IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Contributed

MFA for those that can't, don't, or won't use mobile authentication

Many employees are unable to use mobile based MFA. Hardware security keys can fill these gaps so you can ensure 100% MFA coverage and keep hackers out.

May 06, 2021 • 
Yubico
Unlike the federal government where smart cards have been the de facto standard of authentication for decades, authentication across state and local governments has traditionally relied on usernames and passwords — not the most secure or user friendly. Agencies are now understanding that stronger authentication is required in today’s cyber climate, and are beefing up their security postures with two-factor and multi-factor authentication.

Mobile-based authentication including SMS, OTP and push notifications is a common implementation of two-factor (2FA) and multi-factor authentication (MFA) and offers higher security compared to usernames and passwords. However, there are many state and local government employees and contractors who can’t, don’t, or won’t use mobile devices for MFA. Reasons include employees having low cell coverage in certain geographic areas, employees who don’t want to use their personal mobile devices for work functions or don’t want to allow admin access to their devices. There may also be employees who can’t use their mobile devices for authentication due to union restrictions or compliance requirements, and some employees may not be able to even use a smartphone.

By default state and local governments fall back on usernames and passwords to authenticate these employees. This creates MFA gaps in the state and local government’s security posture, increasing the risk of successful phishing attacks and account takeovers.

To fill these gaps and ensure 100 percent MFA coverage, state and local governments should consider hardware security keys such as the YubiKey. YubiKeys are phishing-resistant, user-friendly, and cost-effective. Most importantly they can help agencies eliminate account takeovers. For those employees that can’t, don’t, or won’t use mobile authentication, YubiKeys can be plugged into computers or tapped against mobile phones or tablets to ensure secure access to critical systems and applications.
Yubico - Picture Cant, wont, dont.png
YubiKeys are DOD approved and come in a variety of form factors for secure access to networks, laptops, desktops, mobile devices and tablets. They also offer multi-protocol support for legacy and modern applications including OTP, FIDO U2F, FIDO2, and Smart Card, enabling state and local governments to bridge to a passwordless future.

Yubico is working with state agencies, counties and cities in all 50 US States, to help fill their mobile authentication related MFA gaps with the YubiKey — the easy way to 100 percent MFA.

Michael Santini
Sales Leader, State and Local Government
Yubico
michael.santini@yubico.com
408 816 6988

Yubico
Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and digital accounts, and helps government and industry organizations mitigate cybersecurity risk by securing access to critical business and customer data with high-assurance multi-factor authentication using the YubiKey.
See More Stories by Yubico
GT_rev.svg
gov-footer-logo-2024.png
gt-insider-logo-rgb-trans-white-med.png
GT NAVIGATOR logo RGB_TRANS_White_med.png
EM_rev.svg
Center for Digital Government
Center for Digital Education