Yubico, a leading provider of hardware authentication security keys, together with Straxis, a mobile application provider, have unveiled MilSecure Mobile, a new secure web browsing application. This innovation enables any Department of Defense (DOD) organization to securely access protected DOD websites and services using personal mobile devices, leveraging YubiKey Secure Web capabilities.
The United States Air Force will be the first military service to integrate the Secure Web feature into its Air Force Connect mobile app, enhancing authentication technologies to meet modern security needs.
“Implementing two-factor authentication with CAC-derived credentials is a significant advancement for the Air Force Connect mobile app,” said Bob Everdeen, chief of Air Force public web. “I look forward to seeing the impact of these enhancements.”
Since 2019, Yubico and Straxis have collaborated to develop a seamless, secure web browsing experience to safeguard sensitive information of servicemembers.
“Enabling our workforce, particularly our warfighters, during exercises, deployments, and domestic operations has been a top priority for Yubico,” stated Alex Antrim, Yubico’s senior solutions engineer and retired Navy Senior Chief Petty Officer. “Today’s announcement reinforces our commitment to providing secure access to U.S. DOD websites using YubiKeys on personal mobile devices, ensuring security whether on the move or in office.”
YubiKeys support multiple phishing-resistant authentication protocols like FIDO2/WebAuthn, U2F, and Smart Card (PIV), offering enterprises and government agencies passwordless authentication options. The YubiKey FIPS Series is uniquely capable of provisioning Purebred derived credentials.
Key features of MilSecure Mobile include:
- Secure browsing with CAC derived credential and PIN authentication using a YubiKey
- Customizable library of DOD URL web services without additional user configuration
- Unit-level Content Management System for customizing URL web services listings
- Pre-loaded Root and Intermediate DOD certificates for CAC-enabled website trust
- Built-in certificate management to support shared devices
- Compatibility with Lightning, USB C, and Near Field Communication (NFC) connectivity
- Available for Android and iOS smartphones and tablets
Jason Christensen, lead developer at Straxis, highlighted the challenge of securing access to DOD web services on mobile devices due to the absence of native Smart Card support in mobile operating systems. “Our partnership with Yubico on the Secure Web feature addresses this challenge through the deployment of MilSecure Mobile,” he explained.
Traditional forms of MFA, such as SMS and OTP, have proven vulnerable to cyber attacks, necessitating modern phishing-resistant MFA solutions like YubiKey for accessing DOD resources securely.
“I personally experienced the difficulty of using my Common Access Card with a modern smartphone to access U.S. military resources,” Antrim added. “Provisioning a FIPS YubiKey with DOD certs simplified access to email on my phone and other DOD websites.”
For more details about MilSecure Mobile, visit the blog here. The iOS app can be downloaded here, with the Android version coming soon.