Yubico, Duo Security Aim Combined Solutions at the Feds

Yubico and Duo Security have teamed up to offer a new access control solution for IT assets aimed at the government sector. The solution combines Yubico’s YubiKey second factor authentication devices with Duo’s cloud-based enterprise security software.

The partnership arrives after changes to National Institute of Standards and Technology (NIST) guidelines governing security standards for federal employees. Whereas such individuals previously required PIV or Common Access Cards, they are now permitted to use biometric authentication through a trusted device, or a hardware token such as a YubiKey device, which is designed to pair with a device and acts as a physical component verifying that a given user really is working on the device specified.

Meanwhile, Yubico is preparing a new YubiKey-FIPS device that will sport high-level certifications including FIPS 140-2 Overall Level 2 and Physical Level 3, which will ensure that it meets the NIST’s highest Authenticator Assurance Level, AAL 3.

For its part, Duo’s cloud-based software is “half the cost of similar products,” according to a statement announcing the partnership; and the company asserts that its solution “has no complex software configurations nor manual setup, allowing 75 percent of organizations who use Duo to get up and running in less than a week.” Together with Yubico’s 2FA hardware, that should make for a compelling pitch to government agencies as they increasingly look to embrace digitization while maintaining or improving security.