HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and applications.
$3.75
per user per month
Yubico YubiKeys
Score 9.4 out of 10
N/A
Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and delivers users authentication with a simple touch or tap.
During the onboarding process, remote workers can enroll their fingerprints or create secure PINs. This eliminates the need for complicated passwords and enables them to safely access company resources and critical apps from remote locations. HID DigitalPersona's robust authentication techniques and access control features can assist you in adhering to data security laws.
When I used it as an engineer for a software company a few years ago, I would be able to continue doing work on the train ride into and out of the office. So that was an extra hour, two hours a day that I was able to access our systems and still be able to continue to work. So that was a lot of fun. Well, I don't know if stay fun, but it was nice to be able to have the access, not have to be connected directly to the corporate network.
I think the best thing is it has a lot of capacity and it's very, very secure. It can store a lot of private keys versus all the other products. We have reviewed a few other products, but Yubico YubiKeys gives a lot more capabilities than some of the other security key brands.
Multiple domains - DigitalPersona struggles with multiple domains. Since the solution is licensed per domain, migrating users between domains can be troublesome to keep licensed. Additionally, migrating to a new domain removes the AD leaf objects that store all digital persona information, essentially wiping out and credentials or other stored information.
Password change - DigitalPersona can be confusing to update when a stored password for a website is updated. The password is entered, and then the user is redirected to the websites password change page. Users must then authenticate with a Digital persona credential again before being prompted by Digital Persona to update the password. If the user is allowed to change the password manually through the websites page, this will lead to what is stored in Digital Persona being out of sync with the new password, and eventually account lockouts.
Terminal Server - DigitalPersona has performance issues when utilized on a high-traffic terminal server. Often it causes big CPU spikes as well as hanging sessions upon disconnect.
It can be about access control because either right now it's just you have access or you don't have access. I think there can be a use case where you are allowed a particular set of servers and not a particular set of servers. I think maybe it's there or we don't use it, but I haven't seen that. I think I've used Yubico YubiKeys at two companies and I haven't seen that. Maybe that's something that can be added.
It is wonderful for multifactor authentication and gives us many options for what we use to authenticate. All of our users use it and it is engrained into our group policies and people would be very disappointed if it went away.
As for implementing YubiKey its simple so I don't see us using anything else as we have experienced no issues so fare. Adding these to our environment is still new for us currently but in the transition phase I only see us buying YubiKey. It is highly rated and well known and cost is reasonable so no need to find another solution.
I think there are still fundamental enhancements needed to be added to the management consoles and I think there ought to be a Centralized, Windows Based "Thick" Management Application instead of individual utilities which vary from MMCs, Scripts, Wizards, etc.
I give slightly better than average rating because of the complexity in using a Yubikey. It is not as easy as native push notifications for 2FA products, however, it provides much better strength. Rating this higher or lower would be a disservice to people reading this review. If you are in the market for a hardware 2FA tool, Yubikey will be a great asset in your toolbox.
We have not experienced any issues with availability which is very important when you are dealing with a company that holds the keys to the gate. We have had more issues with availability from our SaaS providers before with authentication but that was on their end. YubiKey has worked every time for us over the course of the last 6 or so months we began testing phase.
We have not seen any lag in loading pages and getting into systems or sites. In comparison to other 2FA and MFA options it is actually faster most of the time to authenticate due to not having to type in. We require users to have long passwords and when there is an option given for password less they jump on it with excitement. As we explore going password less on their PC's the YubiKey is going to make their lives a lot easier to access the resources they need.
Extremely poor; I've never encountered such. Professional Services completely dropped us for months. Crossmatch tech support seems like it has 3 techs tops! No response to emails, calls, the absolute worst! I will never recommend DP to anyone.
Could use tools to audit license usage at a more granular level as to allow an administrator to free up licenses from users whom seldom use their biometrics to login.
I figured it all out on my own with the excellent product documentation provided by Yubico. I even managed to produce a backup YubiKey in case I lost my frequently used one. This was crucial when I temporarily lost the original.
We evaluated Cisco DUO but ultimately chose HID because of their support for biometrics. With DUO every user would have to have the authentication app on their personal phone and pull it out each time they had to log in. We definitely did not want this for our frontline staff as it would slow the process way down
We used to use something from Okta that has I think a passwordless authentication or readily get a notification that's an alternative, but it's software, not hardware. That's the other thing I would say. We have tried nothing else on the hardware side. Its hardware token, ease of use, easy integration, more reliance on an external device like a phone or something. If your phone gets lost, then you are worried about your multifactor, no problems with this device.
For us I feel like the ease of deployment has made this product very appealing, overall this will make the scalability very easy for us to push out once we roll out to our users and the management tools that we have looked at will make the admins like me happy as it is clear and easy to use. The rollout process looks to be very straight forward from the demos that we have looked at regarding the enterprise tools.
Provides a quick one finger authentication\log-on.
Logging onto a machine that is used by several other users, such as in retail is no problem because the DigitalPersona software does a switch user function instead of logging out the other user.
One negative that was apparent immediately after installing the DigitalPersona software was that users very easily forgot their Windows passwords because of the one finger log-on.
I think it's the flexibility in being able to let users pick the type of authentications that they want to use. Some are comfortable with the touch device on the physical Yubico YubiKeys. Others prefer the mobile app. So it provides flexibility for our users to choose how they want to authenticate without running a file of our security requirements.