Case Study: Duke University achieves phishing-resistant, fast two-factor protection for SSH, RDP, and VPN with Yubico's YubiKey

Duke University protects critical IT systems with the YubiKey

Duke University, a leading U.S. research institution, needed a reliable, easy-to-deploy two-factor authentication solution to protect accounts from phishing, keyloggers, and stolen or weak passwords. With some user groups logging in via SSH, RDP, or Shibboleth dozens of times per day, typing one-time passwords from a mobile app was impractical, so the university required a fast, multi-protocol 2FA option that worked across many systems.

Duke piloted and then deployed YubiKey beginning in 2012, integrating it with its primary two-factor service and Shibboleth and requiring 2FA for SSH, RDP, and select VPN access. Using all YubiKey form factors and protocols (Yubico OTP, SSH, remote access, VPN), the solution delivered touch-to-authenticate convenience, faster logins, phishing resistance, and positive feedback from IT leadership and users, with Yubico providing responsive support.

Duke University

Richard Biever

Chief Information Security Officer