Evaluating the right 2FA solution
With future plans for deployment, it was important for CERN to select an authentication solution that was simple to use and could easily integrate into various systems. The organization adheres to a BYOD (bring your own device) policy, so flexibility to work with multiple operating systems including Linux, Mac OS, and Windows, was a key consideration for the organization. The goal was to be able to deploy a solution for all users with minimal backend requirements.
Given the impossibility to have one silver bullet in CERN’s academic environment, CERN reviewed several authentication options for users. They also wanted to consider a hardware authentication device for added convenience. Smart cards were initially considered, but they were too difficult to integrate due to the need for drivers, and expensive readers.
In looking for a simple and robust solution, the CERN team selected the YubiKey, which met all of the pre-established usability and integration criteria.
The YubiKey could easily integrate with any existing system or client, and seamlessly provide protection to the user by just one touch of the key. This made the YubiKey easy to deploy from the user perspective. Not only did this eliminate the need to change anything about the devices, or systems used by employees, but it also allowed CERN to maintain their own deployments on the server side.