Explain why what is false? You're just making vague claims about anecdotal experiences. It seems unlikely, in general, that a security team would not support a Yubikey rollout. Even one that only cares about compliance would likely support it because it will make compliance easier - auditors care a lot about phishing and if you can say "OK, yeah, we had some users fail the phishing test again BUT our 2FA is phish-proof" that's an easier conversation.
I'm sure there are truly lazy and incompetent security teams out there but it makes no sense that they would be the majority or even particularly prevalent. Maybe you're just unlucky and ran into one, or maybe there were real reasons why a Yubikey rollout wouldn't work;
a) Who's going to ship the keys? Yubico provides services for that, will you use those? Pay for them?
b) Who's paying for this? Did your infra team ask the security team to pay for it? Who's paying for replacements and support?
c) Is this a high priority for the team vs other issues?
d) Do all of your vendors support Yubikeys or are you going to have to have a hybrid solution? What will migration from vendors configured for some other FMA solution to Yubikeys look like?
I support a rollout at any company, for the record, but these vague statements with the conclusion of "security people don't care" leave a lot to be desired.
I'm sure there are truly lazy and incompetent security teams out there but it makes no sense that they would be the majority or even particularly prevalent. Maybe you're just unlucky and ran into one, or maybe there were real reasons why a Yubikey rollout wouldn't work;
a) Who's going to ship the keys? Yubico provides services for that, will you use those? Pay for them?
b) Who's paying for this? Did your infra team ask the security team to pay for it? Who's paying for replacements and support?
c) Is this a high priority for the team vs other issues?
d) Do all of your vendors support Yubikeys or are you going to have to have a hybrid solution? What will migration from vendors configured for some other FMA solution to Yubikeys look like?
I support a rollout at any company, for the record, but these vague statements with the conclusion of "security people don't care" leave a lot to be desired.