ID.me and Yubico: A Case of Remote Identity Proofing and Phishing-Resistant Authentication
The accelerated need for remote identity proofing in both public and private sectors has driven a rapid adoption for zero-trust, multi-factor authentication, and passwordless deployments. The NY State Air National Guard (NY ANG) hasn’t been immune to this need. In fact, driven by COVID-19 required telework, NY ANG needed to quickly find a secure solution for its thousands of employees and service members who had to visit an office to receive a high assurance authenticator.
NY ANG found itself needing to upgrade its username and password safeguard for the NY State DLAN system in order to shut down increasing fraud attempts while offering an efficient orchestration roadmap for users.
ID.me and Yubico had separately received NIST grants to work on next generation citizen facing services that could scale user verified identities and authentication. The advancements and adoption of WebAuthn/FIDO2 standards by popular browsers, platforms, and tech companies provided the ideal opportunity to work together and create a streamlined solution.
How It Works.
- Once an ID.me account is created, NY ANG and DMNA (Division of Military and Naval Affairs) members are able to be remotely verified.
- Users can then order YubiKeys from the ID.me’s online identity verification system. To further simplify, using Yubico APIs, ID.me integrated YubiEnterprise Delivery functionality into the platform to easily allow a user to order and quickly receive YubiKeys.
- Once the YubiKey is received, users sign into DLAN via ID.me, which will then prompt the user to register the YubiKey using WebAuthn and the ID verified account.
- The ID.me system performs the role of the IDP where authentication happens and is federated (SSO) to DLAN. The NY ANG team requested configuration of the ID.me access policy to only allow access to DLAN if a successful FIDO authentication has occurred.
The partnership resulted in a 50 percent reduction in administrative costs and time, with over 70 percent of users stating they felt more secure when accessing deployment information.
To view a live presentation of this user case, check out the Identiverse panel discussion: ‘New York Air National Guard Takes Flight with Remote ID Proofing and Phishing-Resistant Authentication’ (Tuesday, June 22; 8:30 AM MDT) that will explain in-depth how ID.me and Yubico designed, integrated, and deployed the solution in compliance with NIST IAL2/AAL3 requirements. Panelists include Major Liaquat Ali, RPA Cyber Operations Officer, U.S Air Force; Jerrod Chong, Chief Solutions Officer, Yubico; and Jeremy Haynes, Account Executive, ID.me. Register to experience this live session here.
For a deeper dive into this program, to request a personal demo or have any questions answered, click here.
More about Identiverse
Identiverse is where the brightest minds in identity get together to catch up with peers, meet experts and share best practices and insights. This year’s event on June 22-23, will focus on seven primary topic areas: Architecture and Standards, Deployment and Leading Practices, Identity for Security, Public Policy and Governance, Professional Skills and Development and Vision and Strategy. ID.me’s Hall will be featured across two panels, while Haynes will be featured on one panel.