Modernizing authentication for US federal government agencies

For years, both the public and private sector have faced similar challenges when securing the confidentiality, integrity, and availability (CIA triad) of their information systems. Older technologies and policies have historically conflicted with business/organizational objectives when striving for high security. Today, advancements in cryptography and the adoption of newer, improved open standards are eliminating usability issues, and reducing help desk costs through fewer forgotten passwords. We like to call that modernization.

More than a year ago, the National Institute of Standards and Technology (NIST) began the process of updating their SP 800-63 Digital Identity Guidelines. These much needed changes enable federal agencies and contractors to leverage more convenient and secure authentication methods while still maintaining highest security. As a result, the cybersecurity team’s efforts to comply with federal guidelines can now more easily align with the rest of the industry-evolving technologies already embraced in the private sector.

At Yubico, our mission is to make secure online identities ubiquitous by making account security easy to use, secure, and affordable. The YubiKey combines three of NIST’s permitted authentication types—multi-factor crypto device (PIV-compatible/smart card), single-factor crypto device (FIDO U2F), and single-factor OTP device (Yubico OTP and OATH HOTP/TOTP). In addition, the YubiKey is currently on track to become the first multi-protocol hardware authenticator certified at FIPS 140-2 Overall Level 2 and Physical Level 3.

The modernization of policy by the US federal government presents an opportunity for Yubico and Duo Security—both trusted leaders in easy to use, reliable security products—to deliver a unified security platform for government agencies and contractors that meets NIST Authenticator Assurance Levels 2 through 3 (AAL 2 – AAL3).

We recently sat down with Sean Frazier, Duo Advisory Chief Information Security Officer, Federal during discussions on our joint solution. He shared, “The new authentication and authorization guidance from NIST is giving public sector agencies lots of flexibility to meet their most stringent security needs while providing previously elusive ease of use. In a sector that has been pushing to catch up to other industries in terms of cloud and mobile, the new guidelines are a welcome change for every federal CISO who’s looking to modernize their IT environment. Duo and Yubico combine an easy to use and extremely effective way to achieve the highest levels of assurance for trusted access.”

Duo’s platform enables federal agencies to leverage YubiKey hardware to securely access data and applications on the network or in the cloud. “This federal partnership with Duo underscores our joint commitment to data protection, as well as our responsibility as industry leaders to help federal agencies protect the individuals they serve,” said Jerrod Chong, Yubico SVP of Product. “We’ve made it our shared mission to advocate easy to use security, and encourage the adoption of new open standards like FIDO U2F to meet AAL 3.”

Learn more about what you can do with Duo and the YubiKey. Read Duo’s press release on our partnership.

Additional Resources:

Talk to our teamTalk to our team

Share this article:


  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0