Modernizing MFA
Better Security that Delights
Multi-Factor Authentication (MFA) is better than passwords alone, but not all MFA is created equal. The YubiKey helps modernize authentication with ease, bridging legacy MFA to modern protocols such as FIDO2 and WebAuthn. With YubiKeys, organizations can eliminate account takeovers while delivering a delightful user experience.
The Reality
Passwords are easily breached
The top two data breach attack vectors today are phishing attacks and stolen credentials (source: Verizon 2019 Data Breach Investigations Report). Passwords can be easily stolen from phishing attacks, as well as from breaches of password databases. Most users reuse passwords across applications creating a major security vulnerability.
Most traditional MFA methods are insecure and provide a terrible user experience
SMS, one-time passwords, and even mobile push authenticators are all susceptible to account takeover attacks from phishing and man-in-the-middle attacks. To make matters worse, users despise having to wait for and type in one-time codes or go through extra steps that take them out of their workflow. All of this leads to high helpdesk costs associated with account resets and data breaches.
Rip and replace of legacy MFA is not always viable
Many applications that support OTP and other legacy methods don’t yet support modern protocols such as FIDO2 and WebAuthn. Completely replacing legacy methods overnight is not pragmatic and can be too costly. At the same time, having users carry multiple authentication devices is not desirable either. Organizations need a way to smoothly transition from legacy authentication to modern MFA.
The Answer
YubiKeys offer the best security and user experience for authentication
YubiKeys offer the best of both worlds – the best available security against phishing attacks and account takeovers, as well as the best user experience. To authenticate, users simply tap their security key. They no longer need to interrupt their workflow by having to go out-of-band to another screen and needing to copy and type in additional codes. Additionally YubiKeys do not require batteries, have no breakable screens, don’t need a cellular connection, and are water and crush-resistant. As such the user experience is simple, easy, and frictionless.
YubiKeys bridge legacy MFA to modern protocols such as FIDO2 and WebAuthn
In addition to FIDO2/WebAuthn, YubiKeys also feature multiple other protocols such as OTP, SmartCard (PIV), OpenPGP, previous FIDO versions, and more. A single key can support multiple applications at the same time. This means organizations can easily deploy YubiKeys that work with both current applications and authentication methods, as well as advanced and emerging protocols. Many organizations have been able to consolidate and streamline their multiple authentication methods onto a YubiKey, while smoothly transitioning applications to newer FIDO2-based authentication.
YubiKeys offer the best ROI on MFA projects
The combination of frictionless user experience and the YubiKey’s unparalleled versatility with multi-protocol support results in astonishing ROI for any authentication project. Organizations have seen a 92% reduction in helpdesk costs, strong rise in user adoption, and a sharp decline in account takeovers.
“We believe that by using this token we’ve raised the standard of security for our employees beyond what was commercially available.”
—Mayank Upadhyay, Director of Security Engineering, Google Inc.
“Those using the YubiKey for two-factor access appreciate the quick login capabilities.”
– Richad Biever, Chief Information Security Officer at Duke University
Case in Point
Recent Study by Google:
A recent study by Google analyzed 350,000 real world account takeover attempts and found that attackers were able to breach all other forms of MFA except for FIDO security keys.
Case Study:
Duke University needed a solution that could be easily deployed across many user groups who typically login via SSH, RDP, or Shibboleth as many as 40 times per day. They chose YubiKeys for their multi-protocol support, ease of deployment, and streamlined user experience.
