Yubico Introduces World’s First NFC-Enabled OTP Token

PALO ALTO, Calif. and STOCKHOLM, Feb. 15, 2012 – Yubico, the leading provider of simple, open online identity protection, today announced that it is expanding the capabilities of its popular YubiKey USB authentication device to secure access to Near Field Communication (NFC) enabled mobile devices. The YubiKey NEO, offering superior mobile security with a single tap, will be presented at the RSA Conference, February 27 – March 1, in San Francisco.

“The NFC enabled YubiKey NEO is our first step in expanding Yubico technology across Smartphone and tablets, leveraging our core value of secure and easy-to-use, out-of-the-box authentication,” said Stina Ehrensvard, CEO and founder of Yubico. “Whether you are authenticating an email account or an NFC payment service from your Smartphone, mobile applications have shown to be vulnerable to several forms of attacks. Having a separate easy-to-use hardware device that leverages two-factor authentication for your Smartphone is critical for minimizing the risk of mobile malware.”

When the YubiKey NEO is introduced to a NFC-enabled Smartphone, the phone reads the YubiKey which emits a securely encrypted one-time password (OTP), compatible with the OTP provided by the standard YubiKey. The rugged, door-key sized YubiKey NEO fits on a keychain and includes NFC contactless technology as well as a USB interface for use with a regular computer.

The default out-of-the box behavior of reading a YubiKey NEO on a Smartphone is to trigger the browser with a programmable URL that includes the OTP, with no need to install any mobile app. The user experience can be further enhanced by installing apps that support the YubiKey NEO. LastPass, for example, has integrated support for the YubiKey NEO in their Android app, so that you can securely unlock your password vault by just swiping the key against your NFC enabled smartphone or tablet.

The YubiKey NEO will be demonstrated at the RSA Conference in San Francisco, February 27 – March 1, including how to use it to access LastPass and SAML-enabled services, such as Google Apps. Pre-production samples can be ordered from the Yubico web store from February 27, with full production scheduled for later this year.

For more information, please visit yubico.com/yubikey-neo.

About Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

Yubico is a leading contributor to the FIDO2WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

Press RoomPress Room

Share this article:


  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU
  • Securing critical infrastructure from modern cyber threats with phishing-resistant authenticationAcross the globe, 2024 has seen a whirlwind of change. With ongoing wars, recent political change-ups and more, growth in data breaches targeting critical infrastructure continue to be on the rise. Critical infrastructure is integral to our everyday life – from the energy and natural resources powering our hospitals and providing clean drinking water, telco […]Read moreCISAcritical infrastructurezero trust