White paper: Bridge to Passwordless best practices
Security has been moving to the forefront of government regulations — and rightfully so. From DFARS to FIPS, PSD2, GDPR, and eIDAS, nations and service providers are being forced to address user security and privacy with a more mindful approach. For years, Yubico has helped organizations like GOV.UK deliver secure authentication options and meet regulatory compliance requirements, and today, we’re seeing this work expand.
Several Europen countries are now in the process of deploying modern web authentication, including YubiKeys, for their citizens. This comes in large part due Yubico’s recent work around the eIDAS regulation (Electronic Identification, Authentication and Trust Services), which was introduced by the EU Commission in 2014 to provide a predictable regulatory environment for secure and seamless electronic interactions in the European Single Market.
eIDAS Compliance
During the past five years, the eIDAS regulation has been widely adopted by the EU member states, and several eIDAS-compliant services and schemes have been rolled out across the European continent. However, what continues to trouble eIDAS Qualified Trust Service Providers is how to ensure that users are securely authenticated to their service, so that they get sole control over the remote signature creation.
In order to address this challenge, Yubico has designed a solution whereby FIDO2 can be used to secure access to a remote signing service and give users sole control over the signature creation process.
In addition to securing remote signing solutions, the YubiKey can also be used for national electronic ID-card projects and eIDAS-compliant eID schemes, such as the National Digitalisation Programme at the Faroe Islands. Digital identity is one of four major pillars in the new digital infrastructure and will be launched in 2020.
eIDAS High Level Assurance
Yubico is partnering with Nexus to deliver the eID solution, which enables all Faroese citizens, above the age of 15, to securely and easily access government and banking services with a YubiKey 5 Series device. The resulting eID scheme will be classified as eIDAS assurance level ‘high’, which allows it to be recognized across all European online services. eIDAS assurance levels can be classified under low, medium, and high, with high providing the highest degree of confidence and credibility.
“One of the reasons we chose Yubico’s YubiKey, is the fact that it is supported on almost all major mobile and desktop platforms and embraced by top internet players, including browser suppliers. In the near term, we see it as an added benefit to our citizens to offer an eID while at the same time offering an easy way to secure their online presence,“ said Janus Læarsson, Chief IT Architect, Talgildu Føroya.
The next generation of the National Digitalisation Programme at the Faroe Islands will support FIDO2, the emerging open standard for web authentication. Which will allow the YubiKey to be accredited as an eID card and further establish the YubiKey is eIDAS-compliant.
Yubico is very active in projects, standardization and cutting-edge technology that are related to eIDAS and national eID projects in Europe. Sign up for our newsletter to stay tuned for more exciting news announced during 2020.