For those looking to switch over to hardware keys for MFA, what are your biggest blockers and challenges?

1.9k views36 Upvotes5 Comments

Training and Assessment Operations in Education, 501 - 1,000 employees
Switching to hardware keys for MFA can be challenging sometimes as authentication layers can sometimes be slightly incompatible to the device or applications and pose authentication issue
CTO for Digital & IT in Healthcare and Biotech, 10,001+ employees
We just did a fairly big roll out of Yubikeys for truck 
. It was way easier than it used to be with RSA tokens (the ones with the little screens that show a rotating code) which were a logistical nightmare. However, we did run into a bunch of unexpected issues due to the fact that support for WebAuthn/FIDO2 is still not as widespread as we would like, and the rationale for this or that combination of features working or not working on a given platform is not entirely clear. This applies particularly to mobile support, where we had to tweak quite a few options, and degrade our UX to some extent, to make it work.
Another gotcha that I was somewhat surprised at is that none of the major cloud providers' CIAM components (AWS Cognito, Azure AD B2C...) come with built-in support for FIDO2 keys and WebAuthn in general, so you end up having to roll your own and call into it through an API. I would rather not have to improvise those kinds of things...
Cyber security analyst in Energy and Utilities, 5,001 - 10,000 employees
Below could be potential challenges that an organization may face when switching to hardware keys for multi-factor authentication :

Cost: Hardware keys can be expensive, especially if an organization needs to purchase them for a large number of users.

User adoption: Some users may be resistant to using hardware keys, especially if they are not familiar with them or if they find them inconvenient to use.

Management and deployment: Organizations will need to manage and distribute hardware keys to users, which can be a logistical challenge for large enterprise.

Replacement: If a hardware key is lost or damaged, it will need to be replaced, which can be time-consuming and costly.

Overall, the decision to switch to hardware keys for MFA should be carefully evaluated, considering the costs and benefits, as well as the specific needs and capabilities of the organization.
IT Manager in Education, 501 - 1,000 employees
Cost to purchase, cost of replacement.
IT Analyst in IT Services, 5,001 - 10,000 employees
Users integration

Content you might like



Not sure7%


4.2k views5 Upvotes

IT Manager in Transportation, 10,001+ employees
Always remember about Risk Assessment. Conduct a thorough risk assessment to identify potential data loss risks and vulnerabilities. Use this assessment to prioritize DLP efforts.
Read More Comments
2k views1 Upvote3 Comments