Stina Ehrensvard

Why we designed the YubiKey the way we did

The first YubiKey was launched in 2008, inspired by the word ‘ubiquity’ and with the mission to make simple and secure logins available for everyone. At the time, we were less than 10 people in the company, but our strategy was simple: if we focused on further developing the YubiKey technology in close collaboration with a handful tech giants, we could help make the internet safer for all.  

Today, 12 years later, we are closer to this goal. Since Yubico released the first-ever FIDO security key in 2014, now all leading platforms and browsers have made support for the YubiKey and the FIDO and WebAuthn standards that we pioneered. A growing number of FIDO-compatible authenticators have also entered the market, including those that are built into computers and phones — which is how we envisioned it. More organizations adopting the standards will continue to grow the ecosystem, and also benefit YubiKey users.

There may never be one silver bullet for all authentication needs, but the YubiKey is designed to cover as many use cases as possible. The current YubiKey product line is a direct result of continuous innovation and collaboration with our customers, partners and users to achieve the highest levels of security, usability and durability. Below is a high-level summary of the design and production choices Yubico has made and why. 

An external authenticator minimizes the attack surface

FIDO authenticators are now being integrated directly into phones and computers, which will be great for growing adoption for consumers and a long tail of use cases. However, these multi-purpose components also come with a larger attack vector and potential security risks such as the Intel Spectre issue

Security experts for both the physical and digital world agree that minimizing the attack surface is critical for a stronger defense. To improve security for online accounts, we created the YubiKey as an external authenticator that is solely focused on authentication and encryption, and is not tied to the internet. In comparison to built-in authenticators, the YubiKey is also made to function without batteries, work across all computers and phones, and be an affordable cross-device root of trust. 

Small devices reduce environmental footprint

The YubiKey is designed to last: a solid monoblock design, no batteries, no moving parts. The most common YubiKey keychain design weighs similar to a credit card, and we designed all our products and packaging to be as low weight and flat as possible to help minimize shipping volume and carbon footprint. 

USB and NFC are secure and easy-to-use form factors

Some FIDO authenticators — including phones, computers or security keys — use Bluetooth Low Energy (BLE) communication during the authentication flow. However, Bluetooth was primarily designed for audio, not for security. Though security improvements have been made since the initial BLE specifications were created, there is still a risk of being compromised within a range of a few meters. Additionally, BLE adds complexity for users, which increases the amount of help desk support calls and associated costs.

Research has shown that large FIDO-based user deployments with USB and NFC YubiKeys have resulted in zero account takeovers and 92% reduction of support calls, with tens of millions of cost savings. 

Secure elements offer strong physical protection

Allowing more people to scrutinize code is generally good for security, but unfortunately, major open source security issues, such as Heartbleed, are also a reality.

The initial YubiKey was built on off-the-shelf USB components. To improve the physical security of the YubiKey, we later decided to build all of our hardware on secure elements, which are also used for chip-based credit cards and passports. Secure elements provide authenticity of origin for the components, and help to prevent a fraudster who has physical possession of a device from extracting or altering the code.

State-of-the-art secure elements do not allow for open source implementations, since these chips are proprietary and restricted in terms of documentation and tools. To safeguard the quality and integrity of Yubico products, our security and engineering teams run continuous internal and third-party security reviews. 

Biometrics and PINs will coexist in a passwordless world

FIDO and WebAuthn will soon help us forget our complicated passwords and replace them with physical FIDO authenticators using strong public key cryptography. These devices will be the first strong factor (what you have), and can be combined with a PIN (what you know) and biometrics (what you are).

Though biometrics offer convenience, a static image such as a fingerprint is not necessarily more secure than a PIN. Later this year, Yubico will launch the YubiKey Bio that will support both fingerprint and PIN. The product will arrive in a slim, robust design and with improved security features compared to what is available on the market today. 

Supply chain matters

Yubico products are manufactured in the US and Sweden. We made this a conscious choice to ensure the integrity of our products. FIDO only certifies interoperability, but currently does not set any security policies or perform product security reviews. Therefore, it is up to users and service providers to choose vendors they trust. 

Authentication continues to evolve

The YubiKey was designed with the future in mind. To enable a seamless path from today to tomorrow, we added both legacy and modern security protocols on a single device. 
To allow one authenticator to work across a wide range of systems, services and applications, the YubiKey supports static password, one-time password (OTP), PIV (smart card), OpenPGP, FIDO U2F and FIDO2. 

Yubico’s new YubiEnterprise subscription model allows businesses to upgrade a percentage of their YubiKeys as new models and features are introduced.

Following our mission to make the internet safer for all

With the growing market of FIDO authenticators, our customers ask us what options to consider. Our general response is to make support for FIDO2 and WebAuthn, try out many of the authenticators available, and then let users’ feedback and deployment statistics help guide the decision. With open standards, service providers and users are not locked into one vendor or design option, but can choose to move as the market evolves. 

At Yubico, we will continue to innovate, drive open standards, and focus on our customers to earn market share and long-term trust.