Advancing digital security with passwordless MFA

Recent announcements from Yubico, OneSpan, Amazon Web Services (AWS), and the New York Department of Financial Services (NYDFS) highlight an industry-wide commitment to a frictionless digital future that will see emerging cyber risks addressed.

Yubico passwordless enrollment suite for Microsoft users

Yubico has introduced the Yubico enrollment suite designed to simplify passwordless onboarding for Microsoft environments, including Yubico FIDO [re-reg and the company’s new YubiEnroll. These systems integrate with Microsoft’s Entra ID for organizations looking to create stronger cyber resilience with a Zero Trust model.

The turnkey tool aims to mitigate vulnerabilities associated with traditional passwords for organizations to implement phishing-resistant authentication. The enrollment suite integrates with Microsoft Azure active directory and leverages FIDO2 technology.

“Microsoft and Yubico have collaborated for years to ensure that businesses worldwide can protect their identities from increasingly sophisticated cyber threats like phishing,” says Nitika Gupta, partner group product manager at Microsoft.

“With the integration of Yubico enrollment suite and Microsoft Entra ID’s FIDO provisioning, we empower our customers to create phishing-resistant users and fully secure the employee lifecycle, from onboarding to authentication and account recovery. Our customers can now achieve the security and flexibility they need to protect their enterprise resources with phishing-resistant YubiKeys.”

Microsoft partners elsewhere are utilizing Entra ID with biometrics, FIDO2, and MFA integration.

Yubico and Okta unveiled the industry’s first tool for pre-registering YubiKeys with Yubico FIDO Pre-Reg, tailored for Okta users. As a result, Yubico is now extending the capability to Microsoft customers through the Yubico enrollment suite, offering limited early access for organizations using Microsoft Entra ID.

OneSpan, Ping Identity forge frictionless digital experiences

Meanwhile, OneSpan has partnered with Ping Identity on digital workflows with streamlined identity verification and multi-factor authentication (MFA). The collaboration integrates OneSpan’s adaptive, FIDO-enabled authentication technology with Ping Identity’s single sign-on platform, reducing friction while maintaining security measures.

“OneSpan is excited to join forces with Ping Identity to enhance the security landscape by delivering the most secure and user-friendly authentication solutions that protect our customers against today’s evolving cyber threats,” says Giovanni Verhaeghe, senior vice president of corporate and business development at OneSpan.

“By partnering with Ping Identity, we’re making it easier for organizations to leverage high assurance hardware-based authentication with Ping Identity’s market-leading identity management solutions.”

AWS expands centralized security controls for MFA compliance

In a parallel development, AWS has bolstered its centralized security controls to meet expanding multi-factor authentication (MFA) requirements. This initiative aligns with the platform’s “secure by design” ethos, offering tools like AWS Identity and Access Management (IAM) to enforce MFA policies across multiple accounts.

AWS says in a written blog post that “We also guard against setting weak passwords, never suggest default passwords for users to use, and when we detect unusual sign-in activity for customers who haven’t yet enabled MFA, we validate the sign-in with one-time PIN challenges to their primary email address. Despite these measures, passwords alone remain inherently risky.”

Starting in Spring 2025, AWS will require customers to enable multi-factor authentication (MFA) for root users in member accounts under AWS Organizations to access the AWS Management Console, unless central root access management is already in place.

DFS highlights role of MFA in combating AI-driven cyber threats

Adding to the dialogue, the New York state Department of Financial Services (DFS) has issued new guidance addressing the cybersecurity risks posed by artificial intelligence (AI), urging entities under its regulation to bolster their defenses. A key recommendation includes the deployment of Multi-Factor Authentication (MFA) systems to combat the rising tide of AI cyber threats, such as deepfake-driven social engineering attacks.

DFS underscores MFA as a critical measure to mitigate these threats. By requiring users to authenticate their identities using at least two of three factors, knowledge (password), inherence (biometric), and possession (security token), MFA reduces the likelihood of unauthorized access.

From November 2025, DFS will mandate that all regulated entities implement MFA across their systems, covering employees, contractors, and third-party service providers. The guidance urges organizations to adopt well-rounded MFA technologies capable of resisting AI attacks, such as digital certificates, physical security keys, and biometrics enhanced with liveness detection.

Article Topics

Amazon Web Services (AWS)  |  cybersecurity  |  digital identity  |  Microsoft Entra  |  multifactor authentication  |  OneSpan  |  passwordless authentication  |  Ping Identity  |  Yubico