I'm looking for recommendations on USB FIDO2 tokens suitable for use with Microsoft 365. We have users who are hesitant to use Authenticator apps, and I'd like to find options that enforce strong PIN complexity. I've noticed that some of the cheaper FIDO2 tokens allow very simple PINs like 1111 or 1234, which isn't ideal. Ideally, I'd like tokens that can be purchased easily, without the need for centralized management. Any suggestions on tokens that fit these criteria?
4 Answers
You might also consider using user certificates for multi-factor authentication in Microsoft 365. It's another option that could work alongside or instead of hardware tokens.
Check out Yubikey! They have a PIN complexity policy, which is a good start for keeping things secure. However, make sure to verify if the specific model you’re getting has this feature, as some versions might not enforce pin complexity even if the specs say they can.
I wonder if the issue with users not wanting to use Authenticator is more of an HR challenge than a technical one. Sometimes, just giving them a FIDO2 key can be a good workaround for that problem.
Totally agree! It seems like the tech could help resolve some of those concerns.
Have you looked at Token2? They seem to have some solid options worth checking out.
I found out the Yubikeys we tested don't have that enforcement with the current firmware. Do we need to get them from a specific place?