Passwordless Authentication

Bringing Passwordless Authentication to Canadian Agencies, Municipalities and Companies  

The cyber landscape is evolving rapidly, and passwords are no longer enough to provide ample security. Even multi-factor authentication (MFA) is increasingly vulnerable to sophisticated threats like phishing and intermediary attacks.  

Working closely with Yubico, a leader in hardware-based security keys, FSET is implementing phishing-resistant MFA solutions that meet the highest security requirements for organizations of all types, sectors, and sizes. Here’s why and how we’re helping enable the shift to passwordless authentication.  

The Issue with Basic Authentication 

Passwords, once seen as the key to cybersecurity, have become a weak link. Human error, poor password “hygiene” (meaning setting and maintaining strong passwords), and the increasing sophistication of phishing attacks have left systems vulnerable. While mobile-based MFA methods like SMS codes and push notifications are better than passwords alone, they are still at risk of phishing and social engineering attacks along the chain of password entry. 

The reality is that any authentication system dependent on human intervention—whether entering a code or approving a push notification—creates a vulnerability that cybercriminals can exploit. That’s why regulatory bodies and cyber insurers are now mandating stronger, phishing-resistant MFA to protect against attacks. 

Phishing-Resistant Solutions 

Yubico’s YubiKey is a hardware token that uses cryptographic authentication, making it highly resistant to phishing, credential theft, and other types of attacks. Unlike traditional MFA, which relies on a user entering a PIN code or receiving a push notification, YubiKey uses public key cryptography to verify the identity of the user before requiring a PIN. It relies on the token itself, rather than a password, for authentication. 

Going passwordless also offers operational advantages. Not only does it reduce the burden on IT teams—often tasked with resetting passwords and dealing with account lockouts—it also enhances user experience. By removing the need for passwords, organizations can streamline workflows, reduce friction in accessing sensitive systems, and improve overall efficiency. 

FSET’s Collaboration with Yubico 

FSET is integrating YubiKey into sectors where security is critical, such as law enforcement and municipal operations. For example, the Ontario Provincial Police (OPP), is now using YubiKey tokens in conjunction with public key infrastructure (PKI) certificates. This enables officers to securely access sensitive portals and email systems without relying on password-based authentication methods. 

Additionally, FSET is combining YubiKey tokens with physical access control systems like Verkada, allowing for seamless authentication across both physical and digital environments. In this setup, YubiKeys serve a dual purpose: they can be used for logical security (logging into systems like email or websites) and physical security (gaining access to secure locations). This is once again critical for law enforcement agencies that require tight control over both physical spaces and digital assets. FSET is believed to be the first IT solutions provider to deploy YubiKey NFC technology with Verkada for dual-purpose access control. 

For the City of Kenora, we recently rolled out hundreds of YubiKey tokens across various municipal operations. The project showcased the versatility of Yubico’s technology for both day-to-day business and more sensitive operations requiring secure access. 

Applications and Opportunities 

Law enforcement, healthcare, government, and finance are just a few of the sectors that are particularly vulnerable to cyber threats due to the sensitive nature of the data they manage. YubiKey tokens, with their hardware-based cryptographic security, offer a solution that can meet the stringent regulatory requirements these industries face while also providing seamless user experience. 

For healthcare, YubiKey can ensure that only authorized personnel have access to patient data, protecting against data breaches and ensuring compliance with privacy laws. In finance, where secure communications and transactions are critical, phishing-resistant MFA ensures that even if login credentials are stolen, cybercriminals are unable to access sensitive financial systems. 

FSET is able to customize and implement passwordless solutions like YubiKey with a tailored approach that addresses your organization’s specific security requirements and workflows. The need is clear, and the shift is happening. Is your organization adapting? Contact us to learn more about going passwordless.