A New Era for Hard Tokens: Okta and Yubico Make Strong Authentication Easy

If you’ve seen Okta’s Best Of 2015 report we published in late December, you know that all signs point to 2016 being a banner year for all forms of strong authentication. As our data so clearly shows, the classic security question is on its way out and providers of new authentication methods (including our very own Okta Verify with Push) are making moves within organizations looking to better protect access to user accounts.


The hard token category in particular is one where we’re seeing rapid innovation and a growing array of use cases. And while all vendors may not be on the same path, a number are turning heads with their cost-effective, user-friendly options. That innovation is a big reason why we’re forming partnerships with leaders in this area to develop a simple, easy-to-deploy, hard token-based authentication method within Okta Adaptive Multi-factor Authentication (MFA), helping companies boost security without driving their people absolutely crazy.

One such partner is Yubico. They make YubiKeys, hardware devices that easily and securely authenticate users with a simple touch to trigger a unique one-time passcode – with no user entry required. YubiKeys are durable and convenient, and with many companies asking for hard tokens to secure user accounts and information, we’ve partnered with Yubico to provide an inexpensive hard token capability that fulfills a set of internal and external MFA use cases complementary to those we already solve.

Yubico enables MFA for situations in which smartphones or SMS-based messaging aren’t an option, which is necessary for professionals who do not or cannot use smartphones in the workplace. Whether it’s due to department policies, complex reimbursement processes or other operational and legal challenges, many companies (or certain departments within larger entities) want to incorporate an additional security factor without requiring an iPhone or Android device. Okta and Yubico work together to make it simple for those groups and whole companies to incorporate strong authentication, no matter their device policy.

We’re already seeing YubiKey deployments within a number of joint customers, most notably, LinkedIn. LinkedIn uses YubiKey with Okta Adaptive MFA, making it fast and easy for users to authenticate with YubiKey and securely access applications within Okta. All they need to do is simply press on their YubiKey hard token to emit a new, one-time password to log into their accounts. That’s it.

The Next Generation of Authenticators

Our work with innovative companies like Yubico, alongside our native MFA offerings, allows us to offer comprehensive strong authentication methods for organizations of any size or complexity. What’s more is that these formal partnerships — and other alliances such as the FIDO Alliance, of which we’re both members — further our collective ability to contribute expertise, to improve methods and define standards for the next era of authentication.

We’re already seeing glimpses of a future in which we’ve rid ourselves of broken passwords and security questions, and instead, things that we possess (phones, watches, purpose built authenticators) and things that make us individuals (fingerprints, irises, voices) become the primary form of authentication. It’s a future in which more companies than ever use strong authentication within their workforces. We saw a 40 percent increase in customers using MFA in the past 12 months and expect that number to be even bigger in 2016.

For more information about Okta Adaptive MFA and how you use Yubico as a factor, please visit https://www.okta.com/products/adaptive-multi-factor-authentication/.