Modernizing authentication for US federal government agencies

For years, both the public and private sector have faced similar challenges when securing the confidentiality, integrity, and availability (CIA triad) of their information systems. Older technologies and policies have historically conflicted with business/organizational objectives when striving for high security. Today, advancements in cryptography and the adoption of newer, improved open standards are eliminating usability issues, and reducing help desk costs through fewer forgotten passwords. We like to call that modernization.

More than a year ago, the National Institute of Standards and Technology (NIST) began the process of updating their SP 800-63 Digital Identity Guidelines. These much needed changes enable federal agencies and contractors to leverage more convenient and secure authentication methods while still maintaining highest security. As a result, the cybersecurity team’s efforts to comply with federal guidelines can now more easily align with the rest of the industry-evolving technologies already embraced in the private sector.

At Yubico, our mission is to make secure online identities ubiquitous by making account security easy to use, secure, and affordable. The YubiKey combines three of NIST’s permitted authentication types—multi-factor crypto device (PIV-compatible/smart card), single-factor crypto device (FIDO U2F), and single-factor OTP device (Yubico OTP and OATH HOTP/TOTP). In addition, the YubiKey is currently on track to become the first multi-protocol hardware authenticator certified at FIPS 140-2 Overall Level 2 and Physical Level 3.

The modernization of policy by the US federal government presents an opportunity for Yubico and Duo Security—both trusted leaders in easy to use, reliable security products—to deliver a unified security platform for government agencies and contractors that meets NIST Authenticator Assurance Levels 2 through 3 (AAL 2 – AAL3).

We recently sat down with Sean Frazier, Duo Advisory Chief Information Security Officer, Federal during discussions on our joint solution. He shared, “The new authentication and authorization guidance from NIST is giving public sector agencies lots of flexibility to meet their most stringent security needs while providing previously elusive ease of use. In a sector that has been pushing to catch up to other industries in terms of cloud and mobile, the new guidelines are a welcome change for every federal CISO who’s looking to modernize their IT environment. Duo and Yubico combine an easy to use and extremely effective way to achieve the highest levels of assurance for trusted access.”

Duo’s platform enables federal agencies to leverage YubiKey hardware to securely access data and applications on the network or in the cloud. “This federal partnership with Duo underscores our joint commitment to data protection, as well as our responsibility as industry leaders to help federal agencies protect the individuals they serve,” said Jerrod Chong, Yubico SVP of Product. “We’ve made it our shared mission to advocate easy to use security, and encourage the adoption of new open standards like FIDO U2F to meet AAL 3.”

Learn more about what you can do with Duo and the YubiKey. Read Duo’s press release on our partnership.

Additional Resources:

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey