Yubico Expands FIPS 140-2 Product Line with YubiHSM 2 FIPS, the World’s Smallest FIPS Validated Hardware Security Module

Ryan Schin

Ryan Schin

4 minute read

Complementary to the company’s new YubiKey 5 FIPS Series, YubiHSM 2 FIPS enables highly-regulated organizations to achieve a holistic security posture

PALO ALTO, CA and STOCKHOLM, SWEDEN – May 4, 2021 –  Yubico, the leading provider of hardware authentication security keys, today announced its latest FIPS 140-2 product offering, and the first of its kind for the company: YubiHSM 2 FIPS. Today’s news comes alongside the YubiKey 5 FIPS Series launch, the company’s most recent security key line to receive FIPS 140-2 validation. 

The YubiHSM 2 launched in 2017, but this marks the first FIPS-validated version of the product. The YubiHSM 2 FIPS is certified at FIPS 140-2, Level 3. With the added availability of YubiHSM 2 FIPS, organizations in highly-regulated industries such as government, financial services, healthcare, and energy now have the opportunity to reap the same security benefits that many other YubiHSM users have. This includes advanced protection for certificate authority (CA) keys, database master keys, code signing, authentication/access tokens, manufacturing processes and component authenticity checks, IoT gateways or proxies, file encryption, cryptocurrency exchanges, and more. 

“The YubiHSM 2 FIPS is an exciting addition to our recently updated FIPS-validated product line,” said Suresh Thiru, Chief Product Officer, Yubico. “Our high-risk customers are now equipped with a full product suite that helps them not only achieve and maintain compliance, but also advance their security posture across the entire organization. From protecting servers to users, regardless of their location, Yubico is the partner who strives to do it all.” 

Primary benefits of the YubiHSM 2 FIPS include: 

  • Secure hardware protection for cryptographic keys — The YubiHSM 2 FIPS enables secure key storage and operations on tamper-resistant hardware, with audit logging. This prevents accidental copying and distribution of keys, and remote theft of cryptographic software keys. Extensive cryptographic capabilities include: hashing, key wrapping, asymmetric signing, decryption, attestation and more. 
  • Innovative design for flexible use and simple deployment — Traditional rack-mounted and card-based HSMs are not practical for many organizations due to their size and deployment complexity. The YubiHSM 2 FIPS offers a portable ‘nano’ form factor that allows fast and flexible deployment across diverse environments. It fits easily into a USB-A slot, lying almost flush to remain concealed. 
  • Low-cost, high security ROI — The YubiHSM 2 FIPS delivers government-grade high cryptographic security and operations at a price point that is up to 90% cheaper than traditional HSMs. Additionally, low-power usage reduces business energy consumption. 

Along with the rest of Yubico’s FIPS product lineup, YubiHSM 2 FIPS is manufactured using stringent processes and a secure supply chain for trustworthy components, ensuring strong security and regulatory compliance for the most security-conscious organizations.

For more information on YubiHSM 2 FIPS, please visit the Yubico website. It is also available for purchase on the Yubico store, through Yubico’s dedicated sales team, or from any Yubico-approved channel partners and resellers

About Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts. The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

The company’s technology is deployed and loved by 9 of the top 10 technology companies, 4 of the top 10 U.S. banks, 2 of the top 3 global retailers, and by millions of users in more than 160 countries. Yubico is also a leading contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor open authentication standards. Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com.

Media Contact: 

Zander Wharton 

Public Relations Manager, Yubico

zander.wharton@yubico.com

203-733-2815

Share this article:
  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless