Press release

Straxis and Yubico Launch Secure Mobile Web App to Access Essential U.S. Military Email, Pay and Travel Services

0
Sponsored by Businesswire

Yubico, the leading provider of hardware authentication security keys, and Straxis, a mobile application provider, today announced the availability of a new Secure Web browsing application called MilSecure Mobile. This application can be adopted by any Defense Department (DOD) organization to enable secure access to protected DOD websites and services by service members and government employees on their personal mobile devices using the new YubiKey Secure Web feature.

The United States Air Force will be the first military service to integrate the Secure Web feature into its Air Force Connect mobile app, which was launched in 2019. The integration of the Secure Web feature will be a needed upgrade to modernize its authentication technologies and practices.

“Two-factor authentication with CAC-derived credentials is the next logical step in making the Air Force Connect mobile app more useful for Airmen,” said Bob Everdeen, chief of Air Force public web. “I’m excited to see the results from the current round of enhancements of this important, next-level feature.”

Yubico and Straxis have been working together since 2019 to create a secure web browsing experience to ensure that servicemembers’ sensitive information is protected by using a seamless login process.

“Enabling and optimizing the workforce, especially the warfighters and those conducting exercises, deployment missions, and domestic military operations has been a priority for Yubico,” said Alex Antrim, Yubico senior solutions engineer and retired Navy Senior Chief Petty Officer. “By leveraging YubiKeys with MilSecure Mobile on personal mobile phones, today’s announcement reinforces the goal to enable secure access to the U.S. DOD websites – whether that’s stopping for gas, traveling to the next duty station or when service members are not in their office.”

YubiKeys support multiple phishing-resistant authentication protocols such as FIDO2/WebAuthn, U2F and Smart Card (PIV), offering a bridge to passwordless authentication for enterprises and government agencies of all sizes. The YubiKey FIPS Series is approved to be provisioned with Purebred derived credentials. A first of its kind MilSecure Mobile app with YubiKey Secure Web browsing feature, users will benefit by being able to securely authenticate into DOD Common Access Card (CAC)-enabled sites while on the go with their own personal devices to perform tasks such as viewing DOD email, human resources information, and medical applications to move necessary workflow impacting communication, mission and medical readiness requirements that positively impact being able to balance personal, professional, family and military worklife, and personnel retention.

MilSecure Mobile highlights include:

  • Secure browsing support with CAC derived credential and PIN authentication using a YubiKey

  • Customizable library of DOD URL web services and interface without additional user configuration

  • Unit-level Content Management System to customize URL web services listings

  • Pre-loaded Root and Intermediate DOD certificates for CAC-enabled website trust

  • Built-in certificate management to support shared devices

  • Support for Lightning, USB C, and Near Field Communication (NFC) connectivity

  • Available for Android and iOS smartphones and tablets

“Since mobile phone operating systems do not have native, built-in Smart Card support, it makes it difficult for military service members to securely access DOD web services on mobile devices,” said Jason Christensen, lead developer, Straxis. “By partnering with Yubico on the Secure Web feature, we’re able to solve this by deploying MilSecure Mobile.”

Legacy forms of MFA, such as SMS and one-time passcodes (OTP), in conjunction with the continual rise of AI-based phishing, are proving to be an easy target that are vulnerable to cyber attacks. While the U.S. DOD has traditionally relied on the CAC Smart Card form factor to hold DOD-issued certificates to authenticate to systems and web services, service members utilizing modern ways of working and personal devices to securely access DOD resources can do so with phishing-resistant multi-factor authentication technology using the YubiKey in a secure and simple way, while eliminating the need for external Smart Card readers and/or peripherals. The MilSecure Mobile app leverages YubiKey’s modern phishing-resistant MFA to ensure Secure Web browsing is in place to protect its users.

“When I was a drilling Reservist, I struggled with using my Common Access Card with my modern smart phone to access U.S. military email, MyPay, and Defense Travel websites when not in a drilling status,” Antrim continued. “I was able to provision a FIPS YubiKey with DOD certs so I could access my email on my phone and made it easier to use my personal laptop to access DOD websites as well.”

To learn more about how MilSecure Mobile app was created, see the blog here. iOS app can be downloaded here and will be coming soon to Android.

About Yubico

Yubico (Nasdaq First North Growth Market Stockholm: YUBICO), the inventor of the YubiKey, offers the gold standard for phishing-resistant multi-factor authentication (MFA), stopping account takeovers in their tracks and making secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering hardware-based passwordless authentication using the highest assurance passkeys to customers in 160+ countries. For more information, visit: www.yubico.com.

Yubico’s solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience.

As part of its mission to make the internet more secure for everyone, Yubico donates YubiKeys to organizations helping at-risk individuals through the philanthropic initiative, Secure it Forward. The company is headquartered in Stockholm and Santa Clara, CA. For more information on Yubico, visit us at www.yubico.com.

About Straxis

Straxis Technology is a full-service, award-winning company that has provided technology solutions for over a decade. Based in Tulsa, Oklahoma, Straxis has enjoyed growth by providing Mobile Apps, Application Development, Web Development and IT Consulting. Straxis provides clients with outstanding service and exceptional, professional products with an emphasis on the U.S. military community and educational institutions. Actively working with over 250 units along with the AF Connect Enterprise platform we enjoy success as a trusted resource and as a leader in developing mobile apps. www.straxis.com