Governments are moving citizen and employee access away from password-only authentication, but the implementations vary widely — from SMS-based OTP (which is no longer defensible) to hardware-rooted credentials inside smart cards. The choices reshape the threat model, not just the user experience.
Introduction
Governments face continuous attacks at federal, state, and local levels. Public incidents include stolen political emails, election interference, and power grid penetration. Research indicates attacks on state, local, territorial, and tribal governments increased 50% between 2017–2020.
Government agencies face conflicting pressures: expanding public information access and operational efficiency while securing remote workers, protecting PII, and safeguarding critical infrastructure including elections. Budget constraints compound these challenges.
Current cybersecurity measures prove insufficient: passwords offer minimal protection, SMS verification codes and mobile authentication apps remain vulnerable, smart cards are expensive and cumbersome to deploy. Government agencies require scalable, economical strong authentication solutions like AmbiSecure Key.
State and local tech priorities for 2021 emphasizing hardware MFA:
- Infrastructure and process modernization
- Supporting and enabling hybrid workforce arrangements
- Enabling connectivity and access
- Securing the new edge
Building a more secure remote work infrastructure
Remote work shifts introduce distributed perimeters and exponentially increased security vulnerabilities. Hardware security key-based MFA reduces man-in-the-middle attack risks and provides flexibility for remote government workers while eliminating mobile-device authentication costs.
Enhancing security for digital services
IT leaders can streamline operations and strengthen security for internal and external citizen-facing services using hardware security key-based MFA integrated into existing IAM solutions. Modern FIDO2 and WebAuthn standards suit external customer-facing services.
Protecting critical election infrastructure
Securing voter registration databases, election management systems, e-poll books, and election infrastructure with strongest authentication prevents account takeovers — especially important when many users are temporary volunteers.
Governments worldwide, including the British NCSC and the EU Agency For Cybersecurity (ENISA), recommend transitioning to MFA solutions, with hardware security key-based MFA representing the strongest version. AmbiSecure Key accelerates the password-less future via FIDO2; no battery or network required.
About Ambimat Electronics
Nearly four decades of design excellence. Solutions: AmbiPay, AmbiPower, AmbiCon, AmbiSecure, AmbiSense, AmbiAutomation.
Reference: https://www.govtech.com/sponsored/why-3-government-agencies-are-relying-on-hardware-based-mfa-with-yubikeys.html