The security key bad hackers love to hate

By using weak usernames and passwords, or vulnerable SMS-based two-factor authentication, your users are vulnerable to account takeovers resulting from increasingly sophisticated phishing scams. But there is a solution…

How phishing works

1. User sees “real” information

Successful phishing attacks use real information, seem like they’re coming from a real person or business, and create a sense of urgency to entice users to click.

The most successful attacks focus on tricking the user into sharing information for a delivery or signing into an account.

2. Tricked user logs in

Once users click on a link, they’re often directed to a fake website that looks identical to the real one – even the URL looks the same.

Once users enter their credentials on the fake site, cybercriminals immediately login to the real website with the username and password the user was just tricked into revealing.

3. Credentials stolen

Now the users’ credentials have been stolen, and are used to take over accounts. Attackers then use this information to commit fraud, hold information ransom, with the goal of financial gain.


How to fight phishing? Use a YubiKey.

Physical security is hard to beat

When your users login using a YubiKey, a hardware security key, they’re required to give explicit consent by touching or tapping the YubiKey itself.

Making your users personally a part of the secure login process raises the security bar significantly.

The YubiKey isn’t fooled

Even if a user is tricked, the YubiKey isn’t fooled. The YubiKey binds the user login to the original website’s URL. Only the real site can authenticate with the key.

That means that while a user may be tricked into thinking a website is real, the YubiKey won’t reveal their credentials, protecting your business.

Impersonation becomes harder

While cybercriminals may get access to usernames and passwords through phishing or data breaches, without the YubiKey they cannot login. Login requires the physical possession of the key.

By using the YubiKey, your user’s presence becomes a critical part of the login process, significantly raising the security bar.

Hardware is better than text

Text messages used to verify users’ identities or to reset passwords can be intercepted by cybercriminals. The YubiKey cannot be intercepted remotely, since it is a physical key, just like a house key.

By using the YubiKey and its hardware-based authentication to prove a user’s identity, not even cybercriminals with your users’ credentials can mimic their physical presence to login.


YubiKey is trusted by the world’s leading companies

“We have had no reported or confirmed account takeovers since implementing security keys at Google.”

“Facebook is using the YubiKey for securing its own employees, and have made secure login with FIDO U2F and YubiKeys available for all Facebook users”

“The YubiKey meets all our requirements thanks to its simplicity of use, its open algorithm and the available open-source software support.”

Get Started

Want to learn more?

Learn best practices to avoid phishing in The State of Password and Authentication Security Behaviors Report white paper.

Ready to end phishing season now?

Browse our online store today and buy the right YubiKey for you.