• Contact Sales
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Man holding YubiKey
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Google headquarters
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Hand holding YubiKey behind Apple iPhone
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
Woman holding YubiKey 5ci
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Critical infrastructure
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
Hand holding YubiKey behind Apple iPhone
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Lock on a laptop
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Government building
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

Get the white paper
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Elections & campaigns
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
man working a manufacturing line
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Person looking at a computer with a government building showing
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Remote workers at a wind farm
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
Laptop with a YubiKey inserted
BeyondTrust: secured with a subscription

A leader in Privileged Access Management simplifies YubiKey deployment

How they optimized ROI
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
S&P Global Market Intelligence report: old habits die hard

Only 46% of respondents protect their applications with MFA. How about you?

Read the report
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Considering Passkeys for your Enterprise?

Learn how to avoid the common pitfalls of synced passkeys

Get the Ebook
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
YubiKeys in lots of form factors
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services

Set up your YubiKey
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
YubiKey on a keychain plugged into a laptop
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs

Take the quiz
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
Worker with a calculator and laptop with a spreadsheet
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout

Professional Services
  • authentication
  • FIDO
  • MFA
  • mobile authentication
  • phishing-resistant MFA
  • WebAuthn
SubscribeStore
  • Home » Blog » Security considerations for the top 8 mobile device-restricted workplaces

    Security considerations for the top 8 mobile device-restricted workplaces

    David Treece

    David Treece

    March 3, 2022
    5 minute read
    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    When looking at enterprises and organizations, there are many different business scenarios that can be present when addressing secure authentication. Whether those be shared workstations, remote workers, or even privileged accounts, there is one in particular that introduces its own difficulties: mobile device-restricted workplaces.  It’s safe to say that there will always be workplaces which, because of the sensitive nature of the work going on there, will be mobile-restricted in some way. In those spaces, using the phone for anything is not an option – including user authentication before they’re allowed access to sensitive systems or data.

    It’s important to remember that “mobile-restricted access” isn’t just referring to the “drop your phone in this secure box” scenario. In most cases, it will involve a lesser form of restriction – for example, you can use your phone in some areas of a building, but not others. What about remote locations where cellular connectivity is not reliable? Or a scenario where you can use your phone for some enterprise apps, but not apps that touch mission-critical functions. All of these environments make mobile authentication difficult or downright impossible.  

    This post will provide an overview of some of the most common restricted workspaces and address how they can still be protected without the use of a mobile device. 

    Common mobile device-restricted workplace restricted workplaces 

    The following types of workplace environments should consider a different user authentication option for strong security without hampering user productivity:

    1. Call centers – Nearly every phone today comes with a “spy package” consisting of a camera and audio recording capability. Call centers often have Personally Identifiable Information (PII) or other sensitive customer information freely accessible, so mobile devices are often verboten.
    2. The factory work floor – An industrial workplace might restrict devices for worker safety, environmental restrictions, or there may be sensitive data accessible in that space. Outdoor locations like an oil drilling station might require more rugged devices than your standard mobile phone can handle. 
    1. High-security environments – Any workplace with high authentication assurance levels such as via AAL3 and/or FIPS validated authenticators, where phishing-resistant hardware security keys are required. These are often seen in government agencies and financial services firms. Additionally, administrators’ credentials are highly valued targets so mobile authentication is probably not the best solution because their compromised credentials can cause significant damage. 
    1. R&D labs – It goes without saying that the place where the most sensitive enterprise IP might potentially reside, cannot allow the presence of mobile devices that can easily record video or take a photo, and be extricated with said material. If labs require mobile phones to be left by the door, a smart card or FIDO security key would be more appropriate.
    1. Remote stations – A weather station, observational data post, offshore drilling, or a research facility that is far from reliable cell service, rendering most devices useless without expensive mitigating infrastructure. 
    1. Airplanes – You’ve probably been there. You have a long flight and can only connect to the Internet through a network that you’re not sure is compliant with your authentication system. Employees who spend a lot of time in the air require an alternative MFA authentication process if mobile  won’t work with in-flight systems. 
    1. Areas BYOD-restricted by union or government rules – “Bring Your Own Device” regulations are becoming more common here and in countries around the world. These rules do not allow personal devices to be used for work-related tasks without compensation. If a company is not willing to issue work-only mobile devices, mobile authentication could be off the table. 
    1. Customer-facing environments – Companies, especially in the hospitality and retail industry, strive to have the best in-person experience with their customers.  As a result, many restrict the use of mobile phones as it creates a perception that the employee is not fully engaged with the customer.

