How Yubico makes strong security easy – Yubico

Abby Guha

Abby Guha

5 minute read

Back in the mid-2000’s, Yubico’s co-founders Stina and Jakob realized first hand how easy it could be for malicious cyberattacks to succeed. When they went to set up a new bank account in Sweden, Jakob couldn’t believe how simple it was to hack it. Within a matter of a day, Jakob demonstrated how a hacker could access Stina’s account through widely used methods of cyberattacks still used today. The Ehrensvards knew there needed to be a better alternative to account security for businesses and consumers, but also knew it would be critical for it to be user friendly and convenient to use. Thus, the first prototype of a new authentication method was born with these factors in mind: a physical security key called the YubiKey. 

Fast forward 16 years later, and Yubico continues striving to make cybersecurity as easy as possible for our customers. In addition to our hardware security keys and Yubico authenticator app, we provide a full suite of services including YubiEnterprise Subscription, YubiEnterprise Delivery, and ongoing 24/7 support with Yubico’s expert consulting and support services. These services all have the purpose of increasing ease of use, ease of procurement and easy deployment.

Prior to the creation of hardware security keys, users had very few options for authentication and none of which were truly phishing-resistant. Methods included a time-based device that required batteries (which ran the risk of dying); a push app that required you to have your phone with you at all times and to have internet connectivity; and an SMS code that often required memorization and to have your phone connected, charged and in working order, have all proven susceptible to cyber criminals.

Strong Security – Made Easy

The YubiKey was designed specifically to be as easy-to-use (or more) as traditional authentication methods: simply insert the YubiKey to a device (or tap using NFC capability), touch the YubiKey to verify and you’re in. 

No matter what device you use, the YubiKey provides a seamless experience:

  • Are reliable and can be set up in minutes
  • Don’t require batteries, WiFi or network connection – just secure, modern, phishing-resistant MFA.
  • Eliminate the need to reach for your phone to open an app, or memorizing and typing in a code—simply touch the YubiKey to verify and you’re in
  • Are trusted—You don’t need to use the YubiKey every time you log in. Once an app or service is verified, it can stay verified. It’s that easy
  • Use NFC for mobile authentication
  • Option to leave plugged into your laptop or USB hub 
  • Are a rugged and durable solution (even survives the washing machine!) 
  • A simplified strong authentication solution when onboarding new devices 
  • Strong protection for your credentials as they reside on something that isn’t tied to any system or server
  • Ability to register multiple keys with most services, providing you with a primary and a backup key

A recent Yubico survey found that within the last two years, nearly 40% of people admit to having broken their mobile phone and nearly 30% have lost it (a device individuals and organizations commonly use to authenticate). In another study by EMA, surveyed businesses using YubiKeys reported they received the lowest frequency of support tickets, taking a massive burden off of support teams when compared to basic and legacy MFA methods.

With the YubiKey, that hassle of not being able to access your accounts is eliminated. Because the YubiKey becomes your portable root of trust, it provides secure access to your accounts on desktops, laptops, tablets and smartphones seamlessly, instead of having to rely on a phone for authentication.

“We want to make sure that things are easy and as seamless as possible for our end user. That’s why YubiKeys are becoming such a big part of our organization.”

Art Chernobrov, Director of Identity, Access, and Endpoints, Hyatt Hotels Corporation.

As best practice for easy account recovery, it’s recommended to have two YubiKeys: one to serve as your primary key and one to serve as a backup. Many services give you the ability to register both keys at the same time. Services like Google, Facebook and Twitter have provided support for YubiKeys for years, and most recently, as part of iOS 16.3, Apple announced the general availability of security key support for Apple ID accounts. 

Strong Security Adoption

16 years later, Stina and Jakob are leading the charge of security key adoption behind the core principle that strong security doesn’t have to be complicated. Trusted, easy-to-use authentication should be the norm. 

To get started with easy-to-use, phishing-resistant security, see what key is right for you by taking our quiz. YubiKeys come in multiple form-factors and are designed to be used by both consumers and enterprises, so there’s a key for everyone. 

Yubico makes strong security easy with our updated and enhanced YubiEnterprise Subscription program which is designed with cost savings, flexibility and seamless distribution in mind. Suited for organizations with 500 users or more, enterprises can now choose from two subscription enterprise plans for YubiKeys – check out more info here.

If you’d like to get a bit more in-depth about the keys, you can sign up for our upcoming webinars, or check out our on-demand library here

, , ,
Talk to our teamTalk to our team

Share this article:
  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0