Today, at the 2017 Federal Identity Forum (FedID), we are taking an important step towards a more secure internet for everyone by introducing the first US federal services to offer identity proofing protection with an unphishable FIDO U2F security key. This solution is enabled through identity proofing provider ID.me, and marks the first roll out of FIDO U2F two-factor authentication for government agencies in the US.
As the co-author of U2F and the leading maker of FIDO U2F security keys, Yubico is thrilled to see ID.me become the first in helping protect US government services using FIDO U2F security keys. Today, US citizens can use the same YubiKey to log in securely to leading internet services, including Google and Facebook, and now on federal sites where ID.me is used for identity proofing. This is a great milestone for all the contributors of the FIDO U2F standards.
“Thieves can guess or steal passwords from a database, and they can spoof biometrics,” said Blake Hall, CEO of ID.me.
“A physical FIDO U2F security key is ‘unphishable’ – to provide more robust and easy to use security to all customers, it’s essential to support FIDO U2F based standards and the adoption of security keys.”
This week’s announcement of US e-Government support for FIDO U2F follows last year’s launch by the UK government. Similar to the US government initiatives, the GOV.UK Verify service for UK citizens offers a combination of identity proofing, single-sign on, and secure authentication with FIDO U2F security keys. GOV.UK Verify used with FIDO U2F was enabled through identity provider Digidentity. Yubico is in dialogue with many other countries around the world that are considering offering U2F authentication for citizen-facing government services.