For those looking to switch over to hardware keys for MFA, what are your biggest blockers and challenges?

Security Strategy & RoadmapSecurity & GRC
1.9k views36 Upvotes5 Comments
Training and Assessment Operations in Education, 501 - 1,000 employees
Switching to hardware keys for MFA can be challenging sometimes as authentication layers can sometimes be slightly incompatible to the device or applications and pose authentication issue
CTO for Digital & IT in Healthcare and Biotech, 10,001+ employees
We just did a fairly big roll out of Yubikeys for truck 
. It was way easier than it used to be with RSA tokens (the ones with the little screens that show a rotating code) which were a logistical nightmare. However, we did run into a bunch of unexpected issues due to the fact that support for WebAuthn/FIDO2 is still not as widespread as we would like, and the rationale for this or that combination of features working or not working on a given platform is not entirely clear. This applies particularly to mobile support, where we had to tweak quite a few options, and degrade our UX to some extent, to make it work.
Another gotcha that I was somewhat surprised at is that none of the major cloud providers' CIAM components (AWS Cognito, Azure AD B2C...) come with built-in support for FIDO2 keys and WebAuthn in general, so you end up having to roll your own and call into it through an API. I would rather not have to improvise those kinds of things...
3
Cyber security analyst in Energy and Utilities, 5,001 - 10,000 employees
Below could be potential challenges that an organization may face when switching to hardware keys for multi-factor authentication :

Cost: Hardware keys can be expensive, especially if an organization needs to purchase them for a large number of users.

User adoption: Some users may be resistant to using hardware keys, especially if they are not familiar with them or if they find them inconvenient to use.

Management and deployment: Organizations will need to manage and distribute hardware keys to users, which can be a logistical challenge for large enterprise.

Replacement: If a hardware key is lost or damaged, it will need to be replaced, which can be time-consuming and costly.

Overall, the decision to switch to hardware keys for MFA should be carefully evaluated, considering the costs and benefits, as well as the specific needs and capabilities of the organization.
1
IT Manager in Education, 501 - 1,000 employees
Cost to purchase, cost of replacement.
IT Analyst in IT Services, 5,001 - 10,000 employees
Users integration
3

Content you might like

How many on-site vendor audits does your company perform on an annual basis as part of your third party risk management program?

Security & GRC

10+18%

6-1045%

2-624%

0-210%

Never2%


49 PARTICIPANTS
2.4k views

Does your organization have a dedicated team responsible for managing third-party risks?

Security & GRC

Yes75%

No18%

Not sure7%


143 PARTICIPANTS
4.2k views5 Upvotes

How are companies planning to change manage the roll-out of Data Loss Prevention (DLP)? We have programme of work to roll this out and would be interested in getting feedback on how other companies have successfully rolled it out, and any lessons learnt that they are happy to share.

Security & GRC
IT Manager in Transportation, 10,001+ employees
Always remember about Risk Assessment. Conduct a thorough risk assessment to identify potential data loss risks and vulnerabilities. Use this assessment to prioritize DLP efforts.
1
Read More Comments
2k views1 Upvote3 Comments

I'm looking to build out my organization's documentation efforts within our internal SOC into a one-size-fits-all type of document that covers the typical aspects of IR and can be read across technical and non-technical stakeholders. Does anyone have any leads or has anyone themselves put together a general template for incident response reporting?

Security & GRCSecurity Operations Center (SOC)Threat Intelligence & Incident Response+2 more
2.1k views1 Comment