Modern Multi-Factor Authentication (MFA)
Better security that delights
Not all multi-factor authentication is created equal
YubiKeys help modernize authentication with ease bridging legacy MFA to modern protocols such as FIDO2 and WebAuthn. With the YubiKey, organizations can eliminate account takeovers while delivering a delightful user experience.
Account takeover preventation rate
Research by Google, NYU, and UCSD based on 350,000 real-world hijacking attempts. Results displayed are for targeted attacks. Source
Offer the best user experience and security
SMS, one time passwords and mobile authenticators are cumbersome to use and hinder productivity. They are also easily breached via man-in-the-middle and phishing attacks. The top two data breach attack vectors today are phishing attacks and stolen credentials (source: Verizon 2019 Data Breach Investigation Report).
Yubikeys offer the best of both worlds – the best available security against phishing attacks and account takeovers, as well as the best user experience. To authenticate, users simply tap/touch their security key. YubiKeys also don’t require batteries, have no breakable screens, don’t need a cellular connection, and are water-resistant and crush-proof.
Bridge legacy MFA to modern protocols
Most traditional MFA methods are insecure. SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks.
YubiKeys feature modern protocols like FIDO2 and WebAuthn, as well as OTP, SmartCard (PIV), OpenPGP, earlier FIDO versions, and more. A single key supports multiple applications, allowing YubiKeys to work with current applications and authentication methods, and advanced and emerging protocols at the same time.
Drive high security ROI
Many applications that support OTP and other legacy methods don’t yet support modern protocols like FIDO2 and WebAuthn. A rip and replace of legacy methods overnight is not pragmatic and can be costly. At the same time, having users carry multiple authentication devices is not desirable either.