SubscribeStore

  • Phishing-resistant multi-factor authentication (MFA)

    Authenticate in seconds from anywhere, anytime, on any device.
    Solution brief
    Home » Solutions » Modern Multi-Factor Authentication (MFA)

     Not all MFA is created equal

    person using laoptop

    While MFA can be a strong first-line of defense, not all forms of multi-factor authentication (MFA) are created equal. Legacy authentication such as usernames and passwords can be easily hacked, and mobile-based authentication such as SMS, OTP codes, and push notifications are highly susceptible to modern phishing attacks, malware, SIM swaps, and man-in-the-middle (MiTM) attacks.

    Additionally, there are almost always edge cases of employees that can’t, don’t, or won’t use mobile authentication. Not only can there be low cell coverage in certain geographic areas, employees also may not want to use personal devices for work, or don’t want to allow admin access to their devices. There may also be union restrictions or compliance requirements, and some employees may not be able to even use a smartphone. If the fall back option is usernames and passwords, this makes the organization even more vulnerable to phishing and account takeovers.

    What is phishing-resistant MFA?

    Phishing-resistant MFA processes rely on cryptographic verification between devices or between the device and a domain, making them immune to attempts to compromise or subvert the authentication process.  According to the NIST Special Publication (SP) 800-63 and Draft 800-63-4, two forms of authentication currently meet the mark for phishing-resistant MFA: PIV/Smart Card and the modern FIDO2/WebAuthn authentication standard.

    FREE EBOOK

    Not all MFA is created equal

    Any MFA is better than just a password, but not all MFA is created equal. Download the free Ebook to learn how easy it is for mobile-based MFA to be hacked!

    Get the free Ebook
    woman using mobile device and YubiKey 5 NFC

    YubiKey offers phishing-resistant MFA

    Yubico offers the phishing-resistant YubiKey for modern, multi-factor and passwordless authentication. YubiKeys support multiple protocols including Smart Card and FIDO, offering true phishing-resistant MFA at scale, helping organizations bridge from legacy to modern authentication. 
    YubiKeys are also simple to deploy and use—users can authenticate with a single tap or touch of the YubiKey. YubiKeys also don’t require batteries, have no breakable screens, don’t need a cellular connection, and are water-resistant and crush-resistant. With the YubiKey, organizations of all sizes can protect employees against modern cyber threats while driving high productivity, offering ease of use, and minimizing costs related to help desk password resets.

    Contact sales

     What makes the YubiKey phishing resistant?

    keys icon
    Hardware-backed public key cryptography

    YubiKeys use secure public key cryptographic technology to generate unique public and private key pairs for each service. The private keys are stored securely on  the YubiKey, making them hardware-bound and non-copyable, unlike legacy MFA.

    finger tap icon
    Proof of user presence

    Logging into a service with a YubiKey requires the user to touch or tap the key to authenticate. The touch sensor on the YubiKey verifies that the user is a real human and that the authentication is done with real intent. This prevents remote attacks that can easily bypass software-based MFA.

    monitor with check icon
    Origin-bound keys

    Once you register your YubiKey to a service, it is bound to that specific URL, and the registered credential cannot be used to log in to a fake website. This means that even if a user is tricked into clicking a link that takes them to a fake website, the YubiKey is never fooled, so the phishing attempt is thwarted!

    secrets icon
    No shared secrets across apps

    YubiKeys authenticate through the FIDO open standard, enabling access to thousands of applications and services, providing high security and privacy at scale, across both work and personal lives. A single key can be used to authenticate across any number of applications and services with no shared secrets, ensuring complete protection.

    WHITE PAPER

    The dark side of mobile authentication

    Learn the five key misconceptions related to mobile-based MFA that are a ticking time bomb, and are putting your organization at risk of being hacked.

    Get the white paper

    Risk reduction, business growth, and efficiency enabled by YubiKeys

    A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

    BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!

    Create my custom study
    TEI Forrester report

    Get Started

    yubikey 5 family shot
    Find the right YubiKey

    Find the right Yubikey
    Contact our sales team for a personalized assessment of your organization’s needs.

    Take the quiz
    Get protected today

    Browse our online store today and buy the right YubiKey for you.

    Buy now