22 Oct 2023
2FA and MFA (Two-Factor Authentication and Multi-Factor Authentication) are some of the best ways your organization can protect users’ accounts without going passwordless (though we at Keytos are massive proponents of passwordless authentication – just take a look at this blog on the problem with passwords to see why). Some of the best ways to implement MFA are hardware keys (such as YubiKeys) and apps (such as the Microsoft Authenticator app). While these MFA methods are fantastic, they have one glaring flaw – as physical devices, they are able to be lost. It is not hard at all to imagine someone losing their YubiKey or their mobile device somewhere, somehow – so, what happens if an employee loses their device?
“What if I Lose my YubiKey?”
We’ll keep our fingers crossed that neither you nor your organization will ever have to deal with lost YubiKeys, but something like this is almost inevitable. So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can’t create a backup YubiKey, you can always contact Yubico to get a replacement key.
The YubiKey Advantage
Hardware keys are so great because they come on unidentifiable USB sticks. What that means is, should anyone find a lost YubiKey that doesn’t belong to them, they can’t figure out what device it corresponds to. How’s that for security?
With YubiKeys, your organization’s IT department can determine if and how an employee who lost their key can recover it – unfortunately, certain recovery methods are more high-risk than others. Often, the easier it is to recover a lost YubiKey, the less secure the recovery method is. It’s vital that your organization takes into account the balance between easiness and secureness before deciding on a YubiKey recovery strategy.
How EZCMS Helps with Lost YubiKeys
One reason EZCMS is the best CMS for Azure is because it can be a great help when someone in your organization inevitably loses their YubiKey. When you declare a YubiKey as lost, EZCMS will revoke all of your certificates, your FIDO key, and will make the lost YubiKey practically useless.
EZCMS also helps with getting a new YubiKey! Once you get a new YubiKey, EZCMS allows you to self-onboard – EZCMS employs industry-leading face recognition and government ID scanning technology to verify user identities.
“What Happens if I Lose my Microsoft Authenticator Device?”
Most people’s Microsoft Authenticator device of choice is, logically, their cell phone. Microsoft knows this. That is why Microsoft allows users to choose a new Authenticator device via a backup code that is sent to them. With this, if someone loses their cell phone (or whichever device they use for the Microsoft Authenticator app), they can still recover their account and switch devices.
Ultimately, there are very few ways for someone to truly and wholly lose their Microsoft authentication. So long as they are able to conduct the recovery process, they can use their authenticator, and even if they are unable to get back into the app, they can typically find a way to reset their account.
How EZCMS Helps with Lost Microsoft Authenticator
Usually, if you lose your Authenticator device, you have to call your IT helpdesk and request a TAP; however, with EZCMS, we can identify your face and your ID to onboard you without ever having to bother the lovely folks over at IT, saving everyone time, money and headaches.
Want to learn more about how EZCMS can help your organization? Check out how it works or schedule a FREE consultation with one of our passwordless experts today!
You Might Also Want to Read
FAQs
So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can't create a backup YubiKey, you can always contact Yubico to get a replacement key.
What should I do if I lose my YubiKey? ›
If you lose your Yubikey, you can still use your phone authenticator app, but you cannot create a backup Yubikey. However, Yubikey also provides methods to recover your account, so you can get a replacement. An advantage to Yubikey is that it comes on a USB that cannot be identified.
What happens if you lose your USB security key? ›
What happens if I lose it? When you set up your security key, you also set up backup methods you can use in case you lose your key. These include an authenticator app that lives on your phone, and a set of printed one-time recovery codes.
What happens if YubiKey is damaged? ›
What do I do if I lose or break my yubikey? A. You will need to submit a work order to IT to replace your yubikey. Your account will be moved into a temporary group so that you can access your applications while waiting to receive the replacement key.
What if I lost my Fido key? ›
What happens if I lose my FIDO key? It is important to have a back-up means of authentication in case a key is lost. A second FIDO key can usually be registered with services, and kept as a back-up. When registering with services, alternative though less convenient authentication methods may also be enabled.
What is the lifespan of a YubiKey? ›
A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites. Portability: I have a smartphone, a work laptop, a home laptop, and a home desktop. My Yubikey has USB and NFC, so it can trivially be used with all of them.
Can YubiKey be cloned? ›
Please note that for security reasons, the firmware of our products does not allow stored secrets to be read, meaning it is not possible to “clone” or "duplicate" a YubiKey.
What happens if you lose a hardware key? ›
If you lose your security key or simply forget it, most applications and services offer an alternate way for you to authenticate your identity. However, it's important to note that each application has its own policy when it comes to losing your security key.
How do I get a copy of my security key? ›
I have a security key, can a locksmith cut the key? If the locksmith has supplied the key, he may be able to provide you with a copy, but it depends who has originally registered the key, such as the owner, letting agent or landlord.
How can I find my security key? ›
Windows
- Click the Search button and type “control panel” into the search bar, then click Open.
- Choose Network and Internet.
- Click Network and Sharing Center.
- Click your Wi-Fi network name.
- Click Wireless Properties.
- Choose the Security tab, then click the Show characters checkbox.
Leave a Nano Key Plugged In
If it's your first time using a YubiKey and you're used to Touch ID, we suggest using the Nano key and leaving it plugged in. If you're working from home, you can leave it plugged in.
How expensive is a YubiKey? ›
The TL;DR here is that the cost of a YubiKey is anywhere between $25 for the Security Series and $95 for the YubiKey FIPS series.
Can someone hack YubiKey? ›
While YubiKey is designed to be secure, it is not immune to attacks. There have been instances where YubiKeys have been hacked or compromised. Common attack vectors on hardware keys include physical attacks, side-channel attacks, and firmware vulnerabilities.
Can a private key be recovered if lost? ›
For more information about Private Key, see What is a Private Key? 🚨 The Private Key is only generated once and cannot be recovered if lost. It is important to securely save and store your Private Key.
Is YubiKey safer than Google Authenticator? ›
Yubikey Authenticator boasts a higher level of security compared to software-based solutions. It can be used across multiple devices and even offers the convenience of passwordless login. However, it does have some drawbacks. Unlike Google Authenticator, Yubikey Authenticator lacks the ability to transfer backups.
What happens to passkeys if you lose your phone? ›
What happens if a user loses their device? Passkeys created on Android are backed up and synced with Android devices that are signed in to the same Google Account, in the same way as passwords are backed up to the password manager. That means user's passkeys go with them when they replace their devices.
What happens if I forget my YubiKey PIN? ›
IF YOU DO NOT KNOW YOUR CURRENT PIN:
Please contact the Service Desk to reset your PIN. There is a YubiKey Manager app. However, after evaluation, we do not recommend using it as it runs the risk of wiping data from your device.
How do I deactivate a YubiKey? ›
Step 1: Click on the Account & Security page from the profile icon drop-down menu. Perform a login if prompted. Step 2: Click on the Settings button next to YubiKey Authentication. Step 3: Click on the Remove button, as shown in the figure below.
How do I reset my YubiKey for a new user? ›
Unplug the YubiKey once and then plug it back in via the USB port. Touch the YubiKey on the sensor (golden area) twice within 10 seconds to confirm the reset. The YubiKey has been successfully reset. Afterwards, if necessary, you can set a new PIN again using the Security Key PIN function.
