Case Study: Hyatt Hotels achieves phishing-resistant, passwordless authentication and improved guest experience with Yubico

Hyatt Hotels leverages passwordless to reduce risk & elevate the guest experience

Hyatt Hotels, a global hospitality company with roughly 1,500 properties and about 200,000 colleagues, struggled with insecure and friction-filled mobile MFA (SMS/OTP) that conditioned users to approve fraudulent prompts and led to account compromises. Managing identities and 50,000+ endpoints across many locations made balancing security and usability a major challenge—especially for front‑of‑house staff who needed quick, unobtrusive access while serving guests.

Hyatt partnered with Microsoft and Yubico to deploy YubiKey hardware tokens integrated with Azure AD and FIDO2 passwordless authentication. The change delivered phishing‑resistant MFA for all PII and cardholder data, up to 4x faster logins, fewer support calls, improved guest-facing interactions (no phones required), and a clear path toward full, organization‑wide passwordless authentication.

Hyatt Hotels

Art Chernobrov

Director of Identity, Access, and Endpoints