Centrify and Yubico Partner to Bring Context-Based Adaptive Authentication to the Enterprise

Have you ever reported to the police that someone else’s car was stolen or burglarized?  You haven’t?  Certainly you have heard a car alarm.  Why did you fail to act when the car alarm sound blared into your ears?  Hint: almost no one believes car alarms and so we are lulled into a false sense of security. Where this false sense of security has reached epic proportions is in our collective security for our digital identities. We use passwords so we think we are safe, but we are already compromised and don’t even know it!

username password

Business employees are using more varied devices than ever, to access ever-growing numbers of cloud and on-premises apps — each with their own username and password. With so many credentials to remember, we resort to reusing simple passwords across apps and devices.

Given the massive amount of credentials that have been compromised in the recent past, it’s safe to assume that every password has been stolen, and made available to attackers.

So What Can We Do?  

  1. Become Luddites and completely unplug from all networks — very safe, but low productivity from using communications mediums like carrier pigeon and hand delivered messages.

Project-Luddite            carrier-pigeons

card reader2. Insist on multi-factor authentication everywhere — multi-factor authentication reduces the risk of compromised credentials, but is often too cumbersome for end users, or — in the case of smart cards — requires dedicated readers on all end-user devices.

3. Use Centrify Identity Service + Yubico YubiKeys = easy to use MFA everywhere —  a login can be as simple as plugging the YubiKey into your device and typing a PIN (smart card login), in order to gain access to a Centrify Identity Service secured cloud application. In other cases users may make use of NFC merely touch the YubiKey against their mobile device for quick and easy authentication to apps, servers, and more. Enrollment is streamlined, and policy is created simply and enforced across all business users by Centrify Identity Service.

YubiKey 4 in use

How do Centrify and Yubico do this?

PrintYubico and Centrify provide context-based, adaptive authentication across enterprise users and resources. Whether it’s for PIV-based authentication, OATH One-time passwords, or as a physical NFC token for mobile devices that are secured by Centrify Identity Service — Centrify and Yubico provide IT the flexibility to enforce security without user frustration.

Centrify Identity Service can leverage the Yubikey as authentication factor(s) for use cases such as:

  • Smart card AD-based log in to Mac or Linux
  • Re-authentication for privilege escalation on Windows
  • Smart card login to Centrify’s cloud service for SSO, Secure Remote access, or administration
  • Yubikey OATH OTP for as a second factor for secure SSO to individual cloud applications, or to a portal of cloud apps
  • Yubikey as OATH OTP for MFA to servers for privileged session control
  • Yubikey as physical NFC token for MFA to secure access to apps on mobile devices

Centrify-Yubico Partnership

yubico centrifyCentrify is proud to be partnering with Yubico and we look forward to working with the Yubico team at our existing joint customers and on those to come.  The two companies have come together at the Executive, Product, BD, and sales level for mutual benefit. See here for Yubico’s announcement on our partnership. In working with Yubico customers and their technical teams, Centrify got some great feedback on extending Centrify Identity Service to cover more customer requested use cases. Yubico has been great to work with and here is their endorsement of Centrify as a partner,

“Centrify is the first IAM to support multiple authentication protocols (smart card PIV and OTP) available on the YubiKey, this provides the flexibility to work in a variety of environments with different authentication requirements using the simplicity of the YubiKey.”  

-Jerrod Chong, VP Solutions Engineering, Yubico

What does this really mean?

Centrify and Yubico together can stop hackers from compromising credentials, and by adding in context-based MFA, you can stop a hacker with a compromised credential from doing any damage. Centrify and Yubico give IT and users the largest variety of options for enforcing strong authentication covering a large number of the most important use cases. This means we can finally protect every significant connected resource by requiring context based MFA with many easy to use methods for users to provide those multiple factors. To implement this today you will need to sign up for a subscription to the Centrify Identity Service and buy yourself some YubiKeys. This is one of the best ways to prevent the bad guys from ever getting past a compromised credential as this kind of hack will not work as the hacker cannot provide the correct additional factors of authentication, but your legitimate users can do so easily.

Protect your company today with Centrify and Yubico — to learn more please visit: