Securing your online identity and data has never been more crucial. Passwords alone are no longer considered secure, and organizations worldwide are moving towards passwordless authentication methods. One such method is using hardware tokens like YubiKeys and the FIDO2 protocol. This blog will guide you on enabling YubiKeys and FIDO2 as authorization methods for Microsoft Office 365 apps on macOS or iOS.
There are three primary passwordless authentication methods: FIDO2, Smartcard, and Microsoft Authenticator App. Although the Authenticator app is a step forward from passwords, it is not entirely unphishable as users can be vulnerable to push notification fatigue and social engineering attacks. On the other hand, FIDO2 and Smartcard use a hardware key and a pin or biometric check, making them very similar and highly secure. Although Microsoft has been promoting FIDO2 authentication, it is not yet compatible with many cloud management tools such as Azure PowerShell and MSAL applications; however, using a modern CMS like EZCMS allows seamless onboarding of users to both FIDO2 and smartcard identities, automatically selecting the best option for each scenario.
Check out this webinar to learn more about the differences between these three methods:
One of the most confusing messages from Microsoft about passwordless authentication surrounds iOS support. Last month, they released a blog announcing FIDO2 support for iOS devices; however, it is only for browsers, meaning that for the native applications you can still only use Azure CBA.
EZCMS, formerly known as EZSmartCard, is a modern CMS that simplifies the complex PKI setup and management, enabling self-service onboarding, account recovery, and seamless hardware token distribution worldwide. With the recent addition of FIDO2 and Passwordless Phone Onboarding for Azure AD, EZCMS has become the first Microsoft Partner to offer easy access to all three passwordless authentication methods. It solves the chicken-and-egg problem of authenticating a user before they have an online identity for remote users, reduces password reset calls by up to 92%, and provides a seamless and secure remote onboarding experience.
To get started with passwordless authentication using EZCMS, follow these steps:
1) Set up a free assessment with an identity expert to learn more about how EZCMS can help your organization stay secure and compliant in the age of remote work.
2) Follow the instructions in this video playlist to set up EZCMS in Azure.
3) Once EZCMS is set up, users can easily create a new passwordless method by using their existing Azure AD identity or by scanning their face and government ID to validate their identity.
4) Begin using any of the available passwordless authentication methods.
For organizations looking to offload the responsibility of key distribution, schedule a demo and ask us about our managed YubiKey distribution service.
Losing your YubiKey might sound like a nightmare, but with proper design it is a non-issue. The cryptographic keys on the YubiKey are protected by a PIN that, after a few tries, will be blocked, rendering the YubiKey useless to anyone who finds it. Additionally, if you are using a CMS, you can report the YubiKey as lost, and the CMS will contact your identity provider to revoke the FIDO2 keys and any certificate on that YubiKey. While Yubico recommends having an extra YubiKey, using a laptop with Windows Hello for Business or a phone with Microsoft Authenticator App can work as a temporary smartcard until you receive a new YubiKey. With EZCMS, you can also use your government ID and face to register your new YubiKey.
Passwordless authentication is the future of online security. By using YubiKeys, FIDO2, and a modern CMS like EZCMS, you can ensure that your organization stays secure and compliant, even in the age of remote work. If you’re ready to take the leap into a more secure future, set up a free assessment with an identity expert today and start your journey towards a passwordless world today!