    In addition to the above mobile restriction considerations, it is important to consider the following topics as you deploy phishing-resistant (smartcard or FIDO/WebAuthn-based) MFA for users:

    1. Adaptable for shared workstations – Often those stations might already be in spaces with physical security controls, but the stations themselves should be supplemented with phishing-resistant authentication for added security. A flexible workstation will allow fast and secure task-switching between users ending and starting their shifts.
    2. Ruggedized devices that don’t need connectivity – Ruggedized devices can operate in any condition, without cellular connectivity for instance, and secure a range of computers and other endpoints that are capable of both working offline, or on the network. 
    1. Easy user experience (UX) – Don’t forget the users! Before embarking on a solution, take some internal survey feedback to better inform how to make it convenient for real people. An internal rollout team with good communication will make the change management process a little easier. It will also help if the intended solution has intuitive capabilities and self-service options in order to empower the end user and prevent costly post-implementation support costs.
    1. Ready for complex environments – A solution will look different depending on what is already set up. Organizations with primarily on-premise infrastructure could opt for a smart card-based security approach for example, while those using a primarily cloud-based environment might consider a modern FIDO-based approach.
    1. Protects your supply chain – The supply chain isn’t just the physical provision of goods and services anymore – it encompasses all of the partnership and business relationships an enterprise might have, including digital ones. Making sure the solution stays ahead of malicious innovation, employing anti-phishing policies or authentication can help prevent ransomware or malware attacks. 
    1. Supports compliance and regulations — Given the recent U.S. federal regulations like 2022’s OMB M-22-09 on Zero Trust, make sure the solution is focused on smart card (PIV) or WebAuthn phishing-resistant MFA technologies which will be essential to meeting compliance regulations.

    ——

    To learn more about mobile-restricted environments, read the “Best Practices for Securing Mobile-Restricted Environments” white paper. 

    Share this article:

    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    Recommended Posts

    • Q&A with CEO Mattias Danielsson: Yubico’s next stage of growth as a public company and what investors can expect

      Today marks an exciting, historic day in Yubico’s history: the company is now publicly traded under the ticker symbol YUBICO on Nasdaq First Growth North Market in Stockholm. As the cyber threat landscape continues to evolve rapidly through increasingly sophisticated attacks like phishing, the need for phishing-resistant MFA with the YubiKey are at an all-time […]

      Read more
      • Investors
      • Q&A
      • thought leadership
    • Five foundational cybersecurity controls to mitigate 90% of breaches

      During my 16 years in the cybersecurity industry, and after discussions with numerous CISOs and cyber security experts, they all agree that there are five easy steps all organizations can take to mitigate over 90% of all cyber breaches1.  Just like cars were not initially designed for safety, the internet was not designed for security. […]

      Read more
      • best practice guide
    • Okta + Yubico: Better together

      Modern cybersecurity needs to be phishing-resistant, but it also needs to incorporate a great user experience for employees, IT teams and customers. We know traditional authentication methods are perceived as user-friendly, but they are not secure and vulnerable to most attacks  – in fact, 59% of people still rely on username and password to authenticate […]

      Read more
      • Okta
      • Partner Program
    • Works with YubiKey Spotlight: How Yubico works with industry leaders who share the commitment to strong authentication

      As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]

      Read more
      • Works with YubiKey
      • wwyk
Yubico Text LogoYubico Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust