Facebook Uses YubiKey and Duo
Yubico and Duo Security are happy to jointly announce today that Facebook has successfully deployed technologies from both companies to provide two-factor authentication across its enterprise.
In order to securely authenticate software engineers to production networks and servers, Facebook needed a solution that provided quick and easy authentication, a fast rollout to employees, and the flexibility for multiple authentication options. After careful consideration, the company deployed solutions from both Duo Security and Yubico. When coupled together, the respective technologies successfully addressed Facebook's authentication priorities — placing equal emphasis on usability and security.
This complementary combination of two-factor technologies include multiple authentication methods — push, SMS, mobile, voice — of cloud-based authentication from Duo Security and the YubiKey Nano. Together, these technologies allow Facebook employees and developers to quickly authenticate using the YubiKey Nano, while offering the flexibility and ease of use from Duo Security. With Duo, users are given a choice of device and method each time they authenticate. Additionally, Duo supports all phone types, from smart phones to landlines, and lets users authenticate with a variety of authentication factors including the YubiKey.
The YubiKey Nano is the world's smallest OTP token, and is designed to stay inside the USB-slot once inserted. To authenticate, users simply press the device and a pass code is instantly and automatically entered, there is no need to physically re-type pass codes.
For additional background on the deployment, recently, a team from Facebook gave a presentation to the Center for Education and Research in Information Assurance and Security (CERIAS) Seminar at Purdue University, explaining how the company utilizes Duo Security and YubiKeys to provide two-factor authentication for the company's engineers. The presentation provided thoughtful insight into the security culture of Facebook and how that led them through the evaluation and implementation decisions of their two-factor authentication deployment. That presentation can be found here - duo.sc/facebook-purdue
More about Duo Security
More about the YubiKey Nano
