Today, we are announcing the YubiKey Bio Series, Yubico’s first-ever YubiKeys supporting biometric authentication. The YubiKey Bio was first previewed at Microsoft Ignite in 2019 where we showed a live demo of passwordless sign-in to Microsoft Azure Active Directory accounts. We’ve taken the time to ensure that we are launching products that are highly secure and user friendly.
The YubiKey Bio Series is where Yubico’s hallmark hardware security meets a new user experience with fingerprint on device authentication. As of today, the YubiKey Bio Series is generally available in both USB-A and USB-C form factors delivering secure second factor and passwordless logins for desktop-based FIDO-supported services and applications. The YubiKey Bio Series is available for purchase on yubico.com at a retail price of $80 for the USB-A form-factor and $85 for the USB-C form-factor.
When developing the YubiKey Bio Series, we challenged ourselves to reimagine the architecture of biometric authentication on a security key. These series of keys incorporate a three chip design, allowing the biometric fingerprint material to be stored in a separate secure element which delivers enhanced protection from physical attacks. Ultimately, we created devices that enable modern and streamlined passwordless authentication, while, most importantly, not sacrificing security. The YubiKey Bio acts as a portable and hardware-backed root of trust which allows the user to authenticate with the same key across different desktop devices, operating systems, and applications.
Here’s some fast facts on what to expect with the YubiKey Bio Series:
- Consistent reliable design. The YubiKey Bio Series leverages the same sleek and simple keychain design as other YubiKeys, including its durability and water resistant features. In lieu of the classic gold contact on other YubiKeys that establishes user presence, the fingerprint sensor on the YubiKey Bio authenticates the user with fingerprint recognition.
- Meets passwordless demand. Organizations increasingly want to free users from the pain of managing multiple passwords, and demand solutions that enable passwordless experiences. YubiKeys enable this today with a single PIN, and the YubiKey Bio Series, which supports FIDO2/WebAuthn and U2F, allows fingerprint authentication in place of the PIN. However, should a user’s fingerprint not register on the device during a login attempt, users will be able to unlock the YubiKey Bio with a personal PIN which is added during initial setup.
- Hardware security keys. YubiKey Bio integrates with the native biometric enrollment and management features supported in the latest platforms and operating systems. Fingerprints can also be enrolled, added, and deleted with the Yubico Authenticator for Desktop app on Windows, macOS and Linux. Templates of the fingerprints are derived from the fingerprints presented to the key, and those fingerprint templates are stored and matched on a separate secure element that helps protect against physical attacks. Fingerprint materials never leave the YubiKey Bio Series.
- A new user experience, portability, and enhanced workflow with FIDO protocol support. Secure second factor and passwordless login experiences, backed by biometrics, enhances the user experience. FIDO-supported services and applications also allow for applications to become ‘trusted’, only needing YubiKey Bio login during the initial authentication flow into the service.
- Portable authenticator purpose built for security. Nowadays, many devices provide built-in authenticators, but if a device is compromised then the built-in authenticator might be too. This can leave users more vulnerable to sophisticated cloning attacks and account takeovers, slowing down their ability to access their accounts. The YubiKey Bio and all other YubiKeys, are built solely for one function and focus – strong security.
The YubiKey Bio Series enables biometric login on desktop with all applications and services that support FIDO2/WebAuthn/U2F and works out-of-the-box with Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory and Microsoft 365, Okta and Ping Identity.
To know if the YubiKey Bio is right for you, take our quiz, and we recommend using the YubiKey Bio Series when:
- Securing an account with a service that supports only FIDO U2F or FIDO2/WebAuthn protocols
- Authenticating primarily using a desktop device
- In cloud-first environments
- Use cases such as shared workstations and mobile restricted environments
However, if you need the following, we recommend that you choose a key from the YubiKey 5 Series:
- Require broader form factors and NFC support
- Need to work across desktop and mobile devices
- Supporting applications and services using a range of protocols such as OTP, FIDO U2F and FIDO2/WebAuthn and Smart card/PIV
- Securing legacy and modern environments and offers a bridge to passwordless, utilizing non-FIDO protocols
Yubico always strives to innovate with its YubiKeys. One example of this is through its Premium tier YubiEnterprise Subscription, where customers experience upgrades, including adding additional protocol support and functionality to products like the YubiKey Bio Series.