T-Mobile is the latest company to adopt hardware-based security keys for its employees, purchasing over 200,000 of them from Yubico.
The company began adopting Yubikey security keys in late 2023 and has now distributed them to all staff, vendors and authorized retail partners, the company said on Tuesday.
“Once we had the YubiKeys in hand, we were able to get them up and running in the company in less than three months, and we’ve seen positive results after only a year of having them,” says Jeff Simon, T-Chief of Mobile Security.
PCMag-Recommended Yubico Security Keys
Security keys address how digital-based passwords can be stolen, whether through malware infection, phishing emails, or even guessing the user’s login. To counter these threats, the cybersecurity industry developed devices, often in the form of a USB drive, that leverage public-key cryptography to authenticate user inputs.
The result will generate and store the private authentication key for a website or online service on the device, ensuring that login credentials cannot be stolen or intercepted through phishing attacks. Security keys also typically start at around $20, making them an affordable solution for anyone looking to improve their online security. Sites including Google, Facebook, Apple and Coinbase, among many others, support security keys.
(Credit: Yubico/T-Mobile)
In 2017, Google purchased security keys for all employees to thwart the threat of phishing. Others, including Discord and Twitter/X, have also received security keys for all employees.
In the case of T-Mobile, the company adopted the security keys after the carrier experienced several data breaches, including at least two involving a phishing attack and stolen login credentials to access internal systems.
Recommended by our Editors
The company initially considered simply requiring multi-factor authentication (MFA) on all T-Mobile employee accounts as part of a deal to settle an FCC investigation into past data breaches. But in a video on Tuesday, Henry Valentine, a T-Mobile senior cybersecurity manager, said the company was still concerned about elite hackers finding ways to steal MFA codes from employees through their smartphones. . So the company opted for a hardware-based solution.
“With Yubico’s FIDO2 Security Keys, T-Mobile teams don’t have to change or remember their passwords, or type OTP codes that can be intercepted by bad actors,” Yubico and T-Mobile said in the announcement. . “They use their YubiKey to authenticate and verify their identity without a password to gain access to the resources they need.”
That said, security keys cannot prevent all hacking threats. T-Mobile has been among the US carriers that Chinese hacker group Salt Typhoon has targeted, apparently through existing software flaws. However, T-Mobile’s defense was able to stop the interception, which came through another carrier.
Like what you’re reading?
Register for Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. By clicking the button, you confirm that you are over 16 years of age and agree to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
About Michael Kahn
Senior reporter
