YubiKey 5 FIPS Series

Phishing-resistant MFA and compliance

for the Public Sector

Digital transformation raises data breach risks Strong hardware-based security

Digital transformation is a challenge for any organization, but The YubiKey is a hardware-based solution that:
for government entities the complications are increased and • Meets phishing-resistant MFA requirements in May 12, 2021
the stakes are even higher. Numerous regulations need to be met White House Executive Order 14028 and Jan 26, 2022 Office
and government employees are especially likely to be targets of Management and Budget (OMB) Memo M-22-09.
of cyber-attacks by hackers, hacktivists, and nation states.
• Offers multiple authentication and cryptographic protocols
YubiKeys offer federal compliant, highest assurance including FIDO2/WebAuthn, FIDO U2F, Personal Identity
multi-factor authentication Verification-compatible (PIV) Smart Card, OpenPGP, and
Yubico One-Time Password (OTP) to secure legacy and
YubiKeys offer phishing-resistant MFA and are FIPS 140-2
modern applications and systems
validated to meet the highest authentication assurance level 3
requirements (AAL3) of NIST SP800-63B guidelines (Certificate • Provides DOD-approved, phishing-resistant authentication for
#3914). YubiKeys are also FIDO2/WebAuthn, FIDO U2F and remote and hybrid workers, non PIV/CAC eligible workers,
DFARS/NIST SP 800-171 compliant, and are approved for use mobile device users, citizen services, isolated/closed
in DOD Non-Classified and Secret Classified Environments. networks, and cloud services with a single tap or touch
to authenticate.
YubiKeys have been proven to offer the highest levels of
• Is FIPS 140-2 validated (Certificate #3914), and accommodates
security against account takeovers in independent research,
derived PIV/CAC requirements
preventing targeted attacks.
• Provides the option to modernize smart card deployments
for future FIDO2/WebAuthn needs, and works across major
operating systems including Microsoft Windows, macOS,
Account takeover rates
Android, and Linux, as well as leading browsers
Government agencies can use YubiKeys to:
0%
• Ensure strong security for non PIV/non CAC eligible users
Security key (YubiKey)
• Deploy highest assurance authentication for mobile derived
10% 24% PIV and BYOD/BYOAD

On-device prompt
• Modernize authentication for privileged users
SMS code
• Secure user access to closed/air gap networks
21% 50% • Deploy fast, one-touch authentication for first responders
Secondary email Phone number • Secure sensitive information across government elections
and political campaigns

Research by Google, NYU, and UCSD based on 350,000 real-world hijacking

attempts. Results displayed are for targeted attacks.

The YubiKey 5 FIPS Series

From left to right: YubiKey 5 NFC FIPS, YubiKey 5C NFC
FIPS, YubiKey 5Ci FIPS, YubiKey 5C FIPS, YubiKey 5 Nano
FIPS, YubiKey 5C Nano FIPS
 YubiKey: Proven, easy-to-use security that’s trusted by the
world’s leading companies

Phishing resistance for highest-assurance Easy to deploy

multi-factor authentication IT can deploy YubiKeys in days, not months. A single key can
The YubiKey stores the authentication secret on a secure access several modern and legacy systems, which eliminates
element hardware chip. This secret is never transmitted the need for separate keys or extra integration work.
and therefore cannot be copied or stolen.

Reduces IT costs
FIDO2/WebAuthn PIV CONFIG SET 1
The YubiKey dramatically reduces the number one IT Yubico OTP
support cost—password resets—which cost Microsoft OATH-HOTP
Challenge-Response
over $12M per month.1 Static Password

By switching from mobile OTPs to YubiKeys, Google

reduced password support incidents by 92% because CONFIG SET 2
Yubico OTP
YubiKeys are more reliable, faster, and easier to use. OATH-HOTP
Challenge-Response
Static Password
SUPPORT INCIDENTS PER USER PER MONTH
OATH-TOTP FIDO U2F
100
Percent of users using Security Keys

YubiKey 5 FIPS Series offers multi-protocol support. Technical specifications are

80
available at yubico.com.
Support incidents

60 FIDO2 FIDO U2F Smart Card (PIV)

Security Key
OTP
Trusted authentication leader
Active Security Key users Yubico is a principal inventor of the WebAuthn/FIDO2 and U2F
40
authentication standards adopted by the FIDO Alliance and
W3C, and is the first company to produce the U2F security key
20 and a multi-protocol FIDO2/WebAuthn authenticator.
YubiKeys are produced in the USA, maintaining security and
0 quality control over the entire manufacturing process.
JUL-14 SEPT-14 NOV-15 JAN-15 MAR-15 MAY-15 JUL-15 SEP-15 NOV-15

OATH Config Open PGP

This graph illustrates how quickly Google reduced password support incidents (TOTP/HOTP) Slot 1 & 2
after switching from OTP to YubiKey.2

Yubico SDK for iOS and Android:

Differentiators
Protect your organization with the FIPS 140-2 Overall
Unlike managing multiple certificates across mobile devices Levels 1 and 2, Physical Security Level 3 validated
and PIV/CAC cards, a YubiKey with one certificate can be version of the industry leading YubiKey multi-factor
used as a portable root of trust across multiple devices authentication solution. The YubiKey 5 FIPS Series
including mobile and BYOD/BYOAD. enables government agencies and regulated industries to
• Unlike mobile-based authenticators, YubiKeys are meet the highest authenticator assurance level 3 (AAL3)
purpose-built for security and don’t require Government requirements from the new NIST SP800-63B guidance.
Furnished Equipment (GFE) or a network connection.
YubiKeys are also phishing and malware resistant,
waterproof, crush-resistant, and dustproof.

4
“Saying Goodbye to Passwords,” Alex Simons, Manini Roy, Microsoft Ignite 2017
5
Google Research, Security Keys: Practical Cryptographic Second Factors for the Modern Web

About Yubico As the inventor of the YubiKey, Yubico makes secure login easy. Yubico Inc.
As a leader in setting global standards for secure access to computers, mobile 530 Lytton Avenue, Suite 301
devices, and more, Yubico is also a creator and core contributor to the FIDO2, Palo Alto, CA 94301 USA
WebAuthn, and FIDO Universal 2nd Factor (U2F), and open authentication 844-205-6787 (toll free)
standards. For more information, please visit: www.yubico.com. 650-285-0088