2FA – not just for employees, but vendors as well

Versasec ecosystem showcase

Protecting your organization from a potential data breach starts with providing secure two-factor authentication (2FA) for all employees. Once employees are protected, you need to think about vendors and third parties that have access to your network, customer files, and other sensitive data. Do they have the appropriate protections put in place?

According to a recent Google study, 3.3 billion user credentials were exposed by third-party breaches from March 2016 to March 2017. For example, Target was the victim of a big data breach in 2013 that started when their HVAC vendor’s credentials were compromised. Breaches through third party vendors can be greatly reduced or completely avoided by mandating use of 2FA in order to access your systems.

The use of 2FA is one of the most powerful and well established techniques for strengthening credentials. It’s been around since the 1970s with the introduction of smart card technology —  although, deploying and managing 2FA with smart cards has historically been cumbersome. Since then, smart card 2FA has advanced with new, easy-to-use technologies such as the YubiKey and Versasec.

versasec logo
Ecosystem Showcase: Versasec

Together, these technologies allow organizations to quickly increase security. Not only can enterprises mandate 2FA for employees and third party vendors, but they can also manage each user’s level of access and revoke it as needed by utilizing Versasec’s secure identity & access management solution. Versasec eases the deployment of 2FA with smart cards for organizations of any size by enabling admins to issue and manage user credentials. Users are then able to easily and securely authenticate to enterprise systems from across the cloud to SasS and on-premise applications..

With Versasec’s vSEC:CMS, enterprises can provision a YubiKey for each user, letting them quickly authenticate for login, secure email, or code signing and more with a simple touch using their YubiKey as a PIV-compatible smart card and reader. vSEC:CMS also allows the user to securely unblock their pin or load new certificates on their YubiKeys. Administrators can manage, revoke or renew all registered YubiKeys using the vSEC:CMS. The ability to centrally manage user identity and access to critical data across all the different services with Versasec, is a huge win for organizations and admins.

Whether an organization has 20 or 200,000 employees, the YubiKey offers fast and simple deployment. We provide a hosted validation service, open source software and servers. Partners can easily work within the multiple security protocols supported by YubiKeys: OpenPGP, PIV, FIDO U2F, and more.

Yubico is proud to highlight Versasec as part of an ongoing YubiKey ecosystem awareness program. 

Talk to our teamTalk to our team

Share this article:


  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0
  • Building cyber resilience with Yubico and MicrosoftIn today’s digital landscape, cyber threats are evolving at an unprecedented pace: every second, a phishing attack takes place. In fact, over 80% of these attacks are the result of stolen login credentials and almost 70% of phishing attacks relied on AI last year alone. Recent data from Microsoft Entra also reveals a staggering increase […]Read moreMFA mandatesMicrosoft