Deliver strong MFA for employee SSH and OS logins with PIV

PIV credentials are like secure passes: tie them to a security key or card, and only give them to employees who have proven their identity. Know that every time a credential is used, it is tied to a trusted user. PIV credentials prove identity during every login or SSH with strong cryptography derived from your certificate authority.

Passwords are bad practice

Remembering a long passphrase is a nuisance—their security is undermined by employees reusing them across accounts and storing them in insecure locations. Short passwords, on the other hand, are easy for attackers to crack.

After getting a foothold in your environment, the invader uses a variety of methods to harvest credentials from the network or endpoints. They then move to other systems and escalate their privileges in an enterprise network. Their target: your corporate data.

The PIV/Smart Card standard solves for this. Its private key is stored in a secure hardware module and cannot be used for lateral movement or privilege escalation. Using certificates and cryptography to identify users is not only a major leap in security, it’s a better work experience for employees: the heavy lifting is on a chip, not in your head.

How we help you protect infrastructure with PIV logins

Moving to strong MFA with the PIV (Smart Card) standard involves managing users, authenticators, PKI infrastructure, and devices. You’ll need a platform that brings the pieces together: helping you enroll and manage your authenticators, and establish trusted logins across every work computer and server.

Enroll

The 0pass App allows every employee to enroll YubiKeys which provisions them with PIV/Smart Card credentials.

Manage

Control all aspects of your deployment: adjust settings, manage YubiKeys, or export audit logs.

Trust

The credential on the YubiKey is tied to a trusted certificate chain. 0pass can handle the certificate management.

Unify

0pass gives you tools and resources implement PIV/Smart Card authentication for every workstation and server.

Request Free Trial

How we help you protect infrastructure with PIV logins

Moving to strong MFA with the PIV (Smart Card) standard involves managing users, authenticators, PKI infrastructure, and devices. You’ll need a platform that brings the pieces together: helping you enroll and manage your authenticators, and establish trusted logins across every work computer and server.

Enroll

The 0pass App allows every employee to enroll YubiKeys which provisions them with PIV/Smart Card credentials.

Manage

Control all aspects of your deployment: adjust settings, manage YubiKeys, or export audit logs.

Trust

The credential on the YubiKey is tied to a trusted certificate chain. 0pass can handle the certificate management.

Unify

0pass gives you tools and resources implement PIV/Smart Card authentication for every workstation and server.

Request Free Trial

How we help you protect infrastructure with PIV logins

Moving to strong MFA with the PIV (Smart Card) standard involves managing users, authenticators, PKI infrastructure, and devices. You’ll need a platform that brings the pieces together: helping you enroll and manage your authenticators, and establish trusted logins across every work computer and server.

Enroll

The 0pass App allows every employee to enroll YubiKeys which provisions them with PIV/Smart Card credentials.

Manage

Control all aspects of your deployment: adjust settings, manage YubiKeys, or export audit logs.

Trust

The credential on the YubiKey is tied to a trusted certificate chain. 0pass can handle the certificate management.

Unify

0pass gives you tools and resources implement PIV/Smart Card authentication for every workstation and server.

Request Free Trial

Common attack tactics that PIV stops

Password theft and phishing

Attackers acquire employee credentials by purchasing them on the dark web, phishing an employee, or breaching a public website database. Once the attacker has valid credentials, they mount further stages of an attack on workstations and infrastructure.

We’ll give you all the tools you need. We have the tools, configurations, and integrations to get your servers, web apps, and workstations ready.

Attackers steal:

Attackers steal:

SSH Keys

SSH Keys

Passwords

Passwords

Harvest and Crack

Attackers with access to an environment steal cached passwords or capture them from your network. They crack password hashes and use them to move laterally and escalate privileges. Each step gives them a stronger foothold and relies on stolen credentials.

We’ll give you all the tools you need. We have the tools, configurations, and integrations to get your servers, web apps, and workstations ready.

Attackers steal:

Attackers steal:

Password Hashes

Password Hashes

SSH Keys

SSH Keys

Stop the att&ck

Deploying PIV (aka Smart Card login) with 0pass helps you defend against the powerful adversarial techniques in the MITRE Att&ck Framework .

Let's talk about your use case

Chat with a security engineer and see whether we can help secure your environment. You can also set up a demo and access a free 30-day trial.

Access a free trial

Advice from security engineers

See a demo

Explore the Product

Request Free Trial

Let's talk about your use case

Chat with a security engineer and see whether we can help secure your environment. You can also set up a demo and access a free 30-day trial.

Access a free trial

Advice from security engineers

See a demo

Explore the Product

Request Free Trial

Let's talk about your use case

Chat with a security engineer and see whether we can help secure your environment. You can also set up a demo and access a free 30-day trial.

Access a free trial

Advice from security engineers

See a demo

Explore the Product

Request Free Trial