ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Hands-on review: Yubico's YubiKey Bio brings no-nonsense biometrics to 2FA

By Sara Barker
Wed 10 Nov 2021

In 2007, Swedish company Yubico launched the YubiKey 1.0, a one-time password hardware key. Its purpose was to offer a portable authentication key that works across different services. Since then, Yubico has produced many iterations of the YubiKey, including one of the most recent products, the YubiKey Bio. 

Form

The YubiKey Bio measures just 4cm long and 1.3cm wide and looks similar to a standard USB stick. There is a round fingerprint sensor in the middle of the device, otherwise, the design is unassuming and understated.

The device is simple to use and set up. Available in USB-C and USB-A, and it also has a hole so you can store it on a keyring or lanyard if preferred.

Function

The YubiKey Bio supports “biometric login on desktop with all applications and services that support FIDO2/WebAuthn/U2F”.

A quick rundown of those acronyms: FIDO2 is a framework that aims to move the world beyond passwords to other methods of authentication, like two-factor authentication (2FA), tokens, biometrics, to name a few. WebAuthn is a browser API that supports secure user authentication. It is supported by Google Chrome, Microsoft Edge, and Mozilla Firefox. And U2F is a standard for 2FA.  Basically, the YubiKey can work for authentication across any service that supports FIDO2/WebAuthn/U2F.

While The YubiKey Bio works perfectly well for home consumers who want to add a hardware-based authentication method to their social account logins, it’s clear that the YubiKey Bio is geared more towards business users and cloud-first or desktop login environments, particularly as it “works out-of-the-box with Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory and Microsoft 365, Okta and Ping Identity.” 

"Use cases are for authentication to services on shared workstations and mobile restricted environments The YubiKey Bio can be used wherever FIDO2 or FIDO U2F authentication is available. For mobile devices requiring NFC, we recommend using the YubiKey 5 NFC or YubiKey 5C NFC," says Yubico's APJ director solution engineering, Alex Wilson.

The YubiKey Bio works across platforms including Windows, macOS, Chrome OS and Linux. I used Windows 11 as my testing platform and found that Windows Security controls the dialogue boxes instructing you to insert or touch the YubiKey, set up fingerprints, and a PIN. This is because it supports native biometric features. But it's important to note that currently, the YubiKey Bio does not work for local PC logins.

Wilson explains, "Simply put, Microsoft Windows 10 and 11 offer inbuilt support to manage external authenticators such as ours, but as yet do not allow you to use them for local login into the platform. If you are using Azure Active Directory or Office 365 products then you can use the YubiKey Bio to log in to those services," he says.

He adds, "Multi-factor options in Windows Hello do create some confusion. There are two different flows to use a biometric identifier depending on what type of biometric reader you have. Some types of laptops include a biometric sensor with the keyboard. In those cases, you can use the fingerprint icon in Windows Hello to use it. The other flow is truly a portable option. The biometric is enabled by selecting the “security key” options in Windows Hello. The difference is that the security key (YubiKey Bio) stores your fingerprint which makes it more secure and more portable as it can be used on any supporting device."

The YubiKey Bio's genius really shines when it comes to apps. It works easily with apps including Outlook, Gmail, Facebook, Dropbox and Office 365. Yubico also has a 'Works with YubiKey' catalogue which lists all compatible apps - just make sure to filter by security protocol FID)2/WebAuthn and the YubiKey Bio series.

My first test involved browser-based authentication for Gmail. My Gmail is already set up with two-factor authentication. If yours is not, you will need to do this before you can begin. (Simply go to security, 2-step verification, ‘show more options’, and select ‘security key’.) I went through a similar process for other platforms including Twitter, Facebook, and Outlook. It's fast, and it's easy. Voila, 2FA at the touch of a YubiKey.

Every time I need to log in, I simply go through the 2FA process. For the biometric authentication, I simply touch the YubiKey, complete my other authentication method, and I’m in. If, after three attempts, the YubiKey doesn’t accept my fingerprint, I just enter a PIN, much in the same way that my phone does when I try to unlock it with wet fingers.

I note that Yubico also offers the Yubico Authenticator app, which is not a mandatory piece of software (the YubiKey is designed to work with no additional hardware or software). I was curious to see what additional features it provides.

Wilson explains, "The Yubico Authenticator is a user-based application to support YubiKey functions, which now include the ability to register fingerprints, view what services (Office 365, Facebook, etc) have been registered with the YubiKey Bio and reset the YubiKey Bio."

Verdict

The YubiKey Bio will doubtless be compatible with more platforms as FIDO authentication protocols become more common.

