YubiKey NEO Updates

UPDATE: YubiKeys with serial numbers 2624253 to 2624449 and 2624801 to 2625499 are also not configured with fixed card manager keys.

Our YubiKey NEO, is a JavaCard-based product. The NEO has a set of card manager keys that allows you to delete/add/update the software “applets” running on the NEO, through the Global Platform interface.

We launched the YubiKey NEO as a “Developer Edition”, and as such, the card manager keys were set to a single value to facilitate development.

For production use we don’t recommend this, since anything you can do is also something an attacker can do, thus potentially achieving a denial of service of your NEO by (for example) removing all applets on it. (Note that the card manager keys does not give anyone the ability to extract secrets, that’s by design never possible.) As the Yubico applets have now reached a reasonable level of maturity, we are proactively changing our processes around card manager keys. The YubiKey NEOs that have shipped from July 1st 2014, starting with serial number 3,000,000, are no longer configured with the fixed card manager keys.

What does this mean if you are an existing YubiKey NEO customer? If you are concerned with someone else modifying the software on your NEO we recommend that you change the card manager keys. Global Platform can be used to change the card manager keys.

Initially we targeted YubiKey NEO towards early adopters and developers; now the majority of our customers are moving to production deployment and require production devices. What does this mean if you want to develop applets for the YubiKey NEO? We are setting up a YubiKey NEO Developers program for you to order YubiKey NEO “Developer Edition” that come with the known card manager keys, so you can load and delete applets as you wish, and services for Yubico to load your applets onto production YubiKey NEO for your customers. We will announce the launch of the YubiKey NEO Developer program here and on our social media channels.

We are improving the way we set-up the OpenPGP applet on YubiKey NEO; from shipments made today, we now set the card serial number to be the same as the YubiKey laser etched serial number; that’s important if you have multiple YubiKey NEO. Secondly, we are shipping version 1.0.6 of the OpenPGP applet that works with GnuPG version 2.0.22+ and supports import of secret keys.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless