YubiKey for State and Local Government

Modernizing authentication

Closing the Gaps in Your Security Posture

Watch this discussion on how hardware security keys complement mobile-based authentication to help agencies get to 100 percent MFA coverage and the best achievable cyber insurance.

Zero-trust, secure passwordless and multi-factor authentication for state and local government

YubiKeys provide highest assurance authentication without compromise to help you go passwordless, modernize multi-factor authentication and smart card deployments to ensure only authorized access to sensitive personal information and community services.

Meets Federal Government Compliance Requirements

Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad.

  • FIPS 140-2, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3
  • Validated to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements
  • Support for DFARS/NIST SP 800-171
  • WebAuthn/FIDO/FIDO2 compliant
  • Approved for use in DOD Non-Classified and Secret Classified Environments
Department of Defense NIST logo
Department of Defense and Homeland Security logos
FIPS 140-2 Validated logo
Fido logo
Cybersecurity Maturity Model Certification logo

Ensure government compliant, highest assurance multi-factor and passwordless authentication

Government employees and contractors are likely to be targeted by hackers and nation-states, so authentication solutions need to be resistant to phishing and account takeovers, and comply with FIPS 140-2, DFARS and NIST SP 800-63-3 AAL.

YubiKeys offer the best available passwordless and multi-factor authentication against phishing attacks and account takeovers. They are FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines, and are CJIS, WebAuthn, FIDO, FIDO2 and DFARS/NIST SP 800-171 compliant.

Read now: How Sacramento, Washington State, and Mission Viejo are combatting account takeovers with the YubiKey

Secure services for internal employees and local constituents

State and local government systems contain sensitive information such as social security numbers and citizen data. Internal employees need secure access to this information and external constituents need to seamlessly access citizen services without leaving open attack vectors.

YubiKeys protect hundreds of cloud and on-premises applications and seamlessly integrate with existing Identity Management solutions like Microsoft, Duo, Okta and Ping, giving employees and your constituents a single security key for zero-trust access to government systems and services.

Read now: How Georgia Technology Authority uses YubiKeys

Deploy fast, one-touch authentication for first responders

For first responders like policemen and firemen time is of the essence. First responders need secure and speedy access to machines, VPN and CJIS systems like criminal databases, license plate databases and more.

With the YubiKey, first responders get fast and easy MFA access to protected systems and data via reliable hardware security that does not require a battery or network connectivity. It offers strong one-touch security, and is 4 times faster than typing in an OTP.

Read now: YubiKey as portable root of trust for the government

Secure sensitive information across elections and political campaigns

YubiKeys protect against domestic and foreign threats by securing sensitive information and high-risk individuals across election networks and political campaigns. They ensure email confidentiality, secure access to laptops, protect voter databases and stop candidate social account takeovers.

YubiKeys protect against domestic and foreign threats by securing sensitive information and high-risk individuals across election networks and political campaigns. They defend global democracy by ensuring email confidentiality, securing access to laptops, protecting voter databases and stopping candidate social account takeovers.

Read now: Northeastern US state secured elections with strong MFA

Offer zero-trust security with the best user experience

SMS codes, one-time passwords, and mobile push authenticators require additional cumbersome steps while not being secure. Waiting for and typing in one-time codes, or going through extra steps creates user fatigue and decreases employee productivity.

With YubiKeys, you are no longer forced to choose between strong security and user experience. YubiKeys don’t require connectivity to work and are always available and ready for authentication. Hardware-based zero trust security is combined with an intuitive user experience that’s 4 times faster than SMS.

Reduce password support incidents and lower IT operational costs

Gartner estimates that 20-50% of helpdesk calls are for password resets, and Forrester estimates the cost of each incident to be approximately $70 (source: Best Practices: Selecting, Deploying, and Managing Enterprise Password Managers”, Forrester Research). These costs can increase for state and local government agencies that don’t have large IT teams.

Reducing password-related support incidents saves your agency from high IT operational costs. The YubiKey has been proven to reduce support incidents by up to 92%, saving you money while increasing productivity.

Case in point:

Midwestern U.S. state uses the YubiKey to protect voter registration database


  • The state maintains sensitive voter records, which include information such as name, date of birth, address, and voting history.
  • Needed a way to ensure voter data is secure against database hacking and up-to-date.

YubiKey solution:

  • The YubiKey hardware-based authentication solution chosen to secure all external login requests.
  • Key benefits include a highly secure solution to protect voter registration databases, and an easy-to-use solution for its diverse group of users.
  • YubiKeys are cost-effective to maintain as they don’t require a battery, power source, or other parts that need to be replaced.


  • Deployed more than 1,000 YubiKeys to employees accessing the voter registration database.
  • Support for open authentication standards like FIDO U2F and FIDO2 ensures compatibility across all modern browsers.
  • Freedom from a proprietary platform that could become obsolete or costly to maintain.
“While the attackers might be the same – we will definitely see nation states and cyber criminals and hacktivists – their motivations to attack a specific campaign would be greater than, say, an attacker who is probing networks, looking for someone who didn’t patch for the latest version of Windows.”
“We should expect to see attacks against election systems, elected officials, and candidates to only increase as the 2020 elections get closer.”

Get world class authentication security

for less than a cup of coffee per user/month

Get Started

Find the right YubiKey

Contact our sales team for a personalized assessment of your organization’s needs.

Get protected today

Browse our online store today and buy the right YubiKey for you.

Recommended content


State of Alert: Multi-factor authentication and the future of data

Read this report to learn why multi-factor authentication is critical for state and local government agencies, the consequences of not strengthening authentication, and how to bridge to a passwordless future


Modern Authentication for State and Local Government

Learn how local government agencies are using YubiKeys to easily achieve 100 percent MFA coverage.


Osterman Cyber Security in Government

Learn how the government sector faces a growing complex of cybersecurity threats.


City of Sacramento uses YubiKeys to secure remote workers

The City of Sacramento chose YubiKeys for MFA in conjunction with PortalGuard to secure remote workers