Yubico and T-Mobile Deployment of 200,000 Phishing-Resistant YubiKeys Enhances Un-carrier’s Work Systems Security
Yubico has successfully partnered with T-Mobile to deploy over 200,000 FIDO2 YubiKeys across their workforce, including employees, vendors, and retail partners in late 2023. This implementation replaced legacy authentication methods with passwordless, device-bound passkeys to enhance security against cyber threats.
The deployment was completed in less than three months, providing T-Mobile's teams with phishing-resistant authentication that eliminates the need for passwords or one-time passwords (OTPs). This security upgrade comes at a important time, as the Anti-Phishing Working Group reported almost five million unique phishing attacks in 2023, marking it as the worst year on record.
YubiKeys support multiple phishing-resistant authentication protocols including FIDO2/WebAuthn, U2F, and Smart Card (PIV), offering seamless operation across all operating systems and mobile devices. The solution has already shown positive results after one year of implementation at T-Mobile, strengthening their defense against sophisticated cyber campaigns targeting telecommunication networks.
Yubico ha collaborato con successo con T-Mobile per distribuire oltre 200.000 YubiKeys FIDO2 tra i loro dipendenti, fornitori e partner del settore retail alla fine del 2023. Questa implementazione ha sostituito i metodi di autenticazione obsoleti con passkey senza password, collegate a dispositivi, per migliorare la sicurezza contro le minacce informatiche.
La distribuzione è stata completata in meno di tre mesi, offrendo ai team di T-Mobile un'autenticazione resistente al phishing che elimina la necessità di password o di password monouso (OTP). Questo aggiornamento di sicurezza arriva in un momento cruciale, poiché il Gruppo di Lavoro Anti-Phishing ha riportato quasi cinque milioni di attacchi di phishing unici nel 2023, segnando l'anno peggiore mai registrato.
Le YubiKeys supportano più protocolli di autenticazione resistenti al phishing, tra cui FIDO2/WebAuthn, U2F e Smart Card (PIV), offrendo un'operazione fluida su tutti i sistemi operativi e dispositivi mobili. La soluzione ha già mostrato risultati positivi dopo un anno di implementazione presso T-Mobile, rafforzando la loro difesa contro campagne informatiche sofisticate che mirano alle reti di telecomunicazione.
Yubico se ha asociado con éxito con T-Mobile para desplegar más de 200,000 YubiKeys FIDO2 entre su fuerza laboral, incluidos empleados, proveedores y socios minoristas a finales de 2023. Esta implementación reemplazó los métodos de autenticación antiguos con claves de acceso sin contraseña vinculadas a dispositivos, para mejorar la seguridad contra amenazas cibernéticas.
El despliegue se completó en menos de tres meses, proporcionando a los equipos de T-Mobile una autenticación resistente al phishing que elimina la necesidad de contraseñas o contraseñas de un solo uso (OTP). Esta mejora en la seguridad llega en un momento importante, ya que el Grupo de Trabajo Anti-Phishing informó de casi cinco millones de ataques de phishing únicos en 2023, marcando el año más problemático registrado.
Las YubiKeys soportan múltiples protocolos de autenticación resistentes al phishing, incluidos FIDO2/WebAuthn, U2F y Smart Card (PIV), ofreciendo un funcionamiento sin interrupciones en todos los sistemas operativos y dispositivos móviles. La solución ya ha mostrado resultados positivos después de un año de implementación en T-Mobile, fortaleciendo su defensa contra campañas cibernéticas sofisticadas dirigidas a las redes de telecomunicaciones.
유비코는 티모바일과 성공적으로 파트너십을 체결하여 2023년 말까지 직원, 공급업체 및 소매 파트너를 포함한 인력에 200,000개 이상의 FIDO2 유비키를 배포했습니다. 이번 구현은 구식 인증 방법을 비밀번호 없는 장치 결합 패스키로 교체하여 사이버 위협에 대한 보안을 강화했습니다.
배포는 3개월도 채 되지 않아 완료되었으며, 티모바일 팀에 비밀번호나 일회용 비밀번호(OTP)가 필요 없는 피싱 저항 인증을 제공했습니다. 이 보안 업그레이드는 중요 시점에 이루어졌으며, 안티 피싱 작업 그룹은 2023년에 거의 500만 건의 독특한 피싱 공격이 발생했다고 보고하여 사상 최악의 해로 기록되었습니다.
유비키는 FIDO2/WebAuthn, U2F 및 스마트 카드(PIV)를 포함한 여러 피싱 저항 인증 프로토콜을 지원하며, 모든 운영 체제 및 모바일 장치에서 원활하게 작동합니다. 이 솔루션은 티모바일에서 1년간의 구현 후 긍정적인 결과를 이미 보여주었으며, 통신 네트워크를 겨냥한 정교한 사이버 캠페인에 대한 방어를 강화했습니다.
Yubico a établi avec succès un partenariat avec T-Mobile pour déployer plus de 200 000 YubiKeys FIDO2 au sein de leur personnel, y compris les employés, les fournisseurs et les partenaires de vente au détail à la fin de l'année 2023. Cette mise en œuvre a remplacé les méthodes d'authentification anciennes par des clés d'accès sans mot de passe et liées aux appareils, afin d'améliorer la sécurité contre les menaces cybernétiques.
Le déploiement a été achevé en moins de trois mois, offrant aux équipes de T-Mobile une authentification résistante au phishing qui élimine le besoin de mots de passe ou de mots de passe à usage unique (OTP). Cette mise à niveau de la sécurité arrive à un moment important, puisque le Groupe de travail anti-phishing a signalé près de cinq millions d'attaques de phishing uniques en 2023, en faisant l'année la plus problématique jamais enregistrée.
Les YubiKeys prennent en charge plusieurs protocoles d'authentification résistants au phishing, dont FIDO2/WebAuthn, U2F et Smart Card (PIV), offrant un fonctionnement fluide sur tous les systèmes d'exploitation et appareils mobiles. La solution a déjà montré des résultats positifs après un an d'implémentation chez T-Mobile, renforçant leur défense contre des campagnes cybernétiques sophistiquées ciblant les réseaux de télécommunications.
Yubico hat erfolgreich eine Partnerschaft mit T-Mobile geschlossen, um Ende 2023 über 200.000 FIDO2 YubiKeys im Unternehmen zu implementieren, einschließlich Mitarbeiter, Anbieter und Einzelhandelspartner. Diese Implementierung ersetzte veraltete Authentifizierungsmethoden durch passwortlose, gerätegebundene Passkeys, um die Sicherheit gegen Cyber-Bedrohungen zu erhöhen.
Der Rollout wurde in weniger als drei Monaten abgeschlossen und bietet den Teams von T-Mobile eine phishing-resistente Authentifizierung, die die Notwendigkeit für Passwörter oder einmalige Passwörter (OTPs) beseitigt. Dieses Sicherheitsupgrade kommt zu einem wichtigen Zeitpunkt, da die Anti-Phishing-Arbeitsgruppe 2023 fast fünf Millionen einzigartige Phishing-Angriffe gemeldet hat und damit das schlimmste Jahr seit Aufzeichnung darstellt.
YubiKeys unterstützen mehrere phishing-resistente Authentifizierungsprotokolle, darunter FIDO2/WebAuthn, U2F und Smart Card (PIV), und bieten einen nahtlosen Betrieb über alle Betriebssysteme und mobilen Geräte. Die Lösung hat nach einem Jahr der Implementierung bei T-Mobile bereits positive Ergebnisse gezeigt und stärkt ihre Verteidigung gegen anspruchsvolle Cyber-Kampagnen, die auf Telekommunikationsnetzwerke abzielen.
- Successful deployment of 200,000 YubiKeys across T-Mobile's workforce
- Rapid implementation completed in less than 3 months
- Demonstrated effectiveness in preventing unauthorized credential use over one year
- Enhanced security against phishing attacks in telecommunications sector
- None.
Insights
The deployment of 200,000 YubiKeys across T-Mobile's ecosystem represents a monumental shift in enterprise security architecture. The transition from traditional OTP-based authentication to FIDO2 hardware security keys addresses critical vulnerabilities in the telecom sector's authentication infrastructure.
The implementation's rapid three-month rollout across a complex organization demonstrates exceptional operational execution. The timing is strategic, considering the record-breaking 5 million unique phishing attacks reported by APWG in 2023. By eliminating password dependencies and OTP vulnerabilities, T-Mobile has effectively neutralized common attack vectors that typically exploit human error and credential theft.
The device-bound passkey architecture creates a robust security framework that's particularly valuable for telecom providers who manage vast networks of employees, vendors and retail partners. This multi-stakeholder deployment model sets a new industry standard for enterprise-wide security implementations.
This large-scale YubiKey deployment signifies a pivotal transformation in enterprise authentication strategy. The scope of 200,000 units positions this as one of the largest enterprise-wide hardware security key implementations, establishing a benchmark for similar-sized organizations contemplating passwordless transitions.
The successful rapid deployment across T-Mobile's diverse ecosystem - spanning corporate employees, vendors and retail partners - validates the scalability of hardware-based authentication solutions. This implementation model effectively bridges the security gap between corporate and retail environments, a important consideration for enterprises with hybrid operational structures.
The shift to device-bound passkeys eliminates the operational overhead of password management while significantly reducing help desk costs associated with password resets and account lockouts. This technological leap aligns with the broader industry movement toward zero-trust architecture and passwordless authentication frameworks.
T-Mobile rolled out phishing-resistant, modern passwordless authentication with device-bound passkeys
Enterprises and other organizations that rely on legacy multi-factor authentication (MFA) methods like passwords and one-time passwords (OTPs) can be susceptible to one of the most common tactics used by bad actors — phishing attacks. Typically, this involves sending a fake or fraudulent email, text or other communication in an attempt to steal someone’s sensitive information.
With Yubico’s FIDO2 security keys, T-Mobile’s teams no longer have to change or remember their passwords, or type in OTP codes that could be intercepted by bad actors; they use their YubiKey to passwordlessly authenticate and verify their identity to gain access to the resources they need.
“T-Mobile took a critical step forward to further reduce credential phishing by deploying the stronger, device-bound passkey solution that Yubico offers,” said Jeff Simon, chief security officer, T-Mobile. “Once we had our YubiKeys in hand we were able to get them up and running across the company in less than three months, and we’ve seen the positive results after just one year of having them. That progress is even more important in today’s environment where bad actors continue to wage sophisticated campaigns to attempt to infiltrate telecommunication networks. YubiKeys continue to be an important element of how we approach cyber protection.”
“AI and the sophistication of bad actors continue to evolve, putting enterprises and their personnel at higher risk than ever before. To protect against phishing attacks, companies need to act now to adopt and implement hardware-based security keys, which are the strongest multi-factor authentication available,” said Jerrod Chong, president and COO, Yubico. “T-Mobile’s deployment of YubiKeys is a great example of how enterprises committed to cybersecurity can rapidly and effectively deploy YubiKeys to reduce phishing.”
In 2023, the Anti-Phishing Working Group (APWG) observed almost five million unique phishing attacks, which is the worst year on record. These attacks not only result in billions of dollars in yearly losses for businesses but threaten the safe interconnected operation of critical infrastructure and services, from government agencies to financial institutions, factories, healthcare and human rights organizations.
Yubico has pioneered enterprise hardware-based security keys since 2007, championing open authentication standards and delivering modern, device-bound passkey authentication security at scale to customers. YubiKeys support multiple phishing-resistant authentication protocols such as FIDO2/WebAuthn, U2F and Smart Card (PIV). This provides a pathway to passwordless authentication for enterprises of any size. With support for hundreds of applications and services, YubiKeys deliver seamless operation across all operating systems and mobile devices, are easy to use and help save time for IT help desks in resetting passwords for employees. This form of modern MFA positions enterprises to take advantage of passwordless environments across their many applications, teams and business processes, including retail environments.
To hear more about T-Mobile’s cybersecurity, go here. For more information on how to deploy phishing-resistant MFA across the enterprise and cultivate phishing-resistant users, visit www.yubico.com.
About Yubico
Yubico (NASDAQ
Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based passkey authentication security at scale to customers in over 160 countries.
Yubico’s solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience.
As part of its mission to make the internet more secure for everyone, Yubico donates YubiKeys to organizations helping at-risk individuals through the philanthropic initiative, Secure it Forward. The company is headquartered in
View source version on businesswire.com: https://www.businesswire.com/news/home/20250120379935/en/
Media Contacts:
Yubico Media Relations
Press@yubico.com
Source: Yubico
FAQ
How many YubiKeys did T-Mobile deploy in their 2023 security implementation?
How long did it take T-Mobile to implement Yubico's security solution?
What authentication protocols do Yubico's YubiKeys support?
How many phishing attacks were recorded by APWG in 2023?
What legacy authentication methods did YubiKeys replace at T-Mobile?
