Mobile-based authentication including SMS, OTP and push notifications is a common implementation of two-factor (2FA) and multi-factor authentication (MFA) and offers higher security compared to usernames and passwords. However, there are many state and local government employees and contractors who can’t, don’t, or won’t use mobile devices for MFA. Reasons include employees having low cell coverage in certain geographic areas, employees who don’t want to use their personal mobile devices for work functions or don’t want to allow admin access to their devices. There may also be employees who can’t use their mobile devices for authentication due to union restrictions or compliance requirements, and some employees may not be able to even use a smartphone.
By default state and local governments fall back on usernames and passwords to authenticate these employees. This creates MFA gaps in the state and local government’s security posture, increasing the risk of successful phishing attacks and account takeovers.
To fill these gaps and ensure 100 percent MFA coverage, state and local governments should consider hardware security keys such as the YubiKey. YubiKeys are phishing-resistant, user-friendly, and cost-effective. Most importantly they can help agencies eliminate account takeovers. For those employees that can’t, don’t, or won’t use mobile authentication, YubiKeys can be plugged into computers or tapped against mobile phones or tablets to ensure secure access to critical systems and applications.
Yubico is working with state agencies, counties and cities in all 50 US States, to help fill their mobile authentication related MFA gaps with the YubiKey — the easy way to 100 percent MFA.
Michael Santini
Sales Leader, State and Local Government
Yubico
michael.santini@yubico.com
408 816 6988
