Case Study: Government of Nunavut achieves phishing-resistant, scalable passwordless security with Yubico

Government of Nunavut turns to phishing-resistant YubiKeys after ransomware attack

The Government of Nunavut, a vast and remote Canadian territory, suffered a sophisticated spear‑phishing attack in November 2019 that led to ransomware taking down critical servers, phone systems, and applications. After rebuilding their network and adopting Microsoft Azure AD and M365, protecting identities and access became the top priority across a decentralized IT environment that supports many transient workers in remote communities.

They implemented Yubico YubiKeys—recommended by Microsoft’s DART team—for phishing‑resistant, offline multi‑factor authentication that works as both a smartcard and FIDO2 passwordless credential. With YubiEnterprise provisioning and Microsoft/Yubico professional services, Nunavut quickly onboarded users, scaled protection for a transient workforce, and restored security and control while creating a clear path to passwordless authentication.

Government of Nunavut

Martin Joy

Director, Information & Communications Technology