diff --git a/src/SUMMARY.md b/src/SUMMARY.md
index b59ce63..a368964 100644
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@@ -1,5 +1,7 @@
 # SUMMARY
+
 # Security Frameworks by SEAL
+
 - [Introduction to the Frameworks](./intro/introduction.md)
 - [What It Is](./intro/what-is-it.md)
 - [What It Isn't](./intro/what-it-isnt.md)
@@ -7,7 +9,9 @@
 - [Overview of Each Framework](./intro/overview-of-each-framework.md)
 
 # Frameworks
+
 - [Infrastructure](./infrastructure/README.md)
+
   - [Cloud Infrastructure](./infrastructure/cloud.md)
   - [DDoS Protection](./infrastructure/ddos-protection.md)
   - [DNS and Domain Registration](./infrastructure/dns-and-domain-registration.md)
@@ -18,20 +22,24 @@
   - [Network Security](./infrastructure/network-security.md)
 
 - [Monitoring](./monitoring/README.md)
+
   - [Guidelines](./monitoring/guidelines.md)
   - [Thresholds](./monitoring/thresholds.md)
 
 - [Front-End/Web Application](./front-end-web-app/README.md)
+
   - [Web Application Security](./front-end-web-app/web-application-security.md)
   - [Mobile Application Security](./front-end-web-app/mobile-application-security.md)
 
 - [Community Management](./community-management/README.md)
+
   - [Discord](./community-management/discord.md)
   - [Twitter](./community-management/twitter.md)
   - [Telegram](./community-management/telegram.md)
   - [Google](./community-management/google.md)
 
 - [Key Management](./key-management/README.md)
+
   - [Custodial vs Non-Custodial](./key-management/custodial-vs-non-custodial.md)
   - [Signing Schemes](./key-management/signing-schemes.md)
   - [Software Wallets](./key-management/software-wallets.md)
@@ -39,6 +47,7 @@
   - [Cold vs Hot Wallet](./key-management/cold-vs-hot-wallet.md)
 
 - [Encryption](./encryption/README.md)
+
   - [File Encryption](./encryption/file-encryption.md)
   - [Volume Encryption](./encryption/volume-encryption.md)
   - [Full Disk Encryption (FDE)](./encryption/full-disk-encryption.md)
@@ -50,6 +59,7 @@
   - [Hardware Encryption](./encryption/hardware-encryption.md)
 
 - [Incident Management](./incident-management/README.md)
+
   - [SEAL 911 War Room Guidelines](./incident-management/seal-911-war-room-guidelines.md)
   - [Incident Detection and Response Mechanisms](./incident-management/incident-detection-and-response-mechanisms.md)
   - [Playbooks](./incident-management/playbooks.md)
@@ -57,6 +67,7 @@
   - [Lessons Learned](./incident-management/lessons-learned.md)
 
 - [Operational Security](./operational-security/README.md)
+
   - [SIM Swapping](./operational-security/sim-swapping.md)
   - [Telegram](./operational-security/telegram.md)
   - [Standard Operating Environment](./operational-security/standard-operating-environment.md)
@@ -67,12 +78,14 @@
   - [G Suite Security](./operational-security/g-suite-security.md)
 
 - [DevSecOps](./devsecops/README.md)
+
   - [Repository Hardening](./devsecops/repository-hardening.md)
   - [Code Signing](./devsecops/code-signing.md)
   - [Integrated Development Environments](./devsecops/integrated-development-environments.md)
   - [Continuous Integration and Continuous Deployment](./devsecops/continuous-integration-continuous-deployment.md)
 
 - [Privacy](./privacy/README.md)
+
   - [Digital Footprint](./privacy/digital-footprint.md)
   - [Secure Browsing](./privacy/secure-browsing.md)
   - [Privacy-Focused Operating Systems and Tools](./privacy/privacy-focused-operating-systems-tools.md)
@@ -82,49 +95,59 @@
   - [Data Removal Services](./privacy/data-removal-services.md)
 
 - [Vulnerability Disclosure](./vulnerability-disclosure/README.md)
+
   - [Security Contact](./vulnerability-disclosure/security-contact.md)
   - [Bug Bounties](./vulnerability-disclosure/bug-bounties.md)
 
