Case Study: Facebook achieves effortless, scalable two-factor authentication for thousands of employees with Yubico YubiKey

Facebook makes security effortless for employees Balancing usability and security

Facebook, the global social networking and advertising platform, needed strong, scalable two-factor authentication for its development environment because engineers run thousands of SSH sessions daily and the company is a high-value target for attackers. The security solution had to prevent lateral movement if a machine was compromised while remaining seamless so developers wouldn’t bypass it—traditional OTPs, smart cards, and biometrics introduced too much friction.

Facebook chose the YubiKey 4 Nano with Duo, which allows developers to authenticate by tapping a key that remains connected to their device, working with multiple SSH mechanisms and supporting frequent logins. Deployed to thousands of engineers within months and then company-wide, the solution reduced support overhead, strengthened protection against lateral attacks and account takeover, and enabled easy rollout to email, VPN, and billions of users.

Facebook

John “Four” Flynn

Information Security Manager