Duke University protects critical IT systems with the YubiKey

2FA required for SSH, RDP, and VPN access.

Industry

Education

Protocols

Yubico OTP, SSH, Remote Access, and VPN

Products

All YubiKey Form Factors

Deployment

Staff

Download Case Study

About Duke University

As one of the top U.S. research universities, Duke University consistently ranks among the best institutions for business, divinity, engineering, environmental science, law, medicine, nursing, and public policy education. The university is located in Durham, North Carolina and maintains several research and education programs around the world.



The need for reliable 2FA that’s easy to deploy and supports multi-protocols

In 2012, the Duke IT organization began looking for strong security methods to protect user accounts from threats such as phishing, keyloggers, and weak or stolen passwords. One of the key requirements was to find a strong two-factor authentication (2FA) solution that could be easily deployed across many user groups at Duke. Some groups use several systems and applications daily and typically login via SSH, RDP, or Shibboleth as many as 40 times per day. For these groups, typing in a one-time password (OTP) every time from a mobile app was simply not practical. Therefore, in addition to supporting a wide variety of applications with varying security protocols, the 2FA solution had to also be fast and very easy to use.


“The Yubico team has been very responsive to our needs and continue to provide excellent support for our implementation.” 

— Richard Biever, Chief Information Security Officer at Duke University


YubiKey simplifies secure authentication for security teams

Duke University implemented the first 2FA pilot with the security and identity management teams in late 2012. The YubiKey was quickly chosen as a key component in Duke’s two factor strategy because it allows users to securely authenticate with the touch of a button. The ease of deployment was also a major factor as well.

“When we began working with the YubiKey, we initially purchased directly from the Yubico web store. As our YubiKey user base continued to grow, we began purchasing in bulk orders and continued to add as time went by. Those using the YubiKey for two factor access appreciate the quick login capabilities,” said Richard Biever, Chief Information Security Officer at Duke University.



Duke maintains fully integrated, two factor security with YubiKey

Now the YubiKey is fully integrated with Duke’s primary two factor service and enabled with the Shibboleth infrastructure. Duke also extended YubiKey authentication to essential IT systems by requiring two-factor access via SSH, RDP, and specific VPN contexts.

According to Biever, the overall experience has been a total success: “The Yubico team has been very responsive to our needs and continue to provide excellent support for our implementation.”