BrowserID and YubiKey

To to learn how you use the YubiKey with BrowserID, a new open identity initiative, please check out this video from a BrowserID developer: https://vimeo.com/64514090

BrowserID was introduced in mid 2011 by the Mozilla Project. It addresses the same problem as OpenID and SAML, as well as the common OAuth or OpenID-based login-with-an external-account (such as Google, Facebook or Twitter) flows. From a usability point of view, in comparison to OpenID, BrowserID uses email addresses instead of URLs, which is more natural for users.

Perhaps the strongest feature of BrowserID, when compared to OpenID and SAML, appears to be user privacy; with BrowserID your Identity Provider is not involved in the per-site login flow, so they cannot track which sites you have accounts on.

Technically, BrowserID has the simplicity of OpenID and OAuth but can provide stronger security (including public/private-key crypto, and provide session keys). The downside is that the BrowserID protocol is not well specified, such as in the form of an IETF RFC document, and supposedly uses obsolete JSON-security formats which poses some migration pains.

Yubico is happy to see that YubiKey support is possible with BrowserID, and we will continue to learn about this area so we can provider our customers with good advice about best usage of the YubiKey. We believe that the Internet needs better authentication methods, and also think that the YubiKey provides good security and ease of use for users.

Please note that BrowserID is not the same protocol used for the open authentication project that Google is currently working on, mentioned in Wired earlier this year and Yubico is closely engaged in.

The Source Code for the YubiKey Persona integration is avalible at https://github.com/jedp/persona-yubikey

Talk to our teamTalk to our team

Share this article:


  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU
  • Securing critical infrastructure from modern cyber threats with phishing-resistant authenticationAcross the globe, 2024 has seen a whirlwind of change. With ongoing wars, recent political change-ups and more, growth in data breaches targeting critical infrastructure continue to be on the rise. Critical infrastructure is integral to our everyday life – from the energy and natural resources powering our hospitals and providing clean drinking water, telco […]Read moreCISAcritical infrastructurezero trust