Case Study: Boliden achieves phishing-resistant, passwordless access and stronger security with Yubico

Boliden advances its reputation for innovation with YubiKeys

Boliden, a leading Nordic metals-mining company with operations across remote mines, smelters and offices, faced growing cybersecurity risk as it moved more services to the cloud and relied on roaming employees and privileged admin accounts. With production that cannot be paused without severe cost and safety risks, Boliden needed stronger, phishing-resistant identity protection and a move toward Zero Trust and passwordless authentication.

Boliden deployed YubiKey 5C NFCs using FIDO2/WebAuthn and PIV for highly privileged accounts — protecting Azure, Office 365, AWS and on‑prem servers — giving users one physical device for multiple protocols. The rollout was simple and has delivered faster, passwordless logins, improved user experience and stronger assurance against mobile MFA attacks; employees report time savings and increased confidence in security, and Boliden plans a phased wider rollout.

Boliden

Mathias Ignberg

Service Manager: Identity & Access Management and Cloud