Yubico Pioneers the Simplification of Smartcard Support on Mobile for iOS

Yubico Team

Yubico Team

5 minute read

Yubico is committed to enabling YubiKey integrations for all of our technology partners and enterprise customers with the least amount of friction and time-to-market as possible. With this goal in mind, we are very excited to announce the public general availability of our Yubico Authenticator for iOS app that now supports YubiKey-based smartcard login alongside OATH credentials. For both smartcards and OATH, a YubiKey is required with the app as the credentials reside on the YubiKey. This now unlocks more use cases, and enhances security, by allowing users to securely access smart card-protected resources like certificate-based VPN and email from their iOS mobile devices using hardware security keys. US government agencies requiring the highest authenticator assurance at level 3 (AAL3), will need an authenticator like a PIV compliant smart card or FIDO/WebAuthn security key that is validated with FIPS 140 Level 2 overall and Level 3 physical security. YubiKeys are validated at these levels with Certificate #3914 and able to be used as both a PIV smart card and FIDO/WebAuthn security key for logging into mobile devices, laptops and desktops.

The Growing Customer Need

With remote work exploding and a continually expanding attack surface in both public and private sectors, we saw the need for our customers to provide secure mobile authentication without compromising on user experience or compliance. 

According to the latest U.S. Office of Management and Budget (OMB) draft release on Federal Zero Trust Strategy in support of Executive Order 14028, “Improving the Nation’s Cybersecurity”, “Agency systems must require internal users to use a phishing-resistant authentication method to access their accounts. For routine self-service access by agency staff, contractors, and partners, agency systems must discontinue support for authentication methods that fail to resist phishing, such as protocols that register phone numbers for SMS or voice calls, supply one-time codes, or receive push notifications.”

Furthermore the guidance states, “This requirement for phishing-resistant protocols is necessitated by the reality that enterprise users are among the most valuable targets for phishing, but can be given phishing-resistant tokens, such as PIV cards, and be trained in their use. For many agency systems, PIV or derived PIV will be the simplest way to support this requirement. However, agencies’ highest priority should be to rapidly implement a requirement for phishing-resistant verifiers, whether this is PIV or an alternative method, such as WebAuthn.”

Our federal customers want to ensure that authenticators with the highest authenticator assurance level (AAL3) can be used on iOS devices, including access to smartcard-protected resources such as email, and secure signing of documents.

What’s New?

Last year, Apple opened up the cryptotokenkit that allows access to security tokens and cryptographic resources from the iOS keychain. This enables the public part of the smartcard certificate on YubiKeys to securely move to the iOS keychain (the private part of the smartcard certificate never leaves the YubiKey). With this capability our customers can now leverage the new Yubico Authenticator for iOS app to securely onboard the certificate from the YubiKey to the iOS keychain and then use that credential across any native app like Safari or any app that has an embedded Safari browser.

How does the Smartcard Capability in the Authenticator for iOS App Work?

Three easy steps for one-time registration:

  1. Have a PIV-enabled YubiKey with a smartcard certificate provisioned on it
  2. Download the Yubico Authenticator for iOS app on your iPhone with v14.2 or later
  3. Open the app, insert the YubiKey or tap over NFC and follow simple steps to upload certificate to iOS keychain

That’s it! Now you can use this certificate across multiple apps like the Safari browser, certificate-based VPN, and document signing.

How to Get Started?

After an extensive private beta across US and Europe with our public sector and enterprise customers, we are excited to announce the general availability of this app in our iOS app store.  All you need is a PIV-enabled YubiKey! Any key from the YubiKey 5 Series or the YubiKey 5 FIPS Series offers multi-protocol capabilities, including Smart card/PIV functionality.

Why Yubico?

Yubico is the pioneering company behind modern, mobile, user friendly and phishing resistant hardware-based authentication solutions, proven to stop account takeovers at scale. We are excited to have worked with Apple in bringing this new PIV smart card functionality first to the iOS market for our customers and partners, offering accountability and reporting for all routes-to-market:

  1. Smartcard usage across apps: Turnkey solution to onboard smartcard certificates to keychain launching today
  2. Smartcard usage within an app: iOS and Android SDKs’s supporting smartcard support

Why Apple?

Apple has been a pioneer in building highly secure and user friendly mobile devices. With the cryptotokenkit enhancements, Apple opens up the ecosystem to build easy to use, and secure apps on its platform for public sector and enterprises alike. It also incentivizes the iOS developer ecosystem and technology partners like MDM vendors and VPN solutions to invest heavily in iOS apps in order to better enable their use cases.

 

, ,
Talk to our teamTalk to our team

Share this article:
  • Securing the skies with YubiKeys: Insights on cyber resilience in the aviation industry and beyondIn an increasingly interconnected world, the landscape of cybersecurity is constantly evolving. Bad actors are becoming more sophisticated, leveraging tactics like phishing and ransomware to exploit human error and weak credentials. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises – especially those in high-stakes sectors like commercial […]Read morecyber resilienceEUmanufacturingQ&A
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet