PingID + Yubikey: MFA the Hard (Token) Way

High-profile security breaches top world headlines every day, and for good reason. The cost of a single corporate security breach averages $3.86 million. That’s not exactly chump change. Yet, despite the significant costs involved, both in dollars and reputational damage, many of these breaches could be prevented.

For years, we’ve known that authenticating with usernames and passwords alone is no longer sufficient security, especially for highly sensitive data and applications. However, some enterprises are continuing to play a risky game. In its most recent Data Breach Investigations Report, Verizon found that stolen or weak credentials are still causing a significant number of data breaches.

When you look at the costs involved, it should be an easy decision to add an additional authentication factor. Multi-factor authentication (MFA) is a proven security measure to reduce the risk of breach. And it doesn’t oppose convenience either. Users are becoming more accepting, even welcoming, of the additional security that comes with additional authentication, particularly when sensitive data is involved.

The industry trend is to utilize the user’s mobile phone as the second factor, because as we know all too well, it’s something that most people always have with them. A mobile app is called during the authentication or authorization to verify the user’s identity. The user completes login with either a swipe or by using the phone’s built in biometric features, like a fingerprint or facial scan. This creates a combined assurance of “what you have” and “what you are,” which is pretty cool and way more secure.

But, alas, no process is perfect. While it’s assumed that a user’s mobile phone is accessible, there are times when it isn’t. For example, in sensitive environments, such as call centers, hospitals, and financial institutions, mobile device use may be restricted or limited. This may be for security reasons, for safety reasons, or simply because the users have to wear gloves that limit the use of biometrics. 

Should your users be susceptible to these types of situations, you can still enable multi-factor authentication. You’ll just need to use a strong hardware-backed MFA alternative—and preferably one that won’t inadvertently be crushed by a work boot or need a battery for reliability. Enter the YubiKey!

The YubiKey is a hard token that acts as a hardware authenticator. It’s fast, simple and inexpensive to deploy, thanks to its multi-protocol capability and compatibility with existing security infrastructure. And it doesn’t require a battery or network connectivity, so it’s always on and accessible. 

With MFA enabled, organizations effectively reduce the risk of credential theft and protect their users, networks and computers from breaches. The world’s largest technology, finance and retail organizations trust the YubiKey to protect access to their enterprise accounts. 

And it’s a very effective security measure. Since Google implemented the YubiKey, it’s reduced password support incidents by 92%.

As its name implies, you can think of YubiKey as a key. But your enterprise also needs a lock. This is where PingID comes in. 

PingID is a cloud-delivered, adaptive MFA platform that enables you to orchestrate a variety of authentication methods and policies across your enterprise. Adaptive MFA allows you to step authentication requirements up or down depending upon contextual data, like device posture, geolocation, IP address and time since the last authentication. You can allow users to conduct low-value transactions without interruption, and you can prompt multi-factor authentication during high-value transactions on untrusted networks and devices. 

Once your authentication policies have been defined, you can layer on strong YubiKey protection when and where needed. Using PingID and the YubiKey together gives you a comprehensive, enterprise-wide MFA solution to safeguard your most sensitive data and effectively mitigate the risk of account takeovers.

The combination of PingID + YubiKey also provides the ultimate in flexibility and convenience. With support for YubiKey MFA built in, PingID affords admins the flexibility to harness a reliable hardware-backed security option for appropriate use cases. You can give users the convenience of utilizing either their mobile device or the YubiKey, depending upon personal preference and contextual situation. PingID allows your users to self-register new devices and manage or swap among authentication methods—including Yubikeys—in real-time, which can improve productivity and lower helpdesk costs. 

PingID + YubiKey provides support for all of your enterprise use cases, giving you the freedom to put MFA everywhere it’s needed and for all of your users, from employees and partners to customers. It’s a complete and easy-to-scale solution for organizations of all sizes. 

Ready to unlock the secret to providing enterprise-grade security, while delivering a world-class user experience? Read the Ping + Yubico solution brief.