5 reasons why the government and other public sector agencies should care about WebAuthn

Federal, state and local governments and other public sector agencies have important responsibilities that support a functioning community – everything from national security to public transit, public education, public safety, state parks, financial services, energy and power grids, and many more services are all tax funded and managed by the public sector. While these are vital components to life as we know it, the sheer amount of personal and sensitive information required to uphold these critical operations puts agencies at constant risk of being compromised.

Government and other public sector run systems and data are accessed daily not only by employees and contractors, but also by partners and citizens, exponentially increasing the likelihood of security breaches related to account takeovers. In fact, remote hacks continue to occur at an alarming rate, while also growing more advanced. According to the 2020 Verizon Data Breach Report, organized criminal groups were behind 55% of breaches, and nation-state or state-affiliated actors were behind 38% of breaches.

While CAC and PIV cards are de-facto authentication methods across various Federal agencies within the public sector, there are many cases where they’re not suitable, and passwords do not provide enough security to defend against the volume of sophisticated attacks. Fortunately, WebAuthn, a core component of the FIDO Alliance’s FIDO2 set of specifications, is a modern, phishing-resistant web authentication standard that is now supported across all computing platforms. WebAuthn makes it easy for websites, services, and applications to offer strong authentication with the option of removing the reliance on passwords entirely. This could include government hosted web-based applications and services – like the Department of Motor Vehicles –  that are both employee and customer facing.

Here are 5 reasons why the Federal government and other public sector agencies should care about WebAuthn:

Standardized strong authentication 

For the first time, the standardization of strong authentication is possible. Imagine setting up simple multi-factor authentication (MFA) across digital public sector services and having a convenient, consistent, and secure login. WebAuthn enables just that across all major browsers and operating systems, empowering services and apps to make strong authentication available to end users.

Improved security 

The public sector has access to critical information and stores sensitive data, meaning a breach could impose on the safety and security of millions of constituents. With the help of public key cryptography, WebAuthn raises the bar for strong authentication and provides strong MFA security for users, including public sector employees, contractors, partners and citizens.

Seamless user experience 

Through a WebAuth API, strong authentication is accessible for web and mobile apps, eliminating the hassle of password resets and SMS codes, allowing users the convenience to sign in by tapping a security key. The WebAuthn API enables IT teams and developers to easily and quickly integrate WebAuthn into existing and new services, providing a consistent and seamless authentication experience for their users.

WebAuthn also gives users a broad range of choices for authenticating, from biometrics to hardware security keys.

Improved productivity 

Resetting passwords is no longer an issue with WebAuthn. With the possibility of passwordless login, it eliminates the time spent and frustrations that stem from managing passwords. This time saved extends to help desks and support centers – for both internal public sector employees and external users – who no longer have to devote resources to resetting and maintaining passwords.

Reduced costs 

Breaches, especially for government and other public sector entities, can be detrimental in many ways, including confidential data loss, lost productivity and financial burdens. WebAuthn helps reduce negative financial impacts associated with breaches and support costs, allowing government and other public sector services to repurpose budget that was previously designated to maintain and manage infrastructure and passwords.

Interested in learning more about the benefits of WebAuthn in the public sector? Download the best practices guide, here.  

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day