• Phishing-resistant MFA and passwordless for Insurance organizations

    Modern security to secure employees and insurance agents
    Read solution brief
    Home » Industries » Phishing-resistant MFA and passwordless for Insurance organizations

     The YubiKey: Modern security and exceptional UX

    modern office people

    Relying on username and passwords or legacy mobile-based authenticators such as SMS, OTP and push notification apps for user authentication is common across the insurance sector. But usernames and passwords are easily hacked, and not all multi-factor authentication (MFA) is created equal. Mobile-based authenticators are highly susceptible to modern cyber threats such as phishing attacks, account takeovers SIM swaps and attacker-in-the-middle attacks, and don’t offer the best user experience.

    Yubico offers the YubiKey—a phishing-resistant hardware security key for modern, secure and simple multi-factor and passwordless authentication at scale. With the YubiKey organizations can secure employee and agent access, protect critical PII and PHI customer data, and drive regulatory compliance. YubiKeys are highly suitable for securing office workers, remote and hybrid employees, call center workers, shared workstations and devices, and agent networks

    “Starting on November 1, 2025, a Covered Entity will be required to use MFA for any individual accessing any Information Systems of the Covered Entity, regardless of location, type of user, and type of information contained on the information system being accessed”.
    New York Department of Financial Services 23 NYCRR 500November 2023

    WHITE PAPER

    Securing financial services with phishing resistant-MFA

    Learn why mobile-based authenticators are putting your organization at risk of being hacked, and how to successfully defeat modern cyber threats using the YubiKey for phishing-resistant multi-factor and passwordless authentication.

     Prevent cybercrime, increase productivity and reduce IT costs

    Yubico helps insurance organizations minimize cyber risk by providing modern and simple phishing-resistant MFA and passwordless authentication for critical business and customer data. By offering differentiated security and the best user experience, insurance organizations can drive high security while ensuring high employee and agent satisfaction.

    “MFA is critical, but not all MFA methods are created equal. Twitter used application-based MFA, which sent a request for authentication to an employee’s smart phone. This is a common form of MFA, but it can be circumvented. During the Twitter Hack, the Hackers got past MFA by convincing the Twitter employees to authenticate the application-based MFA during the login. The most secure form of MFA is a physical security key, or hardware MFA, involving a USB key that is plugged into a computer to authenticate users. This type of hardware MFA would have stopped the Hackers, and Twitter is now implementing it in place of application-based MFA.”
    New York Department of Financial Services, Twitter Investigation Report, October 2020

    YubiKey as a Service: peace of mind and flexibility for less than a cup of coffee per user/month

    Simplify purchase and support while also providing financial benefits. Estimate your potential savings with a subscription as compared to a one-time purchasing model.

    Benefits from the phishing-resistant YubiKey

    Secure user access and drive regulatory compliance

    The YubiKey drives highest-assurance security across all insurance use cases—whether it’s securing customer data or securing access for office workers, remote and hybrid employees, privileged users, agent networks and call center workers. YubiKeys also help you drive compliance to existing and emerging regulations such as New York State Cybersecurity Regulation 23 NYCRR Part 500, and offer a bridge to modern passwordless without a rip and replace. A single YubiKey works across multiple devices including desktops, laptops, mobile, tablets, and notebooks, helping you deploy phishing-resistant MFA at scale.YubiKeys are also easily re-programmed, making them suitable for rotating-shift and temporary workers.

    Improve efficiency and enhance user experience

    Not all forms of multi-factor authentication (MFA) offer an optimal balance of strong security with a fast and easy user experience. Mobile authenticators typically increase the number of steps in the authentication process, requiring users to wait for SMS, OTP or push app codes, and are reliant on wifi or cellular network connectivity. The YubiKey offers strong MFA and passwordless authentication with just one touch or tap of the YubiKey. YubiKeys do not require a battery or network connectivity, and are 4 times faster than typing in an OTP, ensuring quick and easy access to services for both employees and agents.

    Reduce IT support costs and drive high ROI

    The combination of frictionless user experience, data breach prevention, mobile device and service cost savings, and the YubiKeys versatility with multi-protocol support results in high ROI for any shared workstation environment.  YubiKeys also enable self-service password resets, eliminating IT support costs related to help desk password-reset requests.  In addition to reducing risk by 99.9%, the YubiKey has been shown to drive a 203% 3-year ROI and a drop in password-related help desk tickets by 75%. 


    Read more
    Simplify acquisition and rollout of modern security

    Once ready to purchase, Yubico is focused on helping organizations easily access security products and services in a flexible and cost-effective way to heighten security.  Yubico offers YubiEnterprise Subscription, a service-based and affordable model for purchasing YubiKeys in a way that meets technology and budget requirements. This service also provides priority customer support, ease of form factor selection, backup key discounts, and replacement stock benefits. Additionally, YubiEnterprise Delivery provides IT teams with powerful capabilities to manage the delivery of hardware security keys to users globally and accelerates the adoption of strong authentication.

    BEST PRACTICES GUIDE

    Best practices to get started with phishing-resistant MFA at scale

    Learn the six deployment best practices that can help your organization accelerate adoption of modern, phishing-resistant MFA at scale using the YubiKey.

    Risk reduction, business growth, and efficiency enabled by YubiKeys

    A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

    BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!

    TEI Forrester report