Why our VPN doesn't use passwords

### Improved VPN Setup at Zapier Reduces Security Risks while Boosting Employee Productivity The new VPN setup at Zapier aims to simplify security while reducing the need for human approval, allowing employees to quickly set up their tech before diving into onboarding tasks. By using single sign-on (SSO) and YubiKeys or certificates, users can log in with a one-time setup, eliminating passwords and minimizing the risk of phishing attacks. The offboarding process is also automated, disabling user accounts and revoking certificates when employees leave the company, ensuring no lingering access to networks. A playbook allows for temporary exemptions, providing some protection against shared VPN profiles or malicious intent. The security team relies on certificates, which are harder to clone or intercept than SMS-based MFA methods, and monitoring is done through a web application that produces simple and lightweight metrics.