 - [Supply Chain](./supply-chain/README.md)
+
   - [Dependency Awareness](./supply-chain/dependency-awareness.md)
   - [Supply-Chain Levels for Software Artifacts](./supply-chain/supply-chain-levels-software-artifacts.md)
 
 - [Awareness](./awareness/README.md)
+
   - [Social Engineering](./awareness/social-engineering.md)
   - [Security Training](./awareness/security-training.md)
   - [Staying Up to Date](./awareness/staying-up-to-date.md)
 
 - [External Security Reviews](./external-security-reviews/README.md)
+
   - [Expectation](./external-security-reviews/expectation.md)
   - [Preparation](./external-security-reviews/preparation.md)
   - [Vendor Selection](./external-security-reviews/vendor-selection.md)
   - [Security Policies and Procedures](./external-security-reviews/security-policies-procedures.md)
 
 - [Governance](./governance/README.md)
+
   - [Risk Management](./governance/risk-management.md)
   - [Compliance with Regulatory Requirements](./governance/compliance-regulatory-requirements.md)
   - [Security Metrics and KPIs](./governance/security-metrics-kpis.md)
 
 - [Security Automation](./security-automation/README.md)
+
   - [Threat Detection and Response](./security-automation/threat-detection-response.md)
   - [Infrastructure as Code](./security-automation/infrastructure-as-code.md)
   - [Compliance Checks](./security-automation/compliance-checks.md)
 
 - [Threat Modeling](./threat-modeling/README.md)
+
   - [Identify and Mitigate Threats](./threat-modeling/identity-mitigate-threats.md)
   - [Create and Maintain Threat Models](./threat-modeling/create-maintain-threat-models.md)
 
 - [Identity and Access Management (IAM)](./iam/README.md)
+
   - [Role-Based Access Control (RBAC)](./iam/role-based-access-control.md)
   - [Secure Authentication](./iam/secure-authentication.md)
 
 - [Secure Software Development](./secure-software-development/README.md)
+
   - [Secure Coding Standards and Guidelines](./secure-software-development/secure-coding-standards-guidelines.md)
   - [Threat Modeling and Secure Design Principles](./secure-software-development/threat-modeling-secure-design-principles.md)
   - [Code Reviews and Peer Audits](./secure-software-development/code-reviews-peer-audits.md)
   - [Secure Code Repositories and Version Control](./secure-software-development/secure-code-repositories-version-control.md)
 
 - [Security Testing](./security-testing/README.md)
+
   - [Dynamic Application Security Testing (DAST)](./security-testing/dynamic-application-security-testing.md)
   - [Static Application Security Testing (SAST)](./security-testing/static-application-security-testing.md)
   - [Fuzz Testing](./security-testing/fuzz-testing.md)
@@ -132,15 +155,17 @@
 
 - [User and Team Security](./user-team-security/README.md)
   - [Security Training](./user-team-security/security-training.md)
+  - [Yubikeys](./user-team-security/yubikeys.md)
   - [Security-Aware Culture](./user-team-security/security-aware-culture.md)
   - [Phishing and Social Engineering](./user-team-security/phishing-social-engineering.md)
 
