Modernizing authentication for US federal government agencies

For years, both the public and private sector have faced similar challenges when securing the confidentiality, integrity, and availability (CIA triad) of their information systems. Older technologies and policies have historically conflicted with business/organizational objectives when striving for high security. Today, advancements in cryptography and the adoption of newer, improved open standards are eliminating usability issues, and reducing help desk costs through fewer forgotten passwords. We like to call that modernization.

More than a year ago, the National Institute of Standards and Technology (NIST) began the process of updating their SP 800-63 Digital Identity Guidelines. These much needed changes enable federal agencies and contractors to leverage more convenient and secure authentication methods while still maintaining highest security. As a result, the cybersecurity team’s efforts to comply with federal guidelines can now more easily align with the rest of the industry-evolving technologies already embraced in the private sector.

At Yubico, our mission is to make secure online identities ubiquitous by making account security easy to use, secure, and affordable. The YubiKey combines three of NIST’s permitted authentication types—multi-factor crypto device (PIV-compatible/smart card), single-factor crypto device (FIDO U2F), and single-factor OTP device (Yubico OTP and OATH HOTP/TOTP). In addition, the YubiKey is currently on track to become the first multi-protocol hardware authenticator certified at FIPS 140-2 Overall Level 2 and Physical Level 3.

The modernization of policy by the US federal government presents an opportunity for Yubico and Duo Security—both trusted leaders in easy to use, reliable security products—to deliver a unified security platform for government agencies and contractors that meets NIST Authenticator Assurance Levels 2 through 3 (AAL 2 – AAL3).

We recently sat down with Sean Frazier, Duo Advisory Chief Information Security Officer, Federal during discussions on our joint solution. He shared, “The new authentication and authorization guidance from NIST is giving public sector agencies lots of flexibility to meet their most stringent security needs while providing previously elusive ease of use. In a sector that has been pushing to catch up to other industries in terms of cloud and mobile, the new guidelines are a welcome change for every federal CISO who’s looking to modernize their IT environment. Duo and Yubico combine an easy to use and extremely effective way to achieve the highest levels of assurance for trusted access.”

Duo’s platform enables federal agencies to leverage YubiKey hardware to securely access data and applications on the network or in the cloud. “This federal partnership with Duo underscores our joint commitment to data protection, as well as our responsibility as industry leaders to help federal agencies protect the individuals they serve,” said Jerrod Chong, Yubico SVP of Product. “We’ve made it our shared mission to advocate easy to use security, and encourage the adoption of new open standards like FIDO U2F to meet AAL 3.”

Learn more about what you can do with Duo and the YubiKey. Read Duo’s press release on our partnership.

Additional Resources:

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless