4 security tips: for developers, by developers

YubiKey plugged into the top of the earth

As National Cybersecurity Awareness Month comes to an end, our focus turns to what the developer community can do to stay cyber smart all year long. We’ve already talked about access management, and shared tips on how to protect your personal accounts. Today, we offer tips from the Yubico Developer Team to developers looking to up their security game.

The best way to get started is by securing yourself, then helping others. Get a password manager and enable strong two-factor or multi-factor authentication across all your personal and work accounts (read last week’s blog for 10 Steps from Yubico to Protect Your Personal Accounts).

Now, let’s get into some more technical things you can do.

1. First, secure your operating and development environments with encryption. You can do this with tools like EgoSecure Data Protection FDE, which provides easy and effective protection for your laptop. The encryption and decryption of data is completely transparent to authorized and authenticated users, which makes the solution simple to use. To enhance security, EgoSecure’s full disk encryption application supports two-factor authentication during pre-boot authentication using the YubiKey.


“We believe hardware-backed multi-factor authentication plays a very important role in cybersecurity because it protects privacy without compromising ease of use.– Sergej Schlotthauer, Vice President of Security Strategic Alliances, Egosecure (Egosecure is a Matrix42 company)

2. Keep your code signing certificates and data safe by using developer tools that support multi-factor authentication. You can even sign code with the YubiKey by securely storing your code signing certificate on the YubiKey itself. We talk a lot about FIDO, but the YubiKey also supports OpenPGP. Our latest firmware update included a number of enhancements to the OpenPGP implementation including ECC support, attestation, and multiple operations per touch. Read about it here.

3. Extend your security discipline to all of your devices, not just those that touch your corporate network. Attacks often succeed because of a weak point made available through a personal account.


“With the rise of bring-your-own-device programs and remote work, the attack surface has shifted from corporate networks to endpoints. Thus, a modern security strategy must consider all endpoints, including mobile devices”– Dr. Dominik Schürmann, CEO, Cotech

Here’s a hot tip if you’re building YubiKey support into your product: Cotech provides ready-to-use animations to assist end-users on how to use security keys, and shows the smartphone-specific sweet-spot where NFC works best. With the Hardware Security SDK, Android developers enable strong, hardware-backed YubiKey security leveraging modern authentication protocols, such as Universal 2nd Factor (U2F).

4. Strong authentication doesn’t have to be hard to implement for yourself or your users. Be sure to leverage modern protocols such as FIDO2 or WebAuthn along with a YubiKey. We have seen an impressive variety of use cases brought to us by companies from all over the world. Take, for instance, Gandi. Because a domain name is used for websites, email addresses, SSL certificates, and more, they are valuable assets for individuals, organizations, and businesses. Gandi offers two-factor authentication with the YubiKey to make sure only authorized users can access an account.


“Whether they’re working for profit, the common good, or fun, our customers’ projects are tied to their domains. Our job as service providers is to keep them safe. Staying on the cutting edge of security technology is essential to that mission.”– Andrew Richner, Head of Communication, Gandi US

If you’re also serious about integrating security into the products, services, and applications that you’re building, check out Yubico’s Developer website. Sign up for the Yubico Developer Program mailing list to be notified of new documentation and resources, as well as get early access to SDKs and new products.

Already have a YubiKey? Discover all of the places you can enable it now by visiting our  Works with YubiKey catalog. If you don’t have a YubiKey, you can pick one up from our web store or even on Amazon.

Talk to our teamTalk to our team

Share this article:


  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • Cybersecurity in 2025: Insights and predictions from Yubico’s expertsWith 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the […]Read moreAIdigital identity walletspasskeyspredictions
  • State of Global Authentic(age)ion: A look at cybersecurity habits by generationsNo generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as […]Read moreState of Global Authenticationsurvey
  • Yubico named finalists of German digital identity innovation competitionIn 2023, Yubico began collaborating on an exciting open standards identity project – wwWallet – to shape the future of digital identity across Europe and beyond. The project saw immediate success solving problems for global identity, and was submitted in the German SPRIN-D European Digital Identity (EUDI) Funke competition which aims to develop and test […]Read moreEU Digital Identity WalletEUDIwwWalet