Case Study: City of Sacramento achieves phishing‑resistant secure remote access with Yubico

City of Sacramento uses YubiKeys to secure remote workers

Yubico’s YubiKey addresses a growing cybersecurity challenge in state and local government: rising security incidents, account takeovers and the weaknesses of passwords and mobile‑based MFA—issues made worse by remote and hybrid work, BYOD use, and the need to secure critical systems like VPNs, election infrastructure and citizen‑facing digital services. Agencies cited frustrations with SMS/OTP and phone‑based prompts, and sought a stronger, phishing‑resistant authentication method that wouldn’t require employees to use personal devices.

The solution was hardware security keys—physical YubiKeys that support FIDO2/WebAuthn and other protocols—deployed across entities including Sacramento, Washington state elections and Mission Viejo. The keys delivered a simpler user experience, removed BYOD and phone dependency, met industry and government standards, proved cost‑effective, and helped prevent account takeovers and unsuccessful attacks while enabling secure remote access and continuity of services.

City of Sacramento

Jim Berg Supervisor

Information Technology