"The number of online services and common applications that are supporting FIDO2 and FIDO U2F client authentication are increasing over time. The FIDO2 protocol continues to be enhanced with additional management features and platform support being added. The FIDO U2F protocol has been available since 2014 and was launched within GSuite applications at that time. This was then closely followed by Facebook, Dropbox and others thereafter," Wilson adds.

It’s easy to use and a no-fuss way to make multi-factor authentication painless and simple and a recommended security tool for businesses and consumers alike.

Related stories
Top stories
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Broadband
Telstra enters into new RSP agreement with Opticomm
Telstra has entered into an RSP agreement with Opticomm (A Uniti Group Limited subsidiary) to provide network fibre services to customers.
Story image
Ransomware
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Ransomware
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Story image
Cybersecurity
BlackBerry offers Kaspersky replacement cybersecurity for the channel
BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
Cybersecurity
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Workato
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Digital Transformation
Pluralsight and Ingram Micro Cloud team up on cloud initiative
Pluralsight has teamed with Ingram Micro Cloud to build upon cloud competence and maturity internally, and externally support partners’ capabilities.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
Microsoft
New Relic enters multi-year partnership with Microsoft Azure
New Relic has announced a strategic partnership with Microsoft to help enterprises accelerate cloud migration and multi-cloud initiatives. 
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
Fintech
Airwallex launches new bank feed integration with NetSuite
Airwallex has launched a new bank feed integration with NetSuite, developed in partnership with NetSuite solution partner, Onlineone.
Story image
Cybersecurity
Noname Security partners with Netpoleon to target API issues
Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
Story image
Gaming
PNY launches XLR8 Gaming EPIX memory products in A/NZ
PNY has launched its XLR8 Gaming EPIC-X RGB™ DDR4 Silver 3200MHz and 3600MHz memory products in Australia and New Zealand.
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Testing
Google and CSIRO use AI to help protect the Great Barrier Reef
Google has partnered with CSIRO in Australia to implement AI solutions that help protect the Great Barrier Reef.
Story image
Cybersecurity
Infoblox's State of Security Report spotlights Australian remote work hazards
Attackers exploit weak WiFi, remote endpoints, and the cloud, costing 50% of organisations over $1.3 million in breach damages.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
WolfVision
WolfVision announces new range of visualisers
WolfVision has announced a new range of visualisers to help meet multiple industry demands for remote learning and educational solutions.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
Remote Working
Australia’s remote workers face connectivity and security issues
SOTI's new report finds better video conferencing technology and improved security measures are top concerns for remote workers in Australia.
Story image
Apple
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Phishing
KnowBe4 celebrates reaching 50,000 customers worldwide
KnowBe4 has reached the milestone of 50,000 customers, adding nearly 2,500 in the first quarter of 2022 alone.
Story image
Telstra
Telstra, Google and Accenture launch 5G AR experience for AFL
Telstra, Google and Accenture are developing a new 5G powered augmented reality (AR) experience at Melbourne's Marvel Stadium for the footy season.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Mobility
Tyson Beckford partners with Element Case on new AppleWatch band
Celebrity Tyson Beckford has collaborated with STM Brands' Element Case brand to create a rugged new accessory.
Story image
Gaming
Hands-on review: WD_Black SN770 NVMe SSD Game Drive
Western Digital expands its WD_Black range of NVMe solid-state drives with the WD_Black SN770 Game Drive.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
PaaS
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Story image
Alteryx
Decision Inc. Australia enters partnership with Alteryx
Independent data and analytics consultancy Decision Inc. Australia has partnered with automated analytics company Alteryx, expanding its offering to clients.
Story image
Manufacturing
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Artificial Intelligence
SAS announces new products amid cloud portfolio success
Analytics and AI company SAS is deepening its broad industry portfolio with offerings that support life sciences, energy, and martech.
Story image
Data solutions
South Australia state satellite makes significant progress
South Australia’s first state satellite has successfully completed the Critical Design Review (CDR), moving it closer to providing tangible data solutions.
Story image
ChildFund
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
trust
9/10 Aussies to stop spending if personal data compromised
"Based on the patterns we are seeing among Australian consumers, it is evident that trust in a brand is exceptionally important."
Story image
Wireless
Cradlepoint expands its Cellular Intelligence capabilities
Cradlepoint has announced additional Cellular Intelligence capabilities with its NetCloud service.
Story image
Application Performance Monitoring / APM
Why SolarWinds Partners will have big wins in 2022
We summarise the key recent changes that the monitoring software vendor has made to accelerate its channel business.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware.