Most companies are definitely NOT using Yubikeys. Did you work for Google? Nice man :)
MFA in general had to be forced on companies, and then it is most often in software on a phone.
Here are some rough numbers.
google_workspace:
total_active_users: "3 billion (includes free/consumer Gmail)"
paid_business_customers: "11 million companies (2024)"
paid_customer_growth: "+1 million companies in under 1 year (2023-2024)"
global_business_market_share: "~50%"
fortune_500_presence: "minority share, weaker than Microsoft in enterprise"
mfa_with_yubikeys:
internal_google_employees: "100% use hardware keys (Yubikey/Titan) — since 2017"
fido_u2f_origin: "Google co-created U2F standard with Yubico post-Operation Aurora"
estimated_user_adoption_pct: "~1-3% of all Workspace users (inference, not published)"
concentration: "Highest in finance, government, tech/security-conscious orgs"
typical_majority_mfa_method: "TOTP apps (Google Authenticator) or SMS"
enterprise_passkey_deployment_2025: "87% of US/UK enterprises deploying or have deployed passkeys (FIDO Alliance — includes all hardware key types, not Yubikey-specific)"
microsoft_365:
total_active_users: "~270 million (commercial)"
paid_business_customers_us: "~1 million active US business customers"
us_company_penetration: "~3% of all US companies"
global_business_market_share: "~45%"
fortune_500_presence: "~75% of Fortune 500"
mfa_with_yubikeys:
exact_stat_available: false
note: "Same data gap as Workspace — no published breakdown"
caveats:
- "Google's 3B user figure conflates consumer and business — not comparable to Microsoft's 270M commercial figure"
- "Market share figures vary by methodology (seats vs revenue vs orgs)"
- "Yubikey adoption % is an industry inference; treat as directional only"
- "Passkey != Yubikey — FIDO Alliance 87% figure covers all FIDO2/passkey methods"
I worked for Amazon they used the open source version of chrome os (chromium os). And mini PCs, I think this is the best setup, If I ever have to manage a company I will do this.