

What Happens if I Lose my YubiKey or Microsoft Authenticator Device?

2FA and MFA are some of the best ways your organization can protect users' accounts without going passwordless, though we at Keytos are massive proponents of passwordless authentication. Some of the best ways to implement MFA are hardware keys (such as YubiKeys) and apps (such as the Microsoft Authenticator app). While these MFA methods are fantastic, they have one glaring flaw – as physical devices, they are able to be lost. It is not hard at all to imagine someone losing their YubiKey or their mobile device somewhere, somehow – so, what happens if an employee loses their device?

Is passwordless unphishable? Is passwordless authentication unphishable? Can passwordless be phished? Is passwordless phishing-resistant?

Is Passwordless Authentication Unphishable?

Passwordless authentication seems to be the talk of the cybersecurity world as of late! Going passwordless is a great way to bolster your organization’s cybersecurity posture due to the problems with using passwords and general inefficiencies of other authentication methods. While passwordless authentication is known as the most secure form of authentication out there, is it unphishable? Check out this blog to find out!

True Passwordless Security

True Passwordless Security - Ensuring the Safekeeping of Your Company's Data

Unlike solutions such as Multifactor Authentication (MFA) and Single Sign-On (SSO), which still cling to passwords in some way, true passwordless authentication waves them goodbye. Everything is done without a single password in sight, eliminating one of the most vulnerable attack vectors. It's about time we step into the future of secure access. Check out this blog to learn all you need to know about true passwordless security.

What is the Problem with Passwords?

The Problem with Passwords

Passwords have been around for decades and are a well-established form of cybersecurity – that is, until hackers started figuring out more and more ways to get around so-called secure passwords. So then, what is the problem with using passwords? Simply put, passwords lack the high levels of security necessary to combat the ever-advancing technology accessible to hackers and bad actors. In 2021 alone, over 6 billion credentials were leaked, and more than 60% of breaches were caused by stolen credentials. That is simply unacceptable. But what is the reason why passwords are not secure?

How Passwordless Authentication Works, Passwordless Onboarding Explained

How Passwordless Authentication Works

Passwordless authentication is a scorching hot topic in the cybersecurity world. The name seems self-explanatory - there are no passwords - but how exactly does passwordless authentication work? Check out this blog for a high-level overview of the inner workings of passwordless authentication.

How to ship YubiKeys, global YubiKey shipping made easy

How to Ship YubiKeys Worldwide with Ease

Hardware keys (like YubiKeys) are great ways to go passwordless – in fact, we’re such huge fans that CEO Igal Flegmann has two whole keychains dedicated to YubiKeys! One of the pain points surrounding YubiKeys, though, is the shipping process. At Keytos, we believe that passwordless authentication is the future and nothing should get in the way of implementing it, so we’re here to make shipping YubiKeys worldwide easy. Check out this blog to learn how shipping YubiKeys is made easy with Keytos.

The four horsemen of data breaches - phishing attacks, weak and stolen credentials, misconfigured cloud databases and services, malware and ransomware

The 4 Horsemen of Data Breaches

Data breaches can stem from a variety of reasons, but some consistently emerge as the most typical or common culprits. Breaches have evolved from isolated incidents to headlines that regularly dominate the news cycle. From deceptive phishing schemes to the sheer negligence of cloud configurations, the avenues for breaches are broad. With household names like LinkedIn and the UK's National Health Service falling prey to cyber-attacks, no entity seems immune. In this post, we'll delve deep into the four most common types of attacks associated with data breaches, providing real-world incidents that exemplify the gravity and repercussions of such vulnerabilities. Strap in as we navigate the treacherous waters of cybersecurity shortcomings.

How to Deploy FIDO2 Keys in a Cloud Only Deployment

How Do You Deploy FIDO2 Security Keys in a Cloud-Only Deployment?

This post takes a look at the high-level steps associated with the process of deploying FIDO2 keys efficiently in a cloud-only environment. Additionally, we'll guide you through the maze of choices, pointing you towards the most credible vendors and solutions available in the market.

Does Azure support FIDO2?

Does Azure Support FIDO2? A Quick Lesson in Passwordless Authentication

The short answer is exactly that - short. Yes, Azure does support FIDO2. As there always seems to be with Microsoft, though, there is one glaring exception to this rule. Check out this blog to learn more about this exception and why your organization should start using hardware keys!

On-Premises Active Directory using FIDO2 – Passwordless Authentication – Am I Doing This Right?

On-Premises Active Directory using FIDO2 – Passwordless Authentication – Am I Doing This Right?

The growing demand amongst businesses of all shapes and sizes for passwordless authentication has brought FIDO2 to the forefront of the cybersecurity community. As businesses continue to adopt hybrid work environments, there is an increasing need to find solutions that integrate well with both on-premises and cloud-based systems. In the following post, we’ll discuss how FIDO2 can be implemented for on-premises Active Directory (AD) and how you can use PIV certificates to complement FIDO2 for legacy systems.

YubiKey cost, YubiKey price, How much does a YubiKey cost?

How Much Does a YubiKey Cost?

You will almost certainly encounter the question of how much YubiKeys cost on your journey of going passwordless. With CISOs becoming increasingly cost-conscious, understanding the price of security keys is a critical piece of information when it comes to selecting the right hardware for your organization. We applaud you for exploring the undisputed industry leader in passwordless solutions, Yubico, and their increasingly popular YubiKey! Read here for a detailed breakdown of the features of the various options available as well as the associated costs.

What are SSH Certificates? SSH Certificates Explained.

SSH Certificates Explained

SSH certificates are the best way to avoid the many issues that come with using SSH keys. In this blog, we take a look into what SSH certificates are & how SSH certificates work.

The Problem with Using SSH Keys

What is the Problem with SSH Keys?

SSH keys present a plethora of problems, and the majority of engineers have not received proper security training on the best practices. How can your organization circumvent the problems of SSH keys? Read here to find out!

Best practices for going passwordless on-premises use FIDO2 or SmartCard?

FIDO2 for On-Premises Active Directory. Is it the Right Way to Go Passwordless?

One of the most common questions when going passwordless is how do you support legacy systems, While Microsoft supports FIDO2 on premises, the best solution, is to use SmartCard for legacy and FIDO2 for modern authentication.

ROI of Passwordless Authentication

What's the Cost of Going Passwordless?

Passwords have become an integral part of our daily lives, but have you ever stopped to think about the actual cost of using them as your primary means of authentication? I’m talking about in terms of both time & money. Well, here at Keytos, we certainly have! Read here as we delve deeper into the hidden costs associated with conventional password-based authentication.

MFA vs 2FA, multi-factor authentication vs two-factor authentication, two factor vs multi factor authentication

What's the Difference Between 2FA and MFA?

2FA (Two-Factor Authentication) and MFA (Multi-Factor Authentication) are two of the most popular and mainstream acronyms in the realm of cybersecurity. What do they mean? Which is best for your organization? Click here to find out all you need to know about 2FA vs MFA!

Azure CBA go Passwordless In Azure with Azure (Entra) Certificate Based Authentication

How to Go Passwordless In Azure with Entra CBA (Certificate Based Authentication)

Stop phishing attacks with Microsofts unphishable credentials by using PIV X.509 certificates in Azure with Azure certificate based authentication (CBA) and become a fully passwordless organization.

Are passwords secure? What are alternatives to passwords?

Passwords Are Not Secure! Challenges and Modern Authentication Alternatives

We’re exceptionally thankful for all that passwords have done for us; but, as things progress, we're discovering a glaring issue - passwords, as we know them, are rapidly becoming an outdated and unreliable method of authentication. Here are some of the most common shortfalls...

The History of Passwordless Authentication in Linux

Passwordless Authentication in Linux Over the Years

Going passwordless in Linux has never been easy - we get it. As a matter of fact, the history of passwordless authentication in Linux is equally as fascinating as it is triggering. Let's take a deep dive, shall we?

How to create PIVKey certificates for Azure CBA (Certificate Based Authentication) and AD Smart Card Authentication

How to Onboard PIVKey Smart Card Certificates for Azure CBA and AD Smart Card Authentication

When looking at passwordless options, you might have heard of PIVKey smart cards. PIVKey is a great option for passwordless authentication with a smartcard, however, it is not the easiest to onboard. This is why we created this guide to help you onboard PIVKey smart cards to Azure CBA and AD Smart Card Authentication.

How to go passwordless in Azure AD and Entra ID without Temporary Access Pass (TAP)

How To Onboard To Azure FIDO2 Without Temporary Access Pass (TAP)

With cybersecurity you are as secure as your weakest point. Therefore, if you implement Azure passwordless and use TAP to onboard, attackers will target your TAP issuing process to gain access to your infrastructure. Learn how to remove the human from this process and use self-onboarding to passwordless authentication.

How to enable passwordless authentication in Azure AD and Entra ID with FIDO2 and Azure CBA using Yubikeys

How To Use YubiKeys for Azure CBA and FIDO2 in Entra ID

When looking at passwordless options, the first option that comes to mind is YubiKeys. While they are awesome once you issue them, they are not the easiest to onboard. This is why we created this guide to help you onboard YubiKeys to Azure CBA and FIDO2.

