Yubico Authenticator 6 is here!

Earlier this year we announced the upcoming release of Yubico Authenticator 6, the next version of our YubiKey authentication and configuration app. We released a beta version, first for desktop, and then for Android, and we solicited your feedback. We got plenty of it, and have been busy incorporating a lot of it into the app, along with getting things ready for prime time. 

Now, we’re ready to show Yubico Authenticator 6 to the world, and recommend all our users to update to the new version! If you’re eager to download, you can scroll down directly to the bottom of the page for a direct link. Our newest version adds a layer of security for your online accounts that require Time-based One-Time Passwords (TOTP). As the safest authenticator app across both mobile and desktop, you’re able to store your credentials on your YubiKey and not on your mobile phone, so that your secrets cannot be compromised.

More than just a new coat of paint

Our main focus with this version has been to make sure our users can upgrade and still be able to do the same things with it as before, while setting the groundwork for better YubiKey management in the future. This is part of a broad and important effort to improve Yubico Authenticator across all platforms. Some things may have moved around a bit, or work in a slightly different way, but for the most part it should feel familiar. You can still scan QR codes, add new TOTP credentials, and use them to log in to various sites. 

On desktop, you can still manage your FIDO PIN and credentials, as well as your fingerprints in the case of YubiKey Bio. Some new features are available for  the app including native ARM support for MacOS, a smoother elevation to Administrator experience for Windows, and the ability to automatically copy a Yubico OTP to clipboard from NFC tap on Android (just to name a few). This is only the tip of the iceberg, as the bulk of the work for this release is in what’s below the surface.

Almost every part of the app has been rewritten for this new version. We now use a new UI framework (Flutter) to implement the user interface which has brought quality improvements and increased our development velocity. We’ve created a new architecture which serves as the foundation of the new app, suited for current and future needs (we have a lot more we want to do!). We’ve also consolidated our desktop and Android code bases to be able to share more common code between them, allowing us to keep the apps better in sync and deliver new features more rapidly.

Just as with the older version of the app, the new one is released as Open Source. Because we’ve combined the codebases for our desktop and Android versions we’ve had to make some small changes to our source code repository layouts. The old Android app repository has been archived, making it read only. The desktop repository will contain the code for both these going forward, and has been renamed to better suit this purpose, from yubioath-desktop to yubioath-flutter. You can find the repository on GitHub, just as before.

Built using our Open Source SDKs and libraries

One of the foundational pieces for Yubico Authenticator on desktop is the YubiKey Manager command line tool (usually referred to as ‘ykman’). To support this new app we also needed to improve the library aspects of ykman, which resulted in the release of ykman 5.0. Aside from being beneficial for use in Yubico Authenticator 6, ykman also gained some new features of its own, including much better scripting capabilities. You can now create and run your own Python scripts to configure YubiKeys, and run them with ykman. 

For more details, see the quickstart guide for scripting and be sure to also check out the example scripts we’ve included! These include samples for creating X509 certificates with custom extensions and attributes which are not available from the CLI interface, as well as provisioning multiple Yubico OTP credentials in sequence, outputting a CSV file which can be imported into a validation server.

Just as ykman is at the heart of the desktop version of Yubico Authenticator, our YubiKey SDK for Android fills this spot in our Android version. Much of the same functionality from ykman also exists in this SDK. If you’re a developer intending to support YubiKeys on Android, the SDK is a good place to start. Of course we’re not leaving our iPhone and iPad users out: we also recently released an updated version of the YubiKey SDK for iOS. This version recently added support for USB-C on iPads (requires iPadOS 16).  The iOS and iPad OS app (version 1.7) was also recently published to the app store.

Where to get it

Ready to get the new app? You can find downloads and links to app stores here.

Talk to our teamTalk to our team

Share this article:


  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU
  • Securing critical infrastructure from modern cyber threats with phishing-resistant authenticationAcross the globe, 2024 has seen a whirlwind of change. With ongoing wars, recent political change-ups and more, growth in data breaches targeting critical infrastructure continue to be on the rise. Critical infrastructure is integral to our everyday life – from the energy and natural resources powering our hospitals and providing clean drinking water, telco […]Read moreCISAcritical infrastructurezero trust