 # Practical Guides
+
 <!-- - Step-by-step implementation — can be omitted
 - Case studies — an idea -->
 
 # Additional Resources
+
 - [Contributing](./contribute/contributing.md)
   - [Contributors](contribute/contributors.md)
-<!-- - Tools and software recommendations
-- Further reading and references -->
+  <!-- - Tools and software recommendations - Further reading and references -->
diff --git a/src/user-team-security/5Cmini.png b/src/user-team-security/5Cmini.png
new file mode 100644
index 0000000..26a8942
Binary files /dev/null and b/src/user-team-security/5Cmini.png differ
diff --git a/src/user-team-security/5c.png b/src/user-team-security/5c.png
new file mode 100644
index 0000000..68fe60d
Binary files /dev/null and b/src/user-team-security/5c.png differ
diff --git a/src/user-team-security/GitHub_Phishing_OTP.mov b/src/user-team-security/GitHub_Phishing_OTP.mov
new file mode 100644
index 0000000..feefcf7
Binary files /dev/null and b/src/user-team-security/GitHub_Phishing_OTP.mov differ
diff --git a/src/user-team-security/GitHub_Phishing_Yubikey.mov b/src/user-team-security/GitHub_Phishing_Yubikey.mov
new file mode 100644
index 0000000..632fbe6
Binary files /dev/null and b/src/user-team-security/GitHub_Phishing_Yubikey.mov differ
diff --git a/src/user-team-security/authenticator.png b/src/user-team-security/authenticator.png
new file mode 100644
index 0000000..7df346d
Binary files /dev/null and b/src/user-team-security/authenticator.png differ
diff --git a/src/user-team-security/howyubikeyswork.png b/src/user-team-security/howyubikeyswork.png
new file mode 100644
index 0000000..baa9b5b
Binary files /dev/null and b/src/user-team-security/howyubikeyswork.png differ
diff --git a/src/user-team-security/yubikeys.md b/src/user-team-security/yubikeys.md
new file mode 100644
index 0000000..cc02f78
--- /dev/null
+++ b/src/user-team-security/yubikeys.md
@@ -0,0 +1,65 @@
+# Use Yubikeys
+
+<aside>
+💡 Only buy yubikeys from the official store at [https://www.yubico.com/](https://www.yubico.com/) DO NOT PURCHASE ANYWHERE ELSE.
+
+</aside>
+
+# TL;DR
+
+OTP is when you put in the number from the application in your phone when you login. Baddies will trick you into giving them that during phishing and its been a common part of phishing kits for many years. Using a hardware token where you touch the token in your computer (see images below) rather than use the code currently is the best protection we have — Use it!
+
+![5c.png](5c.png)
+
+![5Cmini.png](5Cmini.png)
+
+# Example Phishing
+
+Phishing with OTP (successful 😢)
+
+[GitHub_Phishing_OTP.mov](GitHub_Phishing_OTP.mov)
+
+Phishing with Yubikey (Safe! 💪🔒)
+
+[GitHub_Phishing_Yubikey.mov](GitHub_Phishing_Yubikey.mov)
+
+## Overview
+
+Most online accounts are secured by a username and a password, this is a single factor of authentication (to prove you are who you say you are!), to keep everyone safe the general security guidance is to recommend that users have an **additional** form of authentication. This means that if a **baddie** has your username and password they also need something else to login to your accounts!
+
+Some examples of Multi-factor options:
+
+- **Software Authenticators** - Google Authenticator / Authy
+- **Hardware Tokens** - Yubikey, Google Titan security key
+- **Mixed** - Touch ID on Mac
+- **Application Specific pushes** - Duo Security, Okta, Google Mail
+
+## Types of MFA
+
+Modern MFA is most commonly split into two different types, one being OTP/TOTP and the Fido2/WebAuthN
+
+**OTP/TOTP**
+
+OTP/TOTP stands for **O**ne **T**ime **P**assword or **T**ime-based **O**ne **T**ime **P**assword. Commonly you will just see them as the numbers in authenticator apps like Google Authenticator or Authy:
+
+![authenticator.png](authenticator.png)
+
+Untitled
+
+These numbers are generated from a **seed** value when you first setup the application (commonly sent via a QR code). They then periodically update based on an interval of time having passed or the current time.
+
+## FIDO2/WebAuthN
+
+WebAuthN is the most modern means of authentication we have and prevents phishing (for now!) The way it works is when you need to login to a website you put in your username and password and the website itself will communicate with the browser and ask for you to authenticate. This is similar to the way the browser integrates with something like a crypto wallet!
+
+![howyubikeyswork.png](howyubikeyswork.png)
+
+(taken from [https://auth0.com/blog/introduction-to-web-authentication/](https://auth0.com/blog/introduction-to-web-authentication/))
+
+**Note:** Fido2 is technically a protocol that lets you communicate to different authenticators and WebAuthN is the way we use that authentication to communicate to authorization services.
+
+## Additional resources
+
+Multi-part entry on the history of attacking MFA:
+
+[https://www.linkedin.com/pulse/conceit-weak-authentication-part-1-jeff-nathan/](https://www.linkedin.com/pulse/conceit-weak-authentication-part-1-jeff-nathan/)[https://www.linkedin.com/pulse/conceit-weak-authentication-part-2-jeff-nathan/](https://www.linkedin.com/pulse/conceit-weak-authentication-part-2-jeff-nathan/)[https://www.linkedin.com/pulse/conceit-weak-authentication-part-3-jeff-nathan/](https://www.linkedin.com/pulse/conceit-weak-authentication-part-3-jeff-nathan/)