How to Enable YubiKeys and FIDO2 as Auth Methods for MS Office 365 Apps

How to Enable YubiKeys and FIDO2 as Authorization Methods for Microsoft Office 365 Apps on macOS or iOS

Passwords alone are no longer considered secure, and organizations worldwide are moving towards passwordless authentication methods. One such method is using hardware tokens like YubiKeys and the FIDO2 protocol. But how can you enable these methods for Microsoft Office 365 apps on macOS or iOS? Read this blog to learn how!

Going passwordless what are the benefits?

The Security and User Experience Benefits of Going Passwordless

Going passwordless is no only exponentially more secure, it has also been shown to improve productivity and reduce wasted time. This page is the perfect starting point to learn more about about which passwordless method is best for you.

SMB Phishing Prevention - How to Prevent Phishing as an SMB

How to Prevent Phishing as a Small Business

The number of phishing attacks has risen sharply over the years. For small businesses, relying solely on employee awareness and email filters isn't enough. The answer? Unphishable credentials. Read on to find out how unphishable credentials can help secure your small business.

How To Go Fully Passwordless in Azure AD (Entra ID) with FIDO2 and Azure CBA - create passwordless users in Azure AD

How To Go Fully Passwordless in Azure AD (Entra ID)

The only way to stop attackers from phishing your passwords is to remove them completely. Learn how to go fully passwordless in Azure AD (Entra ID). From setting up FIDO2 and Azure CBA to creating passwordless users in Azure AD, we cover it all.

What is Azure CBA and how to get started with Azure CBA

Azure CBA – What is it? Who Needs it? How to Get Started?

Traditional password-based authentication methods are no longer sufficient to protect sensitive company data and infrastructure. To address these concerns, Azure Active Directory (Azure AD) offers passwordless authentication to enhance protection and improve the user experience. Read on to learn more about Azure CBA and how to get started!

What's the difference between FIDO2 and Smartcard authentication?

Difference Between FIDO2 and Smartcard Authentication

When looking at passwordless authentication, the two most popular options are FIDO2 and Smartcard authentication, but what is the difference between the two? Which one should you use? in this blog we discuss the difference between FIDO2 and Smartcard authentication and which one is best for each scenario.

Unphishable and Phishing resistant credentials for Azure

Unphishable Credentials For Azure and On-Premises - Cheaper and More Secure than Password-Based Authentication

With phishing attacks on the rise, organizations are moving to phishing resistant /unphishable credentials to protect their organizations. However, extra security is not the only benefit; they are also saving money.

How To Enable Self Onboarding for Passwordless (FIDO2, Azure CBA, and Phone Authentication) In Azure

How To Enable Self Onboarding for Passwordless (FIDO2, Azure CBA, and Phone Authentication) In Azure

As more organizations move to cloud-based solutions, the importance of secure and compliant authentication methods has become increasingly critical. While passwordless authentication methods are the pinnacle of security, they have a reputation of being incredibly tedious to set up. Learn how EZCMS can help you improve security while removing onboarding friction with FIDO2, Azure CBA, and Passwordless Phone Authentication.

Manage access to Linux with EZSSH

Do Not Domain Join Linux VMs to Active Directory

While Domain joining your Linux machines to Active Directory might sound like a good way to do identity and access management for Linux at scale. Linux was not designed for this, and in the long term it will cause more issues than it solves. The solution SSH Certificates!

SSH keys cause data breaches

SSH - The Weakest Point In Your Infrastructure

SSH has become the weakest point in cloud security and hackers have noticed. Over the past few years we have seen an exponential increase of cyber attacks targeted to SSH. Organizations adopting zero-trust architecture must take a hard look at their existing identity management for SSH.

Azure Active Directory Login to Linux

Azure AD Login for Linux Machines is Here!

SSH Keys were designed for a time when SSH was protected by a strong network barrier. With today's zero trust world a stronger passwordless identity story is needed. This is why we created the first agent-less AAD based authentication for Linux endpoints.

How to rotate SSH Keys

The New Way to Rotate SSH keys is Here!

At cloud scale simple tasks such as SSH key management become exponentially harder to do. Large companies such as Lyft and Facebook have moved on to SSH Certificates time for you to make the jump too!

How SSH Certificates Work

How SSH Certificates Work

SSH has become a target in the latest round of security breaches. Learn how SSH Certificates are the best way to protect your infrastructure by removing the need of life cycling SSH keys and improving user experience.

SSH Certificates

Are you still using SSH Keys? Start using SSH Certificates today!

SSH Keys have been the security standard for the last few decades. Time to modernize with a more secure and easy to lifecycle solution SSH Certificates.