Phishing-resistant MFA and passwordless for Insurance organizations
Modern security to secure employees and insurance agents
The YubiKey: Modern security and exceptional UX
Relying on username and passwords or legacy mobile-based authenticators such as SMS, OTP and push notification apps for user authentication is common across the insurance sector. But usernames and passwords are easily hacked, and not all multi-factor authentication (MFA) is created equal. Mobile-based authenticators are highly susceptible to modern cyber threats such as phishing attacks, account takeovers SIM swaps and attacker-in-the-middle attacks, and don’t offer the best user experience.
Yubico offers the YubiKey—a phishing-resistant hardware security key for modern, secure and simple multi-factor and passwordless authentication at scale. With the YubiKey organizations can secure employee and agent access, protect critical PII and PHI customer data, and drive regulatory compliance. YubiKeys are highly suitable for securing office workers, remote and hybrid employees, call center workers, shared workstations and devices, and agent networks
“Starting on November 1, 2025, a Covered Entity will be required to use MFA for any individual accessing any Information Systems of the Covered Entity, regardless of location, type of user, and type of information contained on the information system being accessed”.
WHITE PAPER
Protecting insurance organizations against modern cyber threats
Learn how insurance organizations can alleviate cyber risk by cultivating phishing-resistant users using the YubiKey for phishing-resistant multi-factor and passwordless authentication.
Prevent cybercrime, increase productivity and reduce IT costs
Yubico helps insurance organizations minimize cyber risk by providing modern and simple phishing-resistant MFA and passwordless authentication for critical business and customer data. By offering differentiated security and the best user experience, insurance organizations can drive high security while ensuring high employee and agent satisfaction.
“MFA is critical, but not all MFA methods are created equal. Twitter used application-based MFA, which sent a request for authentication to an employee’s smart phone. This is a common form of MFA, but it can be circumvented. During the Twitter Hack, the Hackers got past MFA by convincing the Twitter employees to authenticate the application-based MFA during the login. The most secure form of MFA is a physical security key, or hardware MFA, involving a USB key that is plugged into a computer to authenticate users. This type of hardware MFA would have stopped the Hackers, and Twitter is now implementing it in place of application-based MFA.”
YubiKey as a Service: peace of mind and flexibility for less than a cup of coffee per user/month
Simplify purchase and support while also providing financial benefits. Estimate your potential savings with a subscription as compared to a one-time purchasing model.
Benefits from the phishing-resistant YubiKey
Secure user access and drive regulatory compliance
The YubiKey drives highest-assurance security across all insurance use cases—whether it’s securing customer data or securing access for office workers, remote and hybrid employees, privileged users, agent networks and call center workers. YubiKeys also help you drive compliance to existing and emerging regulations such as New York State Cybersecurity Regulation 23 NYCRR Part 500, and offer a bridge to modern passwordless without a rip and replace. A single YubiKey works across multiple devices including desktops, laptops, mobile, tablets, and notebooks, helping you deploy phishing-resistant MFA at scale.YubiKeys are also easily re-programmed, making them suitable for rotating-shift and temporary workers.
Improve efficiency and enhance user experience
Not all forms of multi-factor authentication (MFA) offer an optimal balance of strong security with a fast and easy user experience. Mobile authenticators typically increase the number of steps in the authentication process, requiring users to wait for SMS, OTP or push app codes, and are reliant on wifi or cellular network connectivity. The YubiKey offers strong MFA and passwordless authentication with just one touch or tap of the YubiKey. YubiKeys do not require a battery or network connectivity, and are 4 times faster than typing in an OTP, ensuring quick and easy access to services for both employees and agents.
Reduce IT support costs and drive high ROI
The combination of frictionless user experience, data breach prevention, mobile device and service cost savings, and the YubiKeys versatility with multi-protocol support results in high ROI for any shared workstation environment. YubiKeys also enable self-service password resets, eliminating IT support costs related to help desk password-reset requests. In addition to reducing risk by 99.9%, the YubiKey has been shown to drive a 203% 3-year ROI and a drop in password-related help desk tickets by 75%.
Simplify acquisition and rollout of modern security
Once ready to purchase, Yubico is focused on helping organizations easily access security products and services in a flexible and cost-effective way to heighten security. Yubico offers YubiEnterprise Subscription, a service-based and affordable model for purchasing YubiKeys in a way that meets technology and budget requirements. This service also provides priority customer support, ease of form factor selection, backup key discounts, and replacement stock benefits. Additionally, YubiEnterprise Delivery provides IT teams with powerful capabilities to manage the delivery of hardware security keys to users globally and accelerates the adoption of strong authentication.
BEST PRACTICES GUIDE
Best practices to get started with phishing-resistant MFA at scale
Learn the six deployment best practices that can help your organization accelerate adoption of modern, phishing-resistant MFA at scale using the YubiKey.
Risk reduction, business growth, and efficiency enabled by YubiKeys
A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.
BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!