• Phishing-resistant Multi-factor Authentication (MFA)

    Any MFA is better than a password, but not all MFA is created equal
    Home » Solutions » Modern Multi-Factor Authentication (MFA)

    Not all multi-factor authentication is created equal

    YubiKeys help modernize authentication with ease bridging legacy MFA to modern protocols such as FIDO2 and WebAuthn. With the YubiKey, organizations can eliminate account takeovers while delivering a delightful user experience.

    graphic of account takeover risk
    Strongest security with true phishing-resistant MFA

    Legacy MFA like SMS, mobile auth and OTP are all vulnerable to phishing. And while there may be many solutions that claim to be phishing resistant, the simple fact is this – if it is not Smart card/PIV or modern FIDO authentication-based, it is not phishing-resistant!

    Stay protected with the strongest level of authentication security, and stop account takeovers in their tracks by considering modern, phishing-resistant MFA using hardware security keys based on smart card/PIV, or modern FIDO authentication.

    Reduce risk chances of financial and reputational loss

    The cyberthreat landscape has always been worrisome, but today incidents of cybersecurity breaches are skyrocketing. Ransomware attacks and other forms of account compromise continue to grace the news every month and malicious actors – state-sponsored or otherwise – have the potential to cost companies millions or even billions. In fact, ransomware attacks are expected to cost $235B by 2031.Reduce financial, legal and reputational risk by investing in modern MFA that prevents ransomware and can thwart account takeover attempts.

    If your organization needs to buy cyber insurance in case of a breach and related payout, the requirements to get cyber insurance are changing quickly and becoming costlier, unless you can prove that you have cyber protections in place.

    Offer the best user experience

    SMS, one time passwords and mobile authenticators are cumbersome to use and hinder productivity. They are also easily breached via man-in-the-middle and phishing attacks. The top two data breach attack vectors today are phishing attacks and stolen credentials (source: Verizon 2019 Data Breach Investigation Report).

    Yubikeys offer the best of both worlds – the best available security against phishing attacks and account takeovers, as well as the best user experience. To authenticate, users simply tap/touch their security key. YubiKeys also don’t require batteries, have no breakable screens, don’t need a cellular connection, and are water-resistant and crush-resistant.

    teal outline of 3 users and a key
    Bridge legacy MFA to modern protocols

    Most traditional MFA methods are insecure. SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks.

    YubiKeys feature modern protocols like FIDO2 and WebAuthn, as well as OTP, SmartCard (PIV), OpenPGP, earlier FIDO versions, and more. A single key supports multiple applications, allowing YubiKeys to work with current applications and authentication methods, and advanced and emerging protocols at the same time.

    Drive high security ROI

    Many applications that support OTP and other legacy methods don’t yet support modern protocols like FIDO2 and WebAuthn. A rip and replace of legacy methods overnight is not pragmatic and can be costly. At the same time, having users carry multiple authentication devices is not desirable either.

    YubiKeys drive the best ROI on MFA projects with unparalleled versatility, frictionless user experience and multi-protocol support. Organizations have seen a 92% reduction in help desk costs, strong rise in user adoption, and a sharp decline in account takeovers.

    Let our Professional Services help facilitate your YubiKey MFA implementation and deployment

    rectangle phone in hand

    The dark side of mobile authentication

    Watch the Yubico webinar, The dark side of mobile authentication to learn the security, usability and compliance risks associated with legacy mobile-based authenticators such as SMS, OTP and push notifications apps.

    How does multi-factor authentication with YubiKey work?

    YubiKeys use modern protocols such as FIDO2 and WebAuthn open authentication standards co-authored by Yubico and members of the FIDO Alliance.

    Passwordless: Authenticator user touch/fingerprint

    Replaces weak passwords with a hardware authenticator for strong single factor authentication.

    Two Factor Authentication: Password + Authenticator user touch/fingerprint

    Second factor in a two factor authentication solution with a combination of username and password, along with user touch of hardware authenticator.

    Multi-Factor Authentication: Passwordless + PIN or Biometric

    Multi-factor with combination of a hardware authenticator with user touch and PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.

    Case in point:

    Google stops attacks on
    employee accounts


    Google, the world’s largest Internet company is under constant attack from nation-states, hacktivists, fraudsters, and all manner of bad actors seeking to do harm. The company believed their one-time password LCD devices and mobile apps were increasingly vulnerable to phishing and “man in the middle (MitM)” attacks.

    YubiKey Solution:

    Ease of Use – Enables rapid login and supports response time SLAs
    Low TCO – Supports OTP in place, with plans to adopt modern authentication approaches such as FIDO U2F as well as smart card PIV all with one single security key for low TCO
    IAM Integration – Supports single sign-on and federation with existing IAM backend


    The company turned to Yubico and implemented a policy whereby 2 Yubikeys became “standard issue” for each and every employee, as well as available for end-users.

    “We believe that by using this token we’ve raised the standard of security for our employees beyond what was commercially available.”
    Mayank UpadhyayDirector of Security Engineering, Google Inc.
    “Those using the YubiKey for two factor access appreciate the quick login capabilities”
    Richad BieverChief Information Security Officer at Duke University

    Risk reduction, business growth, and efficiency enabled by YubiKeys

    A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

    BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!

    TEI Forrester report

    YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month

    YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model

    Get started

    Find the right YubiKey

    Contact our sales team for a personalized assessment of your company’s needs.

    Get protected today

    Browse our online store today and buy the right YubiKey for you.