• Contact Sales
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Man holding YubiKey
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Google headquarters
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Hand holding YubiKey behind Apple iPhone
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
Woman holding YubiKey 5ci
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Critical infrastructure
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
Hand holding YubiKey behind Apple iPhone
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Lock on a laptop
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Government building
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

Get the white paper
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Elections & campaigns
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
man working a manufacturing line
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Person looking at a computer with a government building showing
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Remote workers at a wind farm
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
Laptop with a YubiKey inserted
BeyondTrust: secured with a subscription

A leader in Privileged Access Management simplifies YubiKey deployment

How they optimized ROI
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
S&P Global Market Intelligence report: old habits die hard

Only 46% of respondents protect their applications with MFA. How about you?

Read the report
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Considering Passkeys for your Enterprise?

Learn how to avoid the common pitfalls of synced passkeys

Get the Ebook
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
YubiKeys in lots of form factors
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services

Set up your YubiKey
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
YubiKey on a keychain plugged into a laptop
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs

Take the quiz
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
Worker with a calculator and laptop with a spreadsheet
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout

Professional Services
  • about Yubico
  • authentication
  • FIDO
  • WebAuthn
SubscribeStore
  • Home » Blog » Why we designed the YubiKey the way we did

    Why we designed the YubiKey the way we did

    Stina Ehrensvard

    Stina Ehrensvard

    February 26, 2020
    6 minute read
    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    The first YubiKey was launched in 2008, inspired by the word ‘ubiquity’ and with the mission to make simple and secure logins available for everyone. At the time, we were less than 10 people in the company, but our strategy was simple: if we focused on further developing the YubiKey technology in close collaboration with a handful tech giants, we could help make the internet safer for all.

    Today, 12 years later, we are closer to this goal. Since Yubico released the first-ever FIDO security key in 2014, now all leading platforms and browsers have made support for the YubiKey and the FIDO and WebAuthn standards that we pioneered. A growing number of FIDO-compatible authenticators have also entered the market, including those that are built into computers and phones — which is how we envisioned it. More organizations adopting the standards will continue to grow the ecosystem, and also benefit YubiKey users.

    There may never be one silver bullet for all authentication needs, but the YubiKey is designed to cover as many use cases as possible. The current YubiKey product line is a direct result of continuous innovation and collaboration with our customers, partners and users to achieve the highest levels of security, usability and durability. Below is a high-level summary of the design and production choices Yubico has made and why.

    An external authenticator minimizes the attack surface

    FIDO authenticators are now being integrated directly into phones and computers, which will be great for growing adoption for consumers and a long tail of use cases. However, these multi-purpose components also come with a larger attack vector and potential security risks such as the Intel Spectre issue.

    Security experts for both the physical and digital world agree that minimizing the attack surface is critical for a stronger defense. To improve security for online accounts, we created the YubiKey as an external authenticator that is solely focused on authentication and encryption, and is not tied to the internet. In comparison to built-in authenticators, the YubiKey is also made to function without batteries, work across all computers and phones, and be an affordable cross-device root of trust.

    Small devices reduce environmental footprint

    The YubiKey is designed to last: a solid monoblock design, no batteries, no moving parts. The most common YubiKey keychain design weighs similar to a credit card, and we designed all our products and packaging to be as low weight and flat as possible to help minimize shipping volume and carbon footprint.

    USB and NFC are secure and easy-to-use form factors

    Some FIDO authenticators — including phones, computers or security keys — use Bluetooth Low Energy (BLE) communication during the authentication flow. However, Bluetooth was primarily designed for audio, not for security. Though security improvements have been made since the initial BLE specifications were created, there is still a risk of being compromised within a range of a few meters. Additionally, BLE adds complexity for users, which increases the amount of help desk support calls and associated costs.

    Research has shown that large FIDO-based user deployments with USB and NFC YubiKeys have resulted in zero account takeovers and 92% reduction of support calls, with tens of millions of cost savings.

