Login.gov

The Challenge

With phishing attacks on the rise, it was imperative for the government to support “phish-proof” multi-factor authentication (MFA) technology that was also user-friendly, efficient and cost-effective.

The Solution

After evaluating several options for authentication for login.gov, the government decided to support FIDO2 through the use of FIDO security keys and built-in FIDO authenticators like Windows Hello biometrics. Through comparison to other options, they found FIDO to check the box for security, usability, cost and compliance.

The Results

GSA rolled out authentication with FIDO2 in September 2018. With initial adoption equating to about 2,000, or 0.2%, of new users, GSA made it a requirement for users to register a second MFA option. As a result, the number of new FIDO2 security keys increased to 17,000 per month. In late June 2019, there were about 27,000 FIDO2 keys registered and the adoption rate has increased to about 3% of all new users, representing a significant increase from initial rollout.

Resources

Case Study: U.S. General Services Administration’s Rollout of FIDO2 on login.gov

Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.