What is Yubico?
Yubico is a pioneer in modern cybersecurity, specializing in secure authentication and digital identity solutions. It is also a co-creator and contributor to the development of the open authentication standards, including FIDO2/WebAuthn/passkeys, and the earlier FIDO Universal 2nd Factor (U2F) protocol.
Yubico’s solutions help to secure identities, enabling businesses and consumers to stay protected in the digital world. Our flