5 ways the YubiKey can protect your remote workforce with phishing-resistant MFA

Jerrod Chong

Jerrod Chong

5 minute read

In today’s enterprise journey to digital transformation, remote work is on the rise. Advancements in technology make it possible for employees to work from anywhere, but also introduce a new set of challenges for IT departments. Unsecured WiFi networks, unmanaged personal mobile devices, and phishing scams make it easy to steal user credentials and difficult to  securely manage geographically dispersed teams.

While the concept of remote work is not new, it is becoming more prevalent for modern businesses. Recent global events are driving these numbers even higher, making it imperative for organizations to set processes and systems in place that not only secure remote workers, but do so without hindering productivity. We are already seeing hackers taking advantage of the current state of business uncertainty with targeted phishing attacks, making it imperative to develop a business contingency plan that includes protecting the workforce when working remotely. Enterprises need to ask, “Can employees access systems remotely without introducing new risks and vulnerabilities?”

Enabling phishing-resistant multi-factor authentication (MFA) should be one of the top requirements for a work from home policy. The YubiKey 5 Series and FIPS-validated YubiKey Series offer an easy-to-use, durable, and multi-function solution for all employees regardless of device type, operating system, or location. Unlike mobie-based authenticators, YubiKeys are phishing resistant and cannot be breached. If you’re already using or want to use YubiKeys in your organization today, there are likely several other ways that you could be benefiting from strong hardware-backed authentication.

With remote and distributed workers on the rise, here are five tips to ensure that your employees are protected from phishing and beyond, with YubiKeys:

  • Enable MFA for identity access management (IAM) systems and identity providers (IdPs) — The best cloud and hybrid environments leverage IAM solutions to enable employees to work without the hassle of multiple usernames and passwords. Many of the leading IAM vendors offer native YubiKey support including Axiad, Duo, Google Cloud, Microsoft Azure Active Directory, Okta Workforce Identity, PingID, RSA SecurIDⓇ Suite, and others. If you’re already using any of these services, you can immediately improve the level of security across your entire organization by simply turning on MFA with YubiKeys.
  • IAM vendors and IdPs can also be used for Single Single On (SSO) to other business critical messaging or video conferencing apps such as Microsoft Teams, Google Hangouts and Zoom.
  • Secure VPN access with MFA — With an increase in remote workers, comes an increase in the number of people utilizing a VPN to access the corporate network. Pulse Secure and Cisco AnyConnect, can be configured to work with a YubiKey as a smartcard (PIV) for remote access. Other VPN applications that offer native support for YubiKeys use the one-time password (OTP) capabilities.

  • MFA for computer login — Whether you’re using a Mac or Windows machine, there are several options for securing your computer login with the YubiKey. One of the most effective ways is to leverage the smart card functionality of the YubiKey, and use the key in addition to a PIN, to lock down access to a computer. Most recently, Yubico has been working very closely with Microsoft to enable native YubiKey support in Microsoft Azure Active Directory for a FIDO-based passwordless login experience. It is now available in public preview for hybrid environments as well.

  • Step up authentication for password managers — If you are like the majority of respondents in a recent Ponemon Institute report and are still making your employees manage passwords with sticky notes and human memory, then it’s time to ditch that plan fast. Remote workers or not, your employees need a simple and safe way to create, store, and manage passwords. The YubiKey integrates with several enterprise-grade password managers including 1Password, Dashlane, Keeper Security, LastPass, and more.
  • Use a YubiKey to generate one-time time-based passcodes — Many of the services or applications you’re using internally may support time-based one-time passcodes  (OTPs) — such as Google Authenticator or Authy — as a two-factor authentication method. Did you know that you can actually replace those authentication apps with the Yubico Authenticator application and a YubiKey? Instead of the one-time passcodes being stored within a mobile device or computer, secrets are stored in the YubiKey. This allows users to generate the OTP codes within the app by inserting or tapping the YubiKey to a device. Yubico authenticator is compatible with iOS, Android, PC and Mac.

For additional information on how organizations are using YubiKey to protect remote workers, sign up for our March 26 webinar on Enabling employees to work securely from home.

On behalf of all of Yubico, we’re committed to making secure login easy and available for everyone. To discover more YubiKey use cases, check out our solutions page. If you have questions about deploying YubiKeys within your organization, please contact us for more information.

, , ,
Talk to our teamTalk to our team

Share this article:
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless
  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard