Skip to content
  • Contact Sales
  • Resellers
  • Support
Yubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Contact Sales
  • Events
  • Press room
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Easy-to-use, secure authenticationWith YubiKey there’s no tradeoff between great security and usabilityWhy YubiKeyaccount takeoversenterprise securityFacebook Proven at scale at GoogleGoogle defends against account takeovers and reduces IT costsGoogle Case Studyaccount takeoversenterprise securityFacebook Protecting vulnerable organizationsSecure it Forward: Yubico matches up to 5% of the number of YubiKeys purchased on Yubico.comSecure it Forwardaccount takeoversenterprise securityFacebook
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiKey as a Service
  • YubiEnterprise Delivery
  • Yubico Enrollment Suite
  • YubiCloud
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
One key for hundreds of apps and servicesYubiKey works out-of-the-box and has no client software or batteryYubico protects youaccount takeoversenterprise securityFacebook See YubiKeys as a ServiceYubiKey as a Service delivers scale and savingsGain a future-proofed solution and faster MFA rolloutsYubiKey as a Serviceaccount takeoversenterprise securityFacebook
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Critical infrastructure
  • Secure supply chain
  • Protect call centers
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
  • Okta identity solutions
The Bridge to PasswordlessBegin the journey to make your organization passwordless Get the white paperaccount takeoversenterprise securityFacebook Accelerate your Zero Trust Strategy7 best authentication practices to jumpstart your Zero Trust programGet the white paperaccount takeoversenterprise securityFacebook Federal cybersecurity requirements Guidance for leaders to prepare for the modern cyber threat eraGet the white paperaccount takeoversenterprise securityFacebook
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Department of Defense
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
  • Elections & campaigns
  • Insurance organizations
Manufacturing and supply chain security Authentication best practices for manufacturingGet the white paperaccount takeoversenterprise securityFacebook Phishing-resistant MFA: Fact vs. FictionMeet requirements for phishing-resistant MFA in OMB M-22-09 guidelinesGet the white paperaccount takeoversenterprise securityFacebook Secure energy and natural resources from cyber threats Best practices for phishing-resistant MFA to protect infrastructureGet the white paperaccount takeoversenterprise securityFacebook
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Passkeys
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
BeyondTrust: secured with a subscriptionPrivileged Access Management leader simplifies deploymentSee case studyaccount takeoversenterprise securityFacebook S&P Global Market Intelligence report: old habits die hardOnly 46% of orgs protect their applications with MFA. How about yours?Read the reportaccount takeoversenterprise securityFacebook Considering Passkeys for your Enterprise?Learn how to avoid common passkey pitfallsVisit Passkey Hubaccount takeoversenterprise securityFacebook
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiKey as a Service
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
How to set up your YubiKeyFollow our guided tutorials to start protecting your servicesSet up your YubiKeyaccount takeoversenterprise securityFacebook Find the best YubiKey for your needsTake the guided quiz and see which YubiKeys fit your needsTake the quizaccount takeoversenterprise securityFacebook Accelerate your YubiKey deploymentTechnical and operational guidance for your YubiKey rolloutProfessional Servicesaccount takeoversenterprise securityFacebook
SubscribeStore
  • FEATURED CUSTOMER
    Facebook Logo

    Making security effortless for employees

    Balancing usability and security.
    Quick deployment
    Supported scalability
    Ease of use

    About our customer Facebook

    Since its founding in 2004, Facebook has evolved from a small social networking service to one of the world’s biggest distributors of news and online ads. This massive transformation would not be possible without thousands of Facebook developers and employees who constantly strive to improve the overall user experience, digital security, and community discourse across the entire platform.


    Key results:

    • Quick deployment
    • Supports scalability
    • Ease of use

    Contact SalesContact Sales

    Implementing strong security that doesn’t get in the way of work

    It’s no secret that Facebook’s access to the personal information of billions of people has made it a highly valuable target for cyberattacks. As a part of the company’s ongoing security strategy, the engineering team wanted to implement strong two-factor authentication (2FA) for their development environment. The solution not only needed to scale to thousands of developers, but also enable seamless security without interrupting workflow. After a lengthy search process, Facebook chose the YubiKey 4 Nano, which was deployed to thousands of developers within a matter of months. Once the engineering team proved the YubiKey could meet all of their complex requirements, Facebook deployed YubiKeys across the entire company.

    “Make being secure effortless”

    Facebook is committed to empowering people to collaborate freely, create new ideas, and roll out new products and services quickly — but without putting security at risk. “Some companies just want to dictate a security solution and be done with it. But we have a bunch of smart people working here and if security gets in their way, they will just figure out a way around it. So our ultimate goal is to make being secure effortless,” said Flynn.

    The Facebook development team uses the SSH protocol to enable secure remote connectivity to the development environment. Engineers initiate thousands of SSH development sessions per day, so the 2FA solution needed to work with several SSH authentication mechanisms without creating barriers to access or leaving security gaps.

    “Protecting against remote attackers is a constant challenge, because once they gain access, they can move laterally through the organization to get the data they want. We wanted a 2FA solution to prevent that lateral movement, so if an engineering laptop gets compromised, the attackers can’t pivot into the production environment and access critical data,” said Flynn.

    The team analyzed several options for 2FA. One-time passwords (OTPs) couldn’t support engineers who need to access the development environment thousands of times per day. “We can’t expect developers to pull out their phone to type in an OTP every time they log in. It just creates an unacceptable amount of friction,” said Flynn.

    “Facebook is a very fast-paced environment and we needed technologies that would allow us to maintain that pace. Because of the ease of use of Duo Security and Yubico authentication technologies, we have seen minimal support and overhead costs. Other technologies, such as traditional OTP-based hardware tokens, smart cards, and biometrics didn’t fully support our need to allow multiple and rapid logins to SSH sessions.”
    John “Four” FlynnInformation Security Manager

    Secure enough for developers, scalable enough for global deployment

    Ultimately, the YubiKey 4 Nano combined with ecosystem partner Duo met the Facebook team’s requirements for a 2FA solution that could be deployed quickly, support scalable and frequent use across multiple devices, and enable strong authentication every time a developer logs into a server. Because the YubiKey 4 Nano stays connected to the device, the developer simply taps the key to authenticate, which is significantly faster than typing in an OTP thousands of times per day.

    After successfully deploying the YubiKey to the engineering team, Facebook then deployed YubiKey-enabled 2FA to the rest of the company. “When you have a two-factor system that’s good enough to use for every single SSH access instance, it’s easy to roll it out on your email system and VPN,” said Flynn.

    In addition to employees, Facebook also supports YubiKey authentication to help billions of users prevent fraud, account takeovers, and data theft from highly persistent attackers — helping to ensure the platform’s integrity and security for everyone who uses Facebook every day.

    Sources

    Facebook makes security effortless for employees.pdf
Yubico Text Logo
  • RSS Feed
  • X
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2025 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust