Empowering enterprise security at scale with new product innovations: YubiKey 5.7 and Yubico Authenticator 7

Jeff Wallace

Jeff Wallace

6 minute read
YubiKey

Note: Keys with YubiKey 5.7 firmware are now available as of May 21, 2024! Please visit our blog post here for more details.

As phishing attacks evolve and are on the rise, organizations are continuously seeking modern, strong authentication technologies like FIDO-based passwordless logins and smart card solutions to safeguard their digital assets, employees, customers and partners. By embracing passwordless authentication and implementing unmatched security measures, organizations can safeguard their sensitive data and ensure a resilient defense against phishing attacks. With today’s announcement, Yubico’s new product enhancements will help create phishing-resistant users by empowering enterprise security and bolstering protection against account takeovers, enabling passwordless authentication at scale.

Available to purchase now, keys with the 5.7 firmware update bring new enterprise-focused, enhanced features to the YubiKey 5 Series, Security Key Series, and Security Key Series – Enterprise Edition. Enhancements for the YubiKey 5.7 firmware include:

YubiKey 5 Series (multi-protocol)

  • Enhanced PIN complexity settings
    • Across all YubiKey applications, including FIDO2, PIV, and OpenPGP, organizations can enforce strong PIN policies to ensure that users can’t use easily guessable PINs – blocking simple patterns and common PINs at the hardware level to meet compliance and policy requirements. 
  • Enterprise attestation 
    • Enterprise attestation facilitates the retrieval of unique identifiers during FIDO2 registration ensuring end users are using authenticators provided by the organization, and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.
  • FIDO Client to Authenticator Protocol (CTAP) 2.1 implementation
    • Embracing the latest FIDO2 protocol features, YubiKey 5.7 empowers organizations to enforce compliance requirements and enhance security measures surrounding PIN usage. The implementation of CTAP 2.1 brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in “enroll on behalf” scenarios.
  • Expanded passkey and passwordless storage capabilities
    • Accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials, YubiKey 5.7 offers ample storage for FIDO2 discoverable credentials (passkeys) and OATH one-time passwords, meeting diverse authentication needs and the highest level of protection. This expansion of storage allows frequent users of passkeys and OATH one-time passwords to move to a passwordless future and  a stronger security posture. 
  • Expansion and enhancement of public key algorithms
    • Support for larger RSA keys (RSA-3072 and RSA-4096), Ed25519, and X25519 key types enhances key management functions and flexibility for organizations, aligning with compliance requirements on organizations and the August 2023 Department of Defense (DoD) memo on stronger public key algorithms.
  • Migration to Yubico’s own cryptographic library
    • Yubico has developed a library in-house that performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.
  • Restricted NFC usage during transit
    • NFC capable YubiKeys (YubiKey 5 NFC, YubiKey 5C NFC) and Security Keys (Security Key NFC, Security Key C NFC) have restricted NFC usage to prevent manipulation during transit. Read more here

Security Key Series – Enterprise Edition (FIDO-only)

  • This lineup, available only via YubiEnterprise Subscription, contains all the FIDO-focused benefits of the YubiKey 5 Series mentioned above. Smart Card/PIV capabilities, OATH and OTP credentials are not available on any Security Key Series thus these updates are not applicable.

Security Key Series (FIDO-only)

  • This lineup with the update to 5.7, mirrors the same updates as the Security Key Series – Enterprise Edition, except for the ability to support enterprise attestation and conduct related asset tracking.

These advancements enable enterprises to streamline critical processes, such as asset tracking and account recovery, while bolstering security measures against phishing attacks. By enforcing stringent PIN policies at the hardware level and aligning with industry standards, Yubico empowers organizations to enhance their security posture and achieve compliance.

Yubico Authenticator 7: Overview of key updates

Yubico Authenticator 7, launched today, builds upon version 6 with a host of new features – solidifying its role as the ultimate YubiKey management tool. Since Authenticator 6, we’ve listened to user feedback and made steady improvements, including support for new protocols. Notably, PIV support has been added, allowing users to manage private keys and certificates on their YubiKey – enabling functions like programming Yubico OTP credentials and setting static passwords accessed by touching the YubiKey.

The app is now available for all major desktop platforms, as well as for Android. Enhanced features for iOS will be coming in the next version of the iOS application. It’s the perfect companion to the new YubiKey 5.7, with its expanded credential storage. 

Key features and updates within Authenticator 7 include:

  • Responsive user interface 
    • Makes use of available space to show you relevant information, whether it’s on a phone, tablet, or desktop.
  • Personal styling
    • Set a custom label and color on a per-YubiKey basis to help differentiate between multiple YubiKeys.
  • Expanded management features
    • Support for OATH, FIDO2/WebAuthn, PIV, and Yubico OTP on desktop, as well as support for the new features in YubiKey 5.7 such as new key types and management options.
  • FIDO2/WebAuthn support for Android
    • Management of PIN, fingerprints, and device-bound passkeys is now available on your Android phone or tablet, in addition to desktop.
  • UI localization
    • Official Yubico-provided languages (French and Japanese) are available, as well as community provided ones.

And of course Authenticator 7 supports the latest features of our newest YubiKeys, like the new key types for PIV and managing the YubiKey Bio Multi-protocol Edition, available via YubiEnterprise Subscription – a unique service tailored to deliver phishing-resistant MFA to enterprises monthly at value and at scale. We’ve made sure to support the additional credential storage, with a more streamlined UI layout for managing many OATH accounts and passkeys, including the ability to search for a specific one by name.

These latest product updates mark a significant leap forward in enterprise security, equipping organizations with the tools and capabilities needed to combat evolving cyber threats effectively. With increased interest in going passwordless and the shift from passwords to passkeys, the way an organization can establish and manage a user’s identity credential throughout its lifecycle has evolved. 

Now more than ever, enterprises need to think of equipping users with the type of authentication that offers phishing-resistance no matter which business scenario they are engaged in or platforms or devices they are using. The new benefits and features of YubiKey 5.7 and Authenticator 7 enable organizations to adapt to modern cyber threats while providing the highest assurance authentication for modern enterprises.

For more information on Yubico’s latest innovations, visit here. To download Yubico Authenticator 7, click here.


NOTE: For any questions regarding the transition to 5.7 firmware, please contact your Yubico sales representative.

, , , ,
Talk to our teamTalk to our team

Share this article:
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane