ID.me Blog

[Press Release] ID.me debuts unphishable FIDO U2F security keys as an extra layer of authentication for digital identity verification

You've been subscribed!

MCLEAN, VA–(Marketwired – September 12, 2017) – ID.me unveils the ability to use FIDO U2F (Universal Second Factor) Security Keys as an extra layer of authentication for its identity proofing services. Security Keys, such as the YubiKey, are being introduced as an additional form of two-factor authentication for those seeking extra protection. ID.me’s Identity Gateway, which powers its identity proofing services, is also now FIDO U2F certified.

ID.me provides identity proofing services for three different federal agencies and this will be first roll out of FIDO U2F for 2-factor authentication for government agencies in the US. The option will be presented to users alongside existing two-factor authentication choices, such as a code sent by text message, and a call to a landline.

According to Verizon’s 2017 Data Breach Investigations Report, 81% of breaches involve weak or stolen passwords. Blake Hall, ID.me CEO, explains why this new authentication method offers better protection for digital identity.

“Thieves can guess or steal passwords from a database and they can spoof biometrics,” Hall says. “A physical FIDO U2F Security Key is ‘un-phishable’ — it must be physically stolen from you, to compromise your account. To provide more robust and easy to use security to all customers, it’s essential to support FIDO U2F based standards and the adoption of security keys.”

To register, users insert the security key into a USB port, enter a password and tap the device when prompted. This will generate a cryptographic code that binds the physical token to their identity, proving that it is not someone pretending to be them. For future login, users follow the same simple process.

Stina Ehrensvard, CEO of Yubico, the leading maker of FIDO U2F Security Keys, explains, “We are thrilled to see ID.me help protect the first US government service with FIDO U2F security keys. Today US citizens can use the same security key, such as the YubiKey, to login securely to leading internet services, including Google and Facebook, and now on federal sites where ID.me is used for identity proofing. It’s a great milestone for open internet security standards, and an important step towards a more secure internet for everyone.”

This launch supports FIDO Alliance U2F authentication standards – designed to reduce the reliance on passwords, increase account security against common threats and improve the user-experience for identity proofing. The FIDO Alliance currently consists of over 250 industry members and partners dedicated to developing new standards for stronger online identity authentication.

Hall and Ehrensvard will discuss the new capabilities at 2017 Federal Identity Forum (FedID) on Thursday, September 14th, 2017, 2:15pm-3:15pm.

About ID.me
ID.me is the next-generation digital identity platform allowing convenient, trusted interactions between individuals and organizations. ID.me’s identity platform meets the highest standards for online identity proofing and authentication, without compromising access for hard-to-identify groups. It’s technology use a combination of remote verification of physical IDs, MNO data, fraud detection algorithms, and FIDO U2F capabilities to securely verify a user’s identity.

In March 2017, ID.me secured $19 million in Series B funding from FTV Capital. With the funding, ID.me is investing further in sales, marketing and product development. ID.me currently supports more than 200 partners, including federal organizations and retailers.

About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

About Yubico
Yubico is a leading contributor to the FIDO Universal 2nd Factor open authentication standard, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries. The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data inside standard servers.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com