Phishing-resistant MFA for your hybrid and remote workforce
Drive productivity with simple, strong security
Read the solution briefZero account takeovers with the YubiKey
The username and password combination and SMS-based MFA are the most common authentication methods used by remote workers according to research by S & P Global Market Intelligence. While MFA can be a strong first-line of defense to protect remote and hybrid workers against phishing and ransomware, not all forms of multi-factor authentication (MFA) are created equal. Legacy authentication such as usernames and passwords can be easily hacked, and mobile-based authentication such as SMS, OTP codes, and push notifications are highly susceptible to modern phishing attacks, malware, SIM swaps, and man-in-the-middle (MiTM) attacks.
Yubico offers the phishing-resistant YubiKey for highest-assurance multi-factor and passwordless authentication. YubiKeys are simple to deploy and use, helping organizations of all sizes protect employees against modern cyber threats on their corporate and BYOD devices. Yubico also makes it easy to get keys directly into the hands of your remote workers, with YubiEnterprise Delivery, a cloud-based service that streamlines the distribution of YubiKeys to end-users, serving both domestic and international locations including residential addresses.
“As a blockchain security firm, securing information with strong MFA is non-negotiable. YubiKeys provide a really safe way to do this for every team member’s account. Access and identity are the true perimeter of a remote organization. There’s nothing better than a hardware device for protecting this.“
Best practices to secure hybrid and remote workers with phishing resistant MFA
With employees geographically dispersed perimeter security and legacy forms of authentication are no longer adequate for protection. Learn best practices to secure your workforce with phishing-resistant MFA.
Benefits of the phishing-resistant YubiKey
Secure access for IAM, IDP platforms and password managers
Leading hybrid and cloud environments leverage Identity and Access Management (IAM) and Identity Provider (IDP) platforms to enable employees to work without the hassle of multiple usernames and passwords. YubiKeys are natively supported by IAM platforms such as Axiad, Duo, Google Cloud, Microsoft Azure Active Directory, Okta Workforce Identity, OneLogin, Ping Identity platform and RSA SecurIDⓇ Suite, and can also be used for Single Single On (SSO) to messaging and video conferencing apps such as Microsoft Teams, Google Hangouts and Zoom. YubiKeys also integrate with several enterprise-grade password managers including 1Password, Dashlane, Keeper Security, LastPass, and more, ensuring that lax password management policies don’t cause a security breach.
Secure remote access technologies
Connecting via Virtual Private Networks (VPN) or Identity-Aware Proxies (IAP) to access corporate networks, protected resources or specific applications from unsecured home or public wifi can be risky if they are using legacy forms of authentication. The YubiKey secures remote access by enabling phishing-resistant 2FA or MFA for leading VPN applications such as Pulse Secure and Cisco AnyConnect, as well as other remote access applications, using smartcard (PIV), one-time password (OTP), FIDO U2F, or FIDO2 capabilities.
Protect computer login
If employee laptops are not secured properly, they can provide entry points for external threats leading to a security breach, which can have financial, legal and reputational repercussions for your business. YubiKeys secure computer logins, protecting on-device applications and critical business data. Multiple login options include authentication for Macs and Windows computers including those connected via Azure Active Directory, Active Directory and Microsoft Accounts. One of the most effective ways to secure computer access is to leverage the YubiKey smart card functionality, requiring a YubiKey and a PIN.
Secure SSH authentication keys
SSH credentials used to access business servers are high value targets for hackers, as they are used by developers and systems administrators who may have higher access levels to critical systems and data. Storing SSH private keys on local devices leaves them at risk of being stolen. Additionally, manually typing OTP codes for MFA slows down access times and productivity. SSH users can authenticate to remote systems using private keys stored securely on a YubiKey, ensuring they cannot be copied, stolen remotely or accessed by malware. Using YubiKeys also offers greater convenience and faster logins – with a single touch users are securely authenticated. YubiKeys work with SSH with a variety of authentication protocols including OpenPGP, PIV, FIDO U2F, or OTP.
To better protect its remote and mobile workforce and reduce the risk of Shadow IT, BeyondTrust is replacing all legacy MFA technology that relies on passwords and push notifications with modern, secure passwordless login flows using the YubiKey.
Discover the services that help secure your hybrid and remote workforce
Remote and hybrid MFA in action
Securing hybrid and remote workers can get complex. The YubiKey’s phishing-resistant authentication enables employees to be productive while staying secure.
Ready to take the next step?
Find the right YubiKey
Contact our sales team for a personalized assessment of your company’s needs.
