The YubiKey 5 FIPS Series is here and there are 5 things you need to know

Today, we’re thrilled to announce yet another product milestone in addition to the launch of YubiHSM 2 FIPS — the long-awaited YubiKey 5 FIPS Series is now generally available. It is the industry’s first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card (PIV/CAC), to receive FIPS 140-2 validation, Overall Level 1 with certificate number 3907 and Level 2 with certificate number 3914. 

With several new mobile-friendly form factors and upgraded features and firmware, the new series allows highly-regulated entities to easily modernize their existing authentication framework and achieve phishing-resistant passwordless authentication for all users. For U.S. government agencies and contractors, or organizations in the healthcare, financial services, and energy sectors that are required to meet stringent compliance requirements, here are 5 things to know about the YubiKey 5 FIPS Series: 

  1. New form factors expand mobile-first coverage  — The YubiKey 5 FIPS Series is now available in six form factors, introducing three in particular that address the security and ‘tap-and-go’ usability needs of mobile users: YubiKey 5 NFC, YubiKey 5C NFC, and YubiKey 5Ci. Together, the full FIPS lineup now supports USB-A, USB-C, NFC and Lightning connections, enabling FIPS-validated, trusted authentication for mobile users and modern devices. 
  1. It’s the first line up of FIPS validated multi-protocol security keys to enable passwordless authentication — Most notably, the YubiKey 5 FIPS Series now includes FIDO2 and WebAuthn, supporting both legacy and modern environments and offering the bridge to secure passwordless workflows. With support for several other protocols such as smart card/PIV, FIDO U2F, Yubico OTP, and OATH HOTP, it enables organizations to achieve strong authentication across legacy and modern infrastructures and devices. 
  1. They are already DoD and NSA-approved alternate authenticators — YubiKeys are 1 of 3 government-approved alternate authenticators, according to the Department of Defense, and are also referenced in the NSA’s guidance on selecting secure multi-factor authentication solutions. With an existing DoD and NSA seal of approval, the YubiKey 5 FIPS Series enables government customers to fill security gaps with fast deployments and quick budget-approvals. 
  1. It works in parallel with existing government-approved strong authentication frameworks like PIV and CAC — With support for multiple authentication protocols, the YubiKey 5 FIPS Series may be used with already deployed strong authentication methods like PIV and CAC. This extends phishing-resistant multi-factor authentication (MFA) to employees, contractors, and remote workers who may not be able to be issued a PIV/CAC card, or allows Federal customers to use a derived PIV/CAC credential to secure Bring Your Own Approved Device (BYOAD) mobile users, even on isolated or closed networks. 
  1. Customers love it — Existing customers are excited to see Yubico’s continued commitment to the federal market with the introduction of the YubiKey 5 FIPS Series. According to the U.S. Treasury Department, “We certainly understand how difficult it is to go through these certification processes, and the Yubico team has shown an unwavering understanding for our evolving needs, particularly during this pandemic. Yubico is a partner that consistently goes above and beyond to support their clients, so we’re thrilled to celebrate this great progress today!”

The YubiKey 5 FIPS Series is certified at FIPS 140-2, Overall Level 1 and Level 2, and in addition has achieved Physical Security Level 3; the YubiKey 5 FIPS series is able to meet the requirements for Authenticator Assurance Level 3 (AAL3) as defined in NIST SP800-63B. 

For more information on the new YubiKey 5 FIPS Series, please visit the Yubico website. The series is also available for purchase on the Yubico store, through Yubico’s dedicated sales team, or from any Yubico-approved channel partners and resellers

Talk to our teamTalk to our team

Share this article:


  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane