Yubico Extends Mobile SDK for iOS to Lightning

Earlier this year, Yubico announced a Mobile SDK for iOS to enable Yubico OTP authentication over NFC on iPhones. Today, we are pleased to announce that we are extending the Yubico Mobile SDK to enable rapid implementation of FIDO U2F over a lightning connection for iOS apps. We invite developers to join the Yubico Lightning Project to work with us to broaden authentication options for iOS applications.

The reality is, overall usage of mobile devices is on the rise. In fact, 79% of internet use is predicted to be on mobile by the end of 2018. Yubico’s goal has always been to make strong, simple online security truly ubiquitous, regardless of service, device, and/or operating system. However, making a hardware authenticator, such as the YubiKey, work in a secure and seamless way with iOS has been a challenge for us and the rest of the industry over the past few years.

We have researched and prototyped various iOS solutions and believe that NFC (near field communication) and USB are optimal communications transports for external authenticators because of security and usability. While it’s always possible that Apple may further open up support for NFC or USB interfaces in the future, this is currently limited or not accessible on today’s iOS devices.

The Yubico Lightning Project is designed to address these issues, with rollout in several phases. Phase one introduces our extended Mobile SDK for iOS, which enables developers to add U2F authentication to iOS apps via a lightning connection. This approach enables apps and services to have out-of-the-box U2F support. Following phases will be communicated in the future.

“Our customers love the security and ease of use of U2F Yubico security keys on their Keeper desktop and web app. Providing this ability to all users on their iPhone and Android devices is an amazing and exciting capability we’ll be ready to deploy as soon as it becomes available,” said Craig Lurey, CTO and Co-Founder of Keeper Security.

“Multi-factor authentication is a must for all organizations, helping to mitigate credential-based attacks and ensuring only the right people have access to the information they need to do their work. By working with companies like Yubico alongside our own MFA offering, we’re able to continue to provide organizations with options for simple, seamless ways to layer security on all of the devices the modern workforce is using today,” said Joe Diamond, Sr. Director of Security Product Marketing, at Okta.

Developers who are interested in taking advantage of strong U2F authentication for iOS apps, are invited to sign up for the Yubico Developer Program mailing list to stay updated on new developer resources as they become available.

Talk to our teamTalk to our team

Share this article:


  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey