I'm looking into FIDO2 USB tokens for Office 365, especially for users who aren't comfortable with Authenticator apps. The more affordable options seem to allow weak PINs like '1111' or '1234'. Does anyone know of tokens that enforce better PIN complexity while also being easy to distribute without needing centralized management? Ideally, I want to buy them in bulk and hand them out as needed. Thanks!
4 Answers
Have you looked into Token2 devices? They could be a good option to explore for your needs.
I think the issue of users not wanting to use Authenticator apps is more of an HR thing than a tech issue. Offering them a FIDO2 key could be a solid solution from a tech perspective, though!
You might also want to consider using a user certificate as a multi-factor authentication method for M365. It's another layer of security worth checking out!
Check out the Yubikeys! They have a PIN complexity policy detailed on their website. However, just a heads up: some of the Yubikeys with older firmware like 5.7.1 don’t enforce this complexity, and it's unclear if the ones you can buy are subject to specific standards—might want to source them directly from Yubico for assurance.
Yeah, we tested some Yubikeys from Amazon and noticed the same issue! It's so confusing where to actually buy them from.
For sure, the tech has to support the user's comfort level. It's all about finding that sweet spot!