    Secure elements offer strong physical protection

    Allowing more people to scrutinize code is generally good for security, but unfortunately, major open source security issues, such as Heartbleed, are also a reality.

    The initial YubiKey was built on off-the-shelf USB components. To improve the physical security of the YubiKey, we later decided to build all of our hardware on secure elements, which are also used for chip-based credit cards and passports. Secure elements provide authenticity of origin for the components, and help to prevent a fraudster who has physical possession of a device from extracting or altering the code.

    State-of-the-art secure elements do not allow for open source implementations, since these chips are proprietary and restricted in terms of documentation and tools. To safeguard the quality and integrity of Yubico products, our security and engineering teams run continuous internal and third-party security reviews.

    Biometrics and PINs will coexist in a passwordless world

    FIDO and WebAuthn will soon help us forget our complicated passwords and replace them with physical FIDO authenticators using strong public key cryptography. These devices will be the first strong factor (what you have), and can be combined with a PIN (what you know) or biometrics (what you are).

    Though biometrics offer convenience, a static image such as a fingerprint is not necessarily more secure than a PIN. Later this year, Yubico will launch the YubiKey Bio that will support both fingerprint and PIN. The product will arrive in a slim, robust design and with improved security features compared to what is available on the market today.

    Supply chain matters

    Yubico products are manufactured in the US and Sweden. We made this a conscious choice to ensure the integrity of our products. FIDO only certifies interoperability, but currently does not set any security policies or perform product security reviews. Therefore, it is up to users and service providers to choose vendors they trust.

    Authentication continues to evolve

    The YubiKey was designed with the future in mind. To enable a seamless path from today to tomorrow, we added both legacy and modern security protocols on a single device.
    To allow one authenticator to work across a wide range of systems, services and applications, the YubiKey supports static password, one-time password (OTP), PIV (smart card), OpenPGP, FIDO U2F and FIDO2.

    Yubico’s new YubiEnterprise subscription model allows businesses to upgrade a percentage of their YubiKeys as new models and features are introduced.

    Following our mission to make the internet safer for all

    With the growing market of FIDO authenticators, our customers ask us what options to consider. Our general response is to make support for FIDO2 and WebAuthn, try out many of the authenticators available, and then let users’ feedback and deployment statistics help guide the decision. With open standards, service providers and users are not locked into one vendor or design option, but can choose to move as the market evolves.

    At Yubico, we will continue to innovate, drive open standards, and focus on our customers to earn market share and long-term trust.

    Share this article:

    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    Recommended Posts

    • Q&A with CEO Mattias Danielsson: Yubico’s next stage of growth as a public company and what investors can expect

      Today marks an exciting, historic day in Yubico’s history: the company is now publicly traded under the ticker symbol YUBICO on Nasdaq First Growth North Market in Stockholm. As the cyber threat landscape continues to evolve rapidly through increasingly sophisticated attacks like phishing, the need for phishing-resistant MFA with the YubiKey are at an all-time […]

      Read more
      • Investors
      • Q&A
      • thought leadership
    • Five foundational cybersecurity controls to mitigate 90% of breaches

      During my 16 years in the cybersecurity industry, and after discussions with numerous CISOs and cyber security experts, they all agree that there are five easy steps all organizations can take to mitigate over 90% of all cyber breaches1.  Just like cars were not initially designed for safety, the internet was not designed for security. […]

      Read more
      • best practice guide
    • Okta + Yubico: Better together

      Modern cybersecurity needs to be phishing-resistant, but it also needs to incorporate a great user experience for employees, IT teams and customers. We know traditional authentication methods are perceived as user-friendly, but they are not secure and vulnerable to most attacks  – in fact, 59% of people still rely on username and password to authenticate […]

      Read more
      • Okta
      • Partner Program
    • Works with YubiKey Spotlight: How Yubico works with industry leaders who share the commitment to strong authentication

      As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]

      Read more
      • Works with YubiKey
      • wwyk
Yubico Text LogoYubico Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust