Note: Keys with YubiKey 5.7 firmware are now available as of May 21, 2024! Please visit our blog post here for more details.
As phishing attacks evolve and are on the rise, organizations are continuously seeking modern, strong authentication technologies like FIDO-based passwordless logins and smart card solutions to safeguard their digital assets, employees, customers and partners. By embracing passwordless authentication and implementing unmatched security measures, organizations can safeguard their sensitive data and ensure a resilient defense against phishing attacks. With today’s announcement, Yubico’s new product enhancements will help create phishing-resistant users by empowering enterprise security and bolstering protection against account takeovers, enabling passwordless authentication at scale.
Available to purchase now, keys with the 5.7 firmware update bring new enterprise-focused, enhanced features to the YubiKey 5 Series, Security Key Series, and Security Key Series – Enterprise Edition. Enhancements for the YubiKey 5.7 firmware include:
YubiKey 5 Series (multi-protocol)
- Enhanced PIN complexity settings
- Across all YubiKey applications, including FIDO2, PIV, and OpenPGP, organizations can enforce strong PIN policies to ensure that users can’t use easily guessable PINs – blocking simple patterns and common PINs at the hardware level to meet compliance and policy requirements.
- Enterprise attestation
- Enterprise attestation facilitates the retrieval of unique identifiers during FIDO2 registration ensuring end users are using authenticators provided by the organization, and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.
- FIDO Client to Authenticator Protocol (CTAP) 2.1 implementation
- Embracing the latest FIDO2 protocol features, YubiKey 5.7 empowers organizations to enforce compliance requirements and enhance security measures surrounding PIN usage. The implementation of CTAP 2.1 brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in “enroll on behalf” scenarios.
- Expanded passkey and passwordless storage capabilities
- Accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials, YubiKey 5.7 offers ample storage for FIDO2 discoverable credentials (passkeys) and OATH one-time passwords, meeting diverse authentication needs and the highest level of protection. This expansion of storage allows frequent users of passkeys and OATH one-time passwords to move to a passwordless future and a stronger security posture.
- Expansion and enhancement of public key algorithms
- Support for larger RSA keys (RSA-3072 and RSA-4096), Ed25519, and X25519 key types enhances key management functions and flexibility for organizations, aligning with compliance requirements on organizations and the August 2023 Department of Defense (DoD) memo on stronger public key algorithms.
- Migration to Yubico’s own cryptographic library
- Yubico has developed a library in-house that performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.
- Restricted NFC usage during transit
- NFC capable YubiKeys (YubiKey 5 NFC, YubiKey 5C NFC) and Security Keys (Security Key NFC, Security Key C NFC) have restricted NFC usage to prevent manipulation during transit. Read more here.
Security Key Series – Enterprise Edition (FIDO-only)
- This lineup, available only via YubiEnterprise Subscription, contains all the FIDO-focused benefits of the YubiKey 5 Series mentioned above. Smart Card/PIV capabilities, OATH and OTP credentials are not available on any Security Key Series thus these updates are not applicable.
Security Key Series (FIDO-only)
- This lineup with the update to 5.7, mirrors the same updates as the Security Key Series – Enterprise Edition, except for the ability to support enterprise attestation and conduct related asset tracking.
These advancements enable enterprises to streamline critical processes, such as asset tracking and account recovery, while bolstering security measures against phishing attacks. By enforcing stringent PIN policies at the hardware level and aligning with industry standards, Yubico empowers organizations to enhance their security posture and achieve compliance.
Yubico Authenticator 7: Overview of key updates
Yubico Authenticator 7, launched today, builds upon version 6 with a host of new features – solidifying its role as the ultimate YubiKey management tool. Since Authenticator 6, we’ve listened to user feedback and made steady improvements, including support for new protocols. Notably, PIV support has been added, allowing users to manage private keys and certificates on their YubiKey – enabling functions like programming Yubico OTP credentials and setting static passwords accessed by touching the YubiKey.
The app is now available for all major desktop platforms, as well as for Android. Enhanced features for iOS will be coming in the next version of the iOS application. It’s the perfect companion to the new YubiKey 5.7, with its expanded credential storage.
Key features and updates within Authenticator 7 include:
- Responsive user interface
- Makes use of available space to show you relevant information, whether it’s on a phone, tablet, or desktop.
- Personal styling
- Set a custom label and color on a per-YubiKey basis to help differentiate between multiple YubiKeys.
- Expanded management features
- Support for OATH, FIDO2/WebAuthn, PIV, and Yubico OTP on desktop, as well as support for the new features in YubiKey 5.7 such as new key types and management options.
- FIDO2/WebAuthn support for Android
- Management of PIN, fingerprints, and device-bound passkeys is now available on your Android phone or tablet, in addition to desktop.
- UI localization
- Official Yubico-provided languages (French and Japanese) are available, as well as community provided ones.
And of course Authenticator 7 supports the latest features of our newest YubiKeys, like the new key types for PIV and managing the YubiKey Bio Multi-protocol Edition, available via YubiEnterprise Subscription – a unique service tailored to deliver phishing-resistant MFA to enterprises monthly at value and at scale. We’ve made sure to support the additional credential storage, with a more streamlined UI layout for managing many OATH accounts and passkeys, including the ability to search for a specific one by name.
These latest product updates mark a significant leap forward in enterprise security, equipping organizations with the tools and capabilities needed to combat evolving cyber threats effectively. With increased interest in going passwordless and the shift from passwords to passkeys, the way an organization can establish and manage a user’s identity credential throughout its lifecycle has evolved.
Now more than ever, enterprises need to think of equipping users with the type of authentication that offers phishing-resistance no matter which business scenario they are engaged in or platforms or devices they are using. The new benefits and features of YubiKey 5.7 and Authenticator 7 enable organizations to adapt to modern cyber threats while providing the highest assurance authentication for modern enterprises.
For more information on Yubico’s latest innovations, visit here. To download Yubico Authenticator 7, click here.
NOTE: For any questions regarding the transition to 5.7 firmware, please contact your Yubico sales representative.