LinkedIn Secures Employees with MFA, Okta, YubiKey

Weak passwords and the employees that use them are the biggest threat to IT security, Raj Nagalingam, Senior Systems Engineer at LinkedIn, told the audience at last week’s Oktane15 conference.

LinkedIn and Okta MFA

To combat such threats at LinkedIn, Raj has turned to Okta’s multi-factor authentication plus the YubiKey as one way to protect resources and employees (often times from themselves).

Raj and Jerrod Chong, Vice President of Solutions at Yubico, walked the Oktane15 audience through the YubiKey’s benefits and strengths, and the strategy and tools LinkedIn used to deploy Okta’s cloud-based Adaptive Multi-Factor Authentication with a one-time password (OTP) generated by a YubiKey.

LinkedIn’s user login begins with entering a user name and password into Okta. If valid, Okta pops up a window asking the user to insert and touch the button on their YubiKey providing LinkedIn with MFA. The Okta platform checks to ensure the YubiKey itself is registered to the user before verifying the OTP. Upon successful OTP validation using the Okta validation service, the user is allowed to log in.

Raj stresses that YubiKey’s OTP is harder to phish and is resistant to malware since nothing can be written to the key. And, he added, users are instantly hooked on the ease-of-use.

“If you ask your mom to do this, she can,” he told the audience.

LinkedIn’s Move To U2F

LinkedIn’s current plan is focused on Yubico OTP, but in the near future, the company wants to move to authentication using the FIDO Alliance’s U2F protocol that is based on public key cryptography.

During the session, LinkedIn also reviewed how it used the security and policy framework developed by the Cloud Security Alliance (CSA) to decide how to enforce second-factor authentication for applications. The framework categorizes applications into three levels — Limited, Confidential, and Highly Confidential — each of which define required access controls for apps.

“We grade every app in our environment and our security team makes decisions based on data classification,” said Raj. “In today’s world, everyone works in cloud apps and they use passwords that are static and weak. I recommend enabling multi-factor authentication.”

And he thinks the YubiKey has the right stuff. “It’s fast and easy. Just insert and touch.” Discover more about YubiKey MFA and the companies and programs, like LinkedIn, we support from our Works with YubiKey page.

Talk to our teamTalk to our team

Share this article:


  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0