-
FEATURED CUSTOMER
Long life expectancy
Cost-effective
Supports open industry standards
About our US Government customer
The elections office in a U.S. state wanted a more secure, efficient, and cost-effective way to protect access to voter registration databases in all counties across the state. The election office is primarily responsible for ensuring voter data is secure and up-to-date because this information determines who is eligible to vote in any given election.
See AlsoStill Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!Key results:
- Supports open industry security standards
- More cost-effective than other solutions to deploy and maintain
- Long life expectancy: No hardware such as battery, LCD screen, or other parts that need replacing
- Easy to assign YubiKeys to other users when necessary
The challenge: Securing access to state voter registration databases
Protecting the integrity of voter registration data is one of the biggest security concerns in every U.S. state today. Voter records, which include information such as name, date of birth, address, and voting history, are maintained by the state. Concerns over database hacking motivated the state elections office to take a proactive approach and look at more secure methods of authentication, such as moving to two-factor authentication (2FA). The office then conducted a search for a solution that met the state’s top three requirements: compliance with industry security standards, cost control, and ease-of-use.
To meet these goals, the election office first enhanced password requirements. While other security measures were considered, these options either didn’t meet compliance requirements or were too cumbersome for the end user. Finally, an IT security specialist working with the elections office recommended YubiKeys, which met all of the state’s top requirements for meeting compliance standards, budget constraints, and simplicity.
YubiKey gave the state a highly secure solution to protect voter registration databases which was also easy-to-use for its diverse group of users.
The solution: YubiKeys support industry standards, cost control, and simplicity
The state deployed more than 1,000 YubiKeys to employees accessing the voter registration database in all counties across the state. Authentication to the voter registration database is as simple as entering username/password credentials and tapping the YubiKey. By using hardware based public key cryptography, this simple solution eliminates the risk of someone using hacked credentials to gain access to voter records. And, because Yubico supports open authentication standards like FIDO U2F and FIDO2, the state isn’t tied to a proprietary platform that could eventually become obsolete or costly to maintain and multiple modern browsers support those standards including Chrome, Edge, and Firefox.
In addition to the increased security and better user experience, the state also cited cost as a major factor in deploying YubiKeys. YubiKeys are extremely durable and don’t require a battery, power supply, or LCD screen to operate, so there are no moving parts that need to be replaced. Cost control and scalability are especially important for any solution that needs to be deployed to thousands of users across the state. Just as important, YubiKeys are easy to configure and use with little training required.
“The YubiKey provided us with a quick and cost effective way to enhance user security by leveraging security standards and supporting various browsers for counties across the state.”
The results: Improving voter registration security with a simple and cost-effective solution
- By supporting open industry security standards like FIDO U2F and FIDO2, YubiKeys help organizations avoid being tied to a proprietary platform that can become outdated or costly to maintain
- Users love the simplicity of the YubiKey—they just enter their credentials and tap the YubiKey for instant database access, without having to type in any cumbersome and problematic one-time passwords.
- The YubiKey is easy to configure and distribute to end users, making it a highly cost-effective solution at scale.
- YubiKeys can be easily numbered, tracked, and managed as a state asset. If a user leaves the organization, the YubiKey can be quickly and securely reassigned to another user.
- YubiKeys don’t require a battery, power source, or other parts that need to be replaced, so they are cost-effective to maintain.
Sources
As a seasoned cybersecurity expert with extensive experience in authentication systems and database security, I can confidently attest to the significance of robust measures to protect sensitive information, especially in critical areas such as voter registration databases. My expertise is grounded in real-world scenarios and a comprehensive understanding of industry standards, cost-effectiveness, and the intricacies of implementing secure solutions.
Now, delving into the featured article, it revolves around the challenges faced by a U.S. state elections office in securing access to voter registration databases. The key requirements were to ensure compliance with industry security standards, control costs, and maintain ease-of-use for a diverse user group. The solution that emerged triumphant in meeting these criteria is the implementation of YubiKeys.
Let's break down the key concepts used in the article:
-
Long Life Expectancy:
- The YubiKeys are highlighted for their long life expectancy, attributed to their design that excludes components like batteries, LCD screens, or other parts that might need replacement. This durability is crucial for a solution deployed at scale, ensuring minimal maintenance costs over time.
-
Cost-Effective:
- The article underscores the cost-effectiveness of YubiKeys. Their durable design, devoid of components prone to wear and tear, contributes to a solution that is not only secure but also economically viable. The absence of a need for batteries, power supplies, or LCD screens reduces both initial deployment costs and long-term maintenance expenses.
-
Supports Open Industry Standards:
- YubiKeys are praised for supporting open industry security standards, specifically mentioning FIDO U2F and FIDO2. This is a critical aspect as it ensures compatibility with a wide range of modern browsers, such as Chrome, Edge, and Firefox, and prevents reliance on a proprietary platform that might become outdated or costly to maintain.
-
Security Concerns and Two-Factor Authentication (2FA):
- The central challenge faced by the U.S. state elections office was securing access to voter registration databases. The article discusses the state's proactive approach in response to concerns over database hacking, considering more secure authentication methods, with a focus on two-factor authentication (2FA). YubiKeys, with their hardware-based public key cryptography, are positioned as a solution that eliminates the risk of unauthorized access through hacked credentials.
-
User Experience and Ease of Use:
- The user experience is highlighted as a crucial factor. YubiKeys simplify the authentication process, requiring users to enter username/password credentials and tap the YubiKey. This streamlined approach not only enhances security but also ensures that the solution is user-friendly, minimizing the need for extensive training.
-
Scalability and Ease of Deployment:
- The deployment of over 1,000 YubiKeys across the state underscores the scalability of the solution. The ease of configuration and minimal training requirements make YubiKeys a practical choice for large-scale deployment.
In conclusion, the article demonstrates a successful implementation of YubiKeys as a secure, cost-effective, and user-friendly solution to safeguard voter registration databases, addressing the specific challenges faced by a U.S. state elections office. The choice of YubiKeys aligns with industry standards, cost considerations, and the need for a durable and easily manageable authentication system.
