Duke University protects critical IT systems with the YubiKey
2FA required for SSH, RDP, and VPN access
About our customer Duke University
As one of the top U.S. research universities, Duke University consistently ranks among the best institutions for business, divinity, engineering, environmental science, law, medicine, nursing, and public policy education. The university is located in Durham, North Carolina and maintains several research and education programs around the world.
The need for reliable 2FA that’s easy to deploy and supports multi-protocols
In 2012, the Duke IT organization began looking for strong security methods to protect critical IT systems and user accounts from threats such as phishing, keyloggers, and weak or stolen passwords. One of the key requirements was to find a strong two-factor authentication (2FA) solution that could be easily deployed across many user groups at Duke. Some groups use several systems and applications daily and typically login via SSH, RDP, or Shibboleth as many as 40 times per day. For these groups, typing in a one-time password (OTP) every time from a mobile app was simply not practical. Therefore, in addition to supporting a wide variety of applications with varying security protocols, the 2FA solution had to also be fast and very easy to use.
YubiKey simplifies secure authentication for security teams
Duke University implemented the first 2FA pilot with the security and identity management teams in late 2012. The YubiKey was quickly chosen as a key component in Duke’s two-factor strategy because it allows users to securely authenticate with the touch of a button. The ease of deployment was also a major factor as well.
“When we began working with the YubiKey, we initially purchased directly from the Yubico web store. As our YubiKey user base continued to grow, we began purchasing in bulk orders and continued to add as time went by. Those using the YubiKey for two-factor access appreciate the quick login capabilities,” said Richard Biever, Chief Information Security Officer at Duke University.
“The Yubico team has been very responsive to our needs and continue to provide excellent support for our implementation.”
Duke maintains fully integrated, two-factor security with YubiKey
Now the YubiKey is fully integrated with Duke’s primary two-factor service and enabled with the Shibboleth infrastructure. Duke also extended YubiKey authentication to additional critical IT systems by requiring two-factor access via SSH, RDP, and specific VPN contexts.
According to Biever, the overall experience has been a total success: “The Yubico team has been very responsive to our needs and continue to provide excellent support for our implementation.”