FIDO authenticators and YubiKeys are making the internet safer

In 2007, Yubico set out to protect as many people as possible by making secure login easy and available for everyone. We are happy Apple has joined Yubico, Google, and Microsoft on this journey by implementing W3C WebAuthn/FIDO compatible platform authenticators and are pleased to say that now all major platforms have adopted the standards Yubico worked more than 10 years to create and proliferate!

In 2013, when our solution was proven at scale inside Google, and before we contributed our joint work to the FIDO Alliance, we presented our standards vision blog and Future of Authentication FAQ. As the ecosystem evolved, Yubico has been focused on enabling portability, security, and privacy across all devices and systems.

Portable root of trust – The YubiKey can be used across systems for all devices, including shared workstations and mobile restricted environments. FIDO protocols allow for multiple authenticators to be registered to accounts, allowing YubiKeys to be the primary authenticator or an affordable back-up FIDO authentication key, when a computing device is lost or broken. YubiKeys are extremely durable and do not need to be charged to operate. 

Minimizing the attack surface – While it is far better security to store cryptographic secrets on a more secure area of a phone than in a software app, the risk is further limited when keeping your credential separate and outside a complex, multipurpose device. The Intel SGX vulnerabilities highlight the cybersecurity risks of multipurpose components constantly connected to the internet. For all authenticators, being built-in or external, a trusted supply chain matters. Most certifications focus on interoperability, few review cryptographic code, and none can ensure total system architecture, implementation, and supply chain security.

Decentralization and ecosystem independence – The major tech vendors, including Google, Apple and Microsoft will want to link your credentials to their platforms and systems. Many users and consumer applications will accept these privacy trade-offs, but it can be a concern for others, including high-risk individuals, enterprises, and government services. 

More than 4 billion internet users need easy and strong login protection. The vast majority of all IT breaches are due to stolen login credentials, mainly from static passwords or other weak authentication methods. YubiKeys and FIDO-enabled phones and computers are here to stop account takeovers and advanced phishing attacks and make the internet safer for everyone. Big warm thanks to everyone on the Yubico team and the global open standards community who has helped make this shared vision happen! 

Talk to our teamTalk to our team

Share this article:


  • Introducing new features for Yubico Authenticator for iOSWe’re excited to share the new features now available for Yubico Authenticator for iOS in the latest app update on the App Store. Many of these improvements aim to address frequently requested features from our customers, while providing additional new functionalities for a seamless authentication experience on iOS.  With increased interest in going passwordless and […]Read moreiOSYubico Authenticator
  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU