Equipped with a fingerprint reader, this security key has everything we need to finally get rid of passwords. Unfortunately, few services are compatible today.
Yubico recently extended its range of security keys with Yubikey Bio and Yubikey C Bio, respectively sold at 80 and 85 euros, its first models equipped with a fingerprint reader and a USB-A or USB-C connection interface .
Compatible with the FIDO2 standard, these keys can serve as a second authentication factor or – and this is a priori the most interesting use – to make connections without a password.
Let us recall here that the connection without password uses a set of cryptographic protocols of the FIDO2 standard. It is based on the use of public and private keys and the exchange of signed messages to provide access to online services.
With a classic Yubikey key, connecting without a password is not really without a password. To initiate the connection procedure, the user will indeed have to enter a PIN code that he defined when the key was initialized. This is a security measure to ensure the identity of the user and prevent a third party who would get their hands on the key from being able to connect to the service.
With the Yubikey Bio key, this constraint disappears, because the PIN code is replaced by the reading of the fingerprint. We tested this key with a Microsoft account and it turns out that the connection is smooth and really without a password. No code to enter, a real treat.
In the event of loss of the key, one should not have anxiety either. The fingerprint template is stored in a dedicated secure element, different from the traditional secure element. The chances of a hacker being able to access biometric data are therefore very low.
The initialization of a Yubikey Bio key is also quite simple and can be done in three different ways.
On Windows 10, just go to the system settings, then to “Accounts → Connection options → Security key”.
On macOS, Linux and Chrome OS, you can go through a similar option in the Chrome browser.
The Yubico Authenticator app should also allow key setting, but strangely the option was not available when we tested it.
In the end, Yubikey Bio turns out to be a particularly elegant and secure solution for making connections without passwords. Unfortunately, the number of mainstream online services that allow this kind of procedure is still far too low.
To our knowledge, only Microsoft services can be used in this way by an individual. Yubico, moreover, knows this very well and focuses above all on business users. In the professional world, there are a little more “passwordless” services.
Also to discover in video:
Note that Yubikey keys do not allow you to unlock a Windows workstation without a password, as you can do with Windows Hello. Some models can be used as a second authentication factor, as long as you use a local account. But this is not the case with Yubikey Bio.
In short, for anyone, buying a Yubikey Bio is therefore of little interest today. While doing so, it is better to turn to a Yubikey 5 / 5C NFC, which is cheaper and richer in features.