4 security tips: for developers, by developers

YubiKey plugged into the top of the earth

As National Cybersecurity Awareness Month comes to an end, our focus turns to what the developer community can do to stay cyber smart all year long. We’ve already talked about access management, and shared tips on how to protect your personal accounts. Today, we offer tips from the Yubico Developer Team to developers looking to up their security game.

The best way to get started is by securing yourself, then helping others. Get a password manager and enable strong two-factor or multi-factor authentication across all your personal and work accounts (read last week’s blog for 10 Steps from Yubico to Protect Your Personal Accounts).

Now, let’s get into some more technical things you can do.

1. First, secure your operating and development environments with encryption. You can do this with tools like EgoSecure Data Protection FDE, which provides easy and effective protection for your laptop. The encryption and decryption of data is completely transparent to authorized and authenticated users, which makes the solution simple to use. To enhance security, EgoSecure’s full disk encryption application supports two-factor authentication during pre-boot authentication using the YubiKey.


“We believe hardware-backed multi-factor authentication plays a very important role in cybersecurity because it protects privacy without compromising ease of use.– Sergej Schlotthauer, Vice President of Security Strategic Alliances, Egosecure (Egosecure is a Matrix42 company)

2. Keep your code signing certificates and data safe by using developer tools that support multi-factor authentication. You can even sign code with the YubiKey by securely storing your code signing certificate on the YubiKey itself. We talk a lot about FIDO, but the YubiKey also supports OpenPGP. Our latest firmware update included a number of enhancements to the OpenPGP implementation including ECC support, attestation, and multiple operations per touch. Read about it here.

3. Extend your security discipline to all of your devices, not just those that touch your corporate network. Attacks often succeed because of a weak point made available through a personal account.


“With the rise of bring-your-own-device programs and remote work, the attack surface has shifted from corporate networks to endpoints. Thus, a modern security strategy must consider all endpoints, including mobile devices”– Dr. Dominik Schürmann, CEO, Cotech

Here’s a hot tip if you’re building YubiKey support into your product: Cotech provides ready-to-use animations to assist end-users on how to use security keys, and shows the smartphone-specific sweet-spot where NFC works best. With the Hardware Security SDK, Android developers enable strong, hardware-backed YubiKey security leveraging modern authentication protocols, such as Universal 2nd Factor (U2F).

4. Strong authentication doesn’t have to be hard to implement for yourself or your users. Be sure to leverage modern protocols such as FIDO2 or WebAuthn along with a YubiKey. We have seen an impressive variety of use cases brought to us by companies from all over the world. Take, for instance, Gandi. Because a domain name is used for websites, email addresses, SSL certificates, and more, they are valuable assets for individuals, organizations, and businesses. Gandi offers two-factor authentication with the YubiKey to make sure only authorized users can access an account.


“Whether they’re working for profit, the common good, or fun, our customers’ projects are tied to their domains. Our job as service providers is to keep them safe. Staying on the cutting edge of security technology is essential to that mission.”– Andrew Richner, Head of Communication, Gandi US

If you’re also serious about integrating security into the products, services, and applications that you’re building, check out Yubico’s Developer website. Sign up for the Yubico Developer Program mailing list to be notified of new documentation and resources, as well as get early access to SDKs and new products.

Already have a YubiKey? Discover all of the places you can enable it now by visiting our  Works with YubiKey catalog. If you don’t have a YubiKey, you can pick one up from our web store or even on Amazon.

Talk to our teamTalk to our team

Share this article:


  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless
  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard