A hardware security key for phishing-resistant MFA, the gold standard for authenticating SREs into production systems.
A YubiKey is a small USB or NFC hardware device that implements FIDO2/WebAuthn, smart-card, and OTP protocols to provide phishing-resistant multi-factor authentication. Unlike SMS or app-based codes, YubiKeys cryptographically verify the relying party's domain, so a phishing site can't replay a captured code. Major cloud providers, GitHub, and identity providers (Okta, Auth0, Google Workspace) support YubiKey enrollment for both interactive logins and SSH/API access.
Most successful breaches start with a stolen credential: phished password plus an SMS or push-bypass MFA. Hardware keys remove that attack surface entirely, an attacker who has the password still cannot authenticate without physical possession of the key. For SRE teams operating critical production access (root cloud accounts, deploy keys, secrets managers), YubiKey-required login is the single highest-leverage security control available.
See the part of the platform that handles yubikey in production.