FIDO U2F Now Offers Contactless, Tokenless, Passwordless Mobile Authentication

Stina Ehrensvard

Stina Ehrensvard

3 minute read

2016 is the year when FIDO U2F will unfold its promise of a “universal” second factor.

Successfully deployed with Gmail, Dropbox, and GitHub in 2015, the U2F open standard is now expanding to mobile devices. At the ShowStoppers @ CES (Consumer Electronics Show) event in Las Vegas, Yubico is demonstrating the first FIDO U2F-certified, NFC-enabled YubiKey device as well as a software-based U2F mobile client that brings public key cryptography to both consumer and enterprise mobile users with a tokenless and passwordless experience.

Near Field Communication (NFC) was developed as an open standard more than a decade ago, and is today supported in all leading mobile platforms and hundreds of millions of mobile devices. Designed for contactless identification and authentication, NFC has also successfully found its way into mobile payment systems and credit cards.

The YubiKey NEO is now the first device certified for U2F mobile authentication over NFC. GitHub is pioneering support for mobile U2F for their users, combining a username and password with a simple tap of the YubiKey to an NFC-enabled mobile device. And later this year, the first U2F devices with Bluetooth will enter the market, addressing high-security login from iOS devices where NFC capabilities currently are limited to systems owned by Apple.

Also at Showstoppers @ CES, Yubico is demonstrating a software-based U2F mobile client that does not require additional hardware. It’s designed for both iOS and Android, the second factor can be a password or the fingerprint used to unlock the phone, enabling the first tokenless and passwordless user experience for FIDO U2F. While external hardware authenticators, without internet connections, offer the highest level of identity protection, this software-based U2F mobile client does provide a heightened level of security compared to a static username and password login. For example, an online bank that adds supports for U2F allows its mobile users to perform lower-value transactions using the U2F mobile client only, while higher-value transactions would require U2F hardware authentication.

As a co-author and driving contributor to the FIDO U2F open standard, Yubico’s mission is to make secure login easy and available for everyone, while safeguarding privacy. The YubiKey NEO is available today at Amazon and Yubico web store  for $50 in single quantity retail price. During the coming spring, Yubico will be piloting the FIDO U2F mobile client with large-scale service providers.

Want more interesting reading on FIDO U2F?

How journalists and human rights organizations use FIDO U2F to protect their identity
How Google reduced time, support costs, and fraud with FIDO U2F

, ,
Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day