Modern Multi-Factor Authentication (MFA)
Better security that delights
Empower the Workplace using Modern Authentication
Learn how WebAuthn helps organizations move away from passwords and towards a reduced password environment. Now organizations have the flexibility and options to leverage biometrics authentication for seamless user experience, without compromising security.
Not all multi-factor authentication is created equal
YubiKeys help modernize authentication with ease bridging legacy MFA to modern protocols such as FIDO2 and WebAuthn. With the YubiKey, organizations can eliminate account takeovers while delivering a delightful user experience.
Offer the best user experience and security
SMS, one time passwords and mobile authenticators are cumbersome to use and hinder productivity. They are also easily breached via man-in-the-middle and phishing attacks. The top two data breach attack vectors today are phishing attacks and stolen credentials (source: Verizon 2019 Data Breach Investigation Report).
Yubikeys offer the best of both worlds – the best available security against phishing attacks and account takeovers, as well as the best user experience. To authenticate, users simply tap/touch their security key. YubiKeys also don’t require batteries, have no breakable screens, don’t need a cellular connection, and are water-resistant and crush-proof.
Bridge legacy MFA to modern protocols
Most traditional MFA methods are insecure. SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks.
YubiKeys feature modern protocols like FIDO2 and WebAuthn, as well as OTP, SmartCard (PIV), OpenPGP, earlier FIDO versions, and more. A single key supports multiple applications, allowing YubiKeys to work with current applications and authentication methods, and advanced and emerging protocols at the same time.
Drive high security ROI
Many applications that support OTP and other legacy methods don’t yet support modern protocols like FIDO2 and WebAuthn. A rip and replace of legacy methods overnight is not pragmatic and can be costly. At the same time, having users carry multiple authentication devices is not desirable either.
YubiKeys drive the best ROI on MFA projects with unparalleled versatility, frictionless user experience and multi-protocol support. Organizations have seen a 92% reduction in help desk costs, strong rise in user adoption, and a sharp decline in account takeovers.
Let our Professional Services help facilitate your YubiKey MFA implementation and deployment
How does multi-factor authentication with YubiKey work?
YubiKeys use modern protocols such as FIDO2 and WebAuthn open authentication standards co-authored by Yubico and members of the FIDO Alliance.
Passwordless: Authenticator user touch/fingerprint
Replaces weak passwords with a hardware authenticator for strong single factor authentication.
Two Factor Authentication: Password + Authenticator user touch/fingerprint
Second factor in a two factor authentication solution with a combination of username and password, along with user touch of hardware authenticator.
Multi-Factor Authentication: Passwordless + PIN or Biometric
Multi-factor with combination of a hardware authenticator with user touch and PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.
Case in point:
Google stops attacks on
employee accounts
Situation:
Google, the world’s largest Internet company is under constant attack from nation-states, hacktivists, fraudsters, and all manner of bad actors seeking to do harm. The company believed their one-time password LCD devices and mobile apps were increasingly vulnerable to phishing and “man in the middle (MitM)” attacks.
YubiKey Solution:
Ease of Use – Enables rapid login and supports response time SLAs
Low TCO – Supports OTP in place, with plans to adopt modern authentication approaches such as FIDO U2F as well as smart card PIV all with one single security key for low TCO
IAM Integration – Supports single sign-on and federation with existing IAM backend
Result:
The company turned to Yubico and implemented a policy whereby 2 Yubikeys became “standard issue” for each and every employee, as well as available for end-users.
“We believe that by using this token we’ve raised the standard of security for our employees beyond what was commercially available.”
“Those using the YubiKey for two factor access appreciate the quick login capabilities”
Get world class authentication security
for less than a cup of coffee per user/month
Get Started
Find the right YubiKey
Contact our sales team for a personalized assessment of your company’s needs.
Get protected today
Browse our online store today and buy the right YubiKey for you.
Recommended content
Zero Trust is the new regulatory minimum for Federal agencies: what does that mean for authentication?
The deadline is looming for federal agencies to implement impersonation-resistant multi-factor authentication (MFA), just one of the new stronger security requirements under President Biden’s new cybersecurity executive order (EO 14028). The EO puts security front and center to address some of the worst cyber attacks against the federal government, setting up new federal compliance expectations …
Modern MFA for the Federal Government: How the YubiKey Meets U.S. Federal Government Requirements
Learn how the YubiKey, a DOD approved alternate authenticator meets federal PIV/CAC requirements and government compliance regulations.
Modern Authentication for the Federal Government: Enabling Mobile, Secure Authentication in Zero Trust Environments
Learn how DOD approved hardware security keys such as the YubiKey are ideal to fill PIV and CAC related authentication gaps across the federal government, and meet the MFA mandate in the Biden Executive Order 14028.
Ping Identity and Yubico
Ping Identity and Yubico—stronger together Strong, phishing-resistant authentication for every role Together, YubiKey and PingID enable organizations to easily define authentication policies and layer strong protection for everyone across the enterprise. Each user is protected from phishing and account takeovers, preventing hackers from compromising vulnerable targets as a way to accessing critical systems and data. …