As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]
Read moreThe Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently collaborated to produce an important new document, “Identity and Access Management: Recommended Best Practices for Administrators.” Part of the Enduring Security Framework (ESF), it presents a distillation of identity access management (IAM) and cybersecurity guidance put forth by CISA to date, based […]
Read moreOver the years, we have witnessed malicious actors taking aim at organizational supply chains, seeking to exploit the weakest link in enterprises. Increasingly, passwords and even legacy multi-factor authentication (MFA) methods are being swiftly bypassed by phishing and ransomware – resulting in significant financial and reputational damage to organizations, as well as severe threats to […]
Read moreWe talk a lot about Zero Trust architectures (ZTAs) at Yubico because we’d like to see every customer embrace its guiding principle: no user, whether they are authenticating from inside or outside the organization, has implicit trust granted. Additionally, the authentication method must be phishing-resistant and provide signals that attest to the protection of the […]
Read moreLast week, several Yubico leaders traveled to Washington, DC to attend the White House’s symposium focused on modernizing authentication in support of Executive Order 14028 on Improving the Nation’s Cybersecurity, and the OMB Memo M-22-09 describing the Federal Zero Trust architecture. This event, organized by the Federal CIO & CISO and the Cybersecurity and Infrastructure […]
Read moreIn an effort to protect the nation’s infrastructure and improve cybersecurity, the Executive Order 14028 and the Office of Management and Budget Memo M-22-09 took a strong stance to require phishing-resistant authentication for all federal agencies. The M-22-09 memo also specifies two standards-based authentication protocols that will satisfy the phishing-resistant requirements, FIDO2/WebAuthn and PIV smart […]
Read moreYubico’s YubiEnterprise Subscription pioneers hardware multi-factor authentication (MFA), the gold standard of enterprise authentication, as a phishing-resistant MFA ‘as-a-Service’ model that helps organizations save money and gain flexibility while experiencing faster rollouts. As part of consistently delivering value to organizations that are raising the bar for security at scale, we are prioritizing delivering meaningful updates […]
Read moreAmazon recently announced improved support for using FIDO2 security keys as an MFA device to log on to the Amazon Web Services (AWS) console. As a result, FIDO2 security keys like the YubiKey are now supported on AWS GovCloud (US region) – providing phishing-resistant MFA for all users. Additionally, AWS has improved their support for […]
Read moreShared workstation environments are common across many industries –from point-of-sale (POS) terminals in retail and grab-and-go devices for healthcare workers to call center kiosks and shared computers on manufacturing shop floors. While there can be cost savings and increase in productivity when multiple employees share, this can pose a significant security threat to businesses if […]
Read moreThis is part two of a two-part series on the latest NIST guidelines. To read part one, check out our blog post here. Over the past six months, three National Institute of Standards and Technology (NIST) draft guidelines were released that will change how federal agencies manage digital identity services, the authentication of users and […]
Read more