U2F, OIDC Team Up For Strong Authentication, Federation

Yubico Team

Yubico Team

2 minute read

The New York Times sits elegantly secured behind authentication technology that combines a U2F-enabled YubiKey and standardized identity federation built on OpenID Connect (OIDC).

It’s a colorful twist for a newspaper first published in 1851 and famously known as The Gray Lady. But linked with Google and Yubico, the trio is part of an identity federation that relies on strong authentication to protect access to the online version of the newspaper.

Identity federation is the process of logging in to a single identity provider (in this case, Google) and then navigating to other sites (for example, The New York Times) without having to log in again. The YubiKey and FIDO U2F secure the identity provider login using public key cryptography, while OIDC takes care of the trusted and federated relationship between Google and The New York Times.

OIDC is an identity federation standard that we profiled along with FIDO U2F last year to show how the pair solves a wider range of authentication challenges than either technology could on its own. Yubico is also a member of the OpenID Foundation, which is the creator of OIDC, and is actively exploring how U2F plays with other standardized identity technology.

Watch this video to see federated identity with a YubiKey in action. It’s impossible to see identity federation working under the covers in this scenario, but the simplicity and security should be clearly evident. And really, that’s the desired user experience.

How to: Login with FIDO U2F and OpenID Connect from Yubico on Vimeo.

Talk to our teamTalk to our team

Share this article:
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST