Yubico Launches New Developer Program and Security Key for FIDO2 and WebAuthn W3C Specifications

PALO ALTO, CA and STOCKHOLM, SWEDEN – April 10, 2018 – Yubico, the leading provider of hardware authentication security keys, today launched the Security Key by Yubico, the company’s first hardware authentication device that fully supports the new FIDO2 and WebAuthn API authentication standards from the FIDO Alliance and World Wide Web Consortium (W3C).
 

The company is also introducing the Yubico Developer Program, a resource for organizations exploring adoption and implementation of strong authentication for web and mobile applications, using Yubico supported protocols including FIDO U2F, OTP, PIV (Smart Card), OpenPGP, OATH (HOTP/TOTP) and the new FIDO2 Client to Authenticator Protocol (CTAP) specification.

Yubico will demonstrate the Security Key by Yubico and new functionality next week at the RSA Conference 2018, booth #S2241. 

The Security Key by Yubico delivers FIDO2 and FIDO U2F in a single device, supporting existing U2F two-factor authentication (2FA) as well as future FIDO2 passwordless implementations.

As a core inventor and driver of innovative, open authentication standards, first with FIDO Universal 2nd Factor (U2F) and now FIDO2, Yubico is introducing its first FIDO2-enabled authentication security key.  The Security Key by Yubico delivers FIDO2 and FIDO U2F in a single device, supporting existing U2F two-factor authentication (2FA) as well as future FIDO2 passwordless implementations.

“Since we launched the first YubiKey 10 years ago at the RSA Conference, our mission has been to enable one single security key to work across any number of services, and with great user experience, security, and privacy. Today, this vision is closer to its reality,” said Stina Ehrensvard, CEO and Founder, Yubico. “FIDO2 is a natural evolution of U2F, delivering trusted, passwordless authentication for the modern and distributed workforce.”

“The FIDO Alliance thanks all organizations and members that have contributed to the FIDO2 open standards work, enabling a future of simpler, stronger and passwordless authentication for users across the globe,” said Brett McDowell, executive director, the FIDO Alliance. “Yubico plays a central role in this creation process, from co-inventing the protocol that enables one single security key to access any number of services, without shared secrets, to where we are today, announcing the FIDO2 Project.”

What is FIDO2 and how does it differ from FIDO U2F and FIDO UAF?
U2F is an open authentication standard that enables hardware authenticators, coupled with a username and password, to securely access any number of web-based services — instantly and with no drivers or client software needed.

The FIDO2 Project consists of an API (Application Programming Interface) and a Protocol.  The Security Key by Yubico supports both the WebAuthn API and FIDO’s CTAP. FIDO2 provides strong authentication as a single factor, eliminating the need for passwords. It should be noted that if necessary, FIDO2 conveniently pairs with PINs, biometrics, or gestures as additional on-device authentication factors.  

FIDO UAF (Universal Authentication Framework) is a separate technical working group and standards initiative within the FIDO Alliance, focused on biometrics and mobile devices that requires client software.

Web Authentication
The WebAuthn API was developed by FIDO Alliance members, including Yubico, Microsoft, Google, PayPal, Mozilla and Nok Nok Labs, and standardized by the World Wide Web Consortium (W3C).  Once a specification is endorsed by the W3C, it becomes globally available, creating a ubiquitous web platform for FIDO2 support. WebAuthn allows for a Security Key to create a public key-based credential for authentication and use that credential to securely log in with a web-based interaction similar to U2F.

Client to Authenticator Protocol (CTAP)
CTAP is an application layer protocol and is used to communicate between a client (desktop) or a platform (operating system) and an external authenticator (i.e. Security Key by Yubico). The CTAP model allows one device, such as a Security Key by Yubico, to act as an authenticator to log in to a second device.

Yubico Developer Program

The Yubico Developer Program is designed to enable integration of strong authentication to support Yubico hardware within web and mobile applications. Those who sign up will have access to developer resources including workshops, webinars, implementation guides, reference code, and SDKs. Those interested in FIDO2 can sign up to receive early access to Yubico resources to aid in implementations of the FIDO2 open authentication standard. Organizations can sign up here to begin receiving updates on the Yubico Developer Program and early FIDO2 materials from Yubico.

The Security Key by Yubico is available for $20 at the Yubico online store.  To learn more about Yubico and the company’s products and ecosystem, please visit www.yubico.com.

 

About Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

Yubico is a leading contributor to the FIDO2WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

Press RoomPress Room

Ronnie Manning

Chief Marketing Officer
Yubico
ronnie@yubico.com

Contact RonnieContact Ronnie

Share this article:


  • CEO Corner: Wrapping up a strong year, and looking ahead to 2025 and beyondIt’s no secret that 2024 was a big year of growth for Yubico, highlighted across many notable achievements by our team and increasing demand from our customers. As discussed in my previous post, following a transformative year driven by key cybersecurity trends like passkeys and AI, the year culminated in the significant step of Yubico […]Read moreCEOEarningsMattias Danielsson
  • The rise of AI-driven phishing attacks: What to know and how to be secureAs businesses continue learning the benefits that artificial intelligence (AI) assisted computing tools provide, we’re continuing to see rapid interest and adoption of the technology – especially within the enterprise. Most conversations up until recently have revolved around ChatGPT, but now another new AI-powered large language model tool – DeepSeek – is creating a lot […]Read more
  • Works with YubiKey Spotlight: Expanded partnerships redefining phishing-resistance in 20252024 was an exciting year for Yubico and our partners. Together, we achieved remarkable milestones, launching innovative solutions and forging stronger partnerships – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart of these efforts lies a shared commitment to phishing-resistance.  From registration to […]Read moreWorks with YubiKeywwyk
  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions