YubiKey secures remote workers during COVID-19 as government-approved alternative to PIV and CAC cards

 

In the matter of just one week, Google reported that it saw more than 18 million daily malware and phishing emails related to COVID-19. That’s an astonishing number, and one that is not likely to slow down any time soon.

For organizations across the globe, it is imperative to quickly, securely, and affordably fill existing security gaps to effectively support remote workers. For government agencies, the stakes are even higher. It is critical to protect and sustain our government infrastructures in a time when many citizens are relying on these services more than ever before.

Preventative measures against phishing are not new, but scaling them quickly across an organization is. This is uncharted territory for many government agencies, and the Personal Identity Verification (PIV) and Common Access Card (CAC) authentication infrastructure lacks the convenience and flexibility required to support a rapid shift to remote work environments. While PIV and CAC set a high bar for security, they rely on in-person identification to issue credentials — an impractical requirement when servicing droves of new remote workers or renewing recently expired credentials.

US government releases guidance on securing remote workers

Recognizing the immediate need for increased security without disrupting productivity, the United States White House Office of Management and Budget (OMB) released a directive for the broader government. The memo acknowledges three main points:

  1. Not all agencies may be able to issue PIV credentials during the time of remote work.
  2. Agencies are directed to use the breadth of available technology capabilities to fulfill service gaps and deliver mission outcomes.
  3. Agencies should be prepared to issue an alternate credential or authenticator for physical and logical access.

YubiKey approved as PIV alternative for strong authentication 

For federal entities, we know that this means finding applications and solutions — like the YubiKey — that already have the government seal of approval and a federal terms of service agreement to enable rapid and seamless deployments.

“A FIDO security key can help bridge the gap,” explains Jeremy Grant, Managing
Director of Cybersecurity at Venable, and former Senior Advisor to the Obama Administration’s National Strategy for Trusted Identities in Cyberspace.

“Much like the PIV card, FIDO security keys leverage public key cryptography for authentication, which can’t be phished — an important benefit at a time when we’re seeing an explosion of COVID-related phishing attacks,” continues Grant. “Agencies can mail FIDO security keys directly to employees needing strong authentication, and because they work via USB and NFC, they don’t require a specialized reader as PIV cards do.”

FIDO security keys are 1 of 3 government-approved alternate authenticators, according to the Department of Defense. This guidance was released as early as 2018, demonstrating that the US government recognized the need for agile, adaptable, and affordable security solutions far before COVID-19.

Global governments recommend multi-factor authentication to protect remote workers  

Efforts from the US government are underscored by similar initiatives by many other leading government agencies around the world. For example, the British NCSC (National Cyber Security Centre) and European Union Agency For Cybersecurity (ENISA) both issued guidance on best practices to secure citizens and employees working remotely, and strongly recommended multi-factor authentication (MFA) as a top priority.

For more information on the YubiKey as a federally-approved authentication solution, tune into our latest on-demand panel webinar with Danelle Barrett, former US Rear Admiral, and Director Navy Cyber Security and Deputy Chief Information Officer.

Additionally, read how FIDO2 is aiding eIDAS (electronic identification, authentication and trust services) as the legal basis for cross-border interoperability of electronic identification, authentication, and electronic signatures amongst EU Member States.

To find out more additional information about YubiKey, please go to our Website at https://dtasiagroup.com.hk/yubikeys/ or if you have any enquire about Yubikey, please contact us and visit our DT Asia HK Facebook at https://www.facebook.com/dtahongkong/ to find out more.

———————————-

Content retrieved from our partner: https://www.yubico.com/blog/us-government-approves-yubikey-as-piv-and-cac-card-alternative-amidst-covid-19/.

 



Related Articles

Are You Sure Your Password is Good Enough?

With the increasing internet usage from accessing your email, online shopping, social media, to online business meeting, internet users have to deal with dozensof passwords to deal with. Both for personal and work purposes, managing different passwords for various accounts can be troublesome. Determining a unique and strong password and remembering them all can be […]

Turning the Internet Landscape to a Safe Environment by Using MFA

For some people, the pandemic has turned their life upside down. They are ‘forced’ to turn to the internet for their medium of communication. Their communication method is hugely revolutionized. Simple daily activities which were previously done in face-to-face setting, has turned into online activities. Ordering your food, buying your television, attending seminar, and even […]

Post-Covid Cyber Security in 2022

Join Us Now! In a Policy brief by CIPS on Cybersecurity Protection in Indonesia, the Indonesian National Cyber and Crypto Agency (BSSN) reported 290 million cases of cyberattacts in 2019. That was 25% more than the previous year, when cybercrimes had caused losses of USD 34.2 billion for Indonesia. The Covid-19 pandemmic in 2020 triggered […]

Webinar: Choosing the Right Encryption Method to Securely Exchange Files

Webinar February: Webinar title: Choosing the Right Encryption Method to Securely Exchange Files Date and Time: 8th February at 13:30 AEDT Registration link with your tracking code added: https://attendee.gotowebinar.com/register/8424049486127884299?source=PartnerDTAsia   New guides: Managed File Transfer (MFT) Software Impact Guide Enterprise Grid Report for Managed File Transfer (Vendor Comparison) Defense. That’s the strategy you and your […]

YubiKey 5C NFC is coming to town

We are very pleased to announce that we have officially launched the YubiKey 5C NFC, the latest addition to the YubiKey 5 Series family. It is the first hardware authenticator that combines support for USB-C and NFC in a single key, along with OTP, U2F, FIDO2/WebAuthn and smart card. The YubiKey 5C NFC is part […]

Contact DT Asia Group Hong Kong

Address: Unit 929, Kowloon Bay Industrial Centre,
15 Wang Hoi Road, Kowloon Bay, Hong Kong
Tel: +852 58010001
Emailsales@hk.dtasiagroup.com

Like Our Facebook Page :)