Author: Suresh Thiru

Thumbnail

Sep 8, 2021

YubiKey (4) FIPS Series end of sale and movement to CMVP Historical Validation List

Earlier this year, Yubico introduced the YubiKey 5 FIPS Series. This new line-up of FIPS 140-2 validated YubiKeys enables government agencies and regulated industries to meet the highest authenticator assurance level 3 (AAL3) requirements from the new National Institute of Standards and Technology (NIST) SP800-63B guidance. Our previous YubiKey (4) FIPS Series which we introduced

Thumbnail

May 14, 2021

YubiKey firmware update: YubiKey 5 Series with firmware 5.4

As of today, Yubico will start shipping the YubiKey 5 Series with firmware 5.4. This new firmware release will enable easier integration with Credential Management System (CMS) solutions, secure remote provisioning of YubiKeys, and expanded methods for PIV management.  Key benefits of the YubiKey Firmware Update for the YubiKey 5 Series with 5.4 firmware include:

Thumbnail

The YubiKey 5 FIPS Series is here and there are 5 things you need to know

Today, we’re thrilled to announce yet another product milestone in addition to the launch of YubiHSM 2 FIPS — the long-awaited YubiKey 5 FIPS Series is now generally available. It is the industry’s first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card (PIV/CAC), to receive FIPS 140-2 validation, Overall

Thumbnail

A Yubico first…introducing the YubiHSM 2 FIPS

Compliance mandates require many of our customers in regulated industries or in high-risk environments to prove adequate levels of protection for their data, no matter where it lives or travels. This is why today we’ve not only launched the YubiKey 5 FIPS Series but also the smallest FIPS-validated hardware security module (HSM) in the world,

Thumbnail

Doing the Math: Why strong authentication for every employee makes sense

By now, it’s an all-too-familiar routine… Step 1: Organization suffers an expensive and embarrassing security breach.  Step 2: Organization hastily introduces multi-factor authentication (or steps up its efforts to mandate its usage).  Oftentimes, it takes a breach to make organizations fully embrace strong authentication. But why? We know that usernames and passwords alone cannot provide sufficient security, and we know that SMS two-factor authentication (2FA) has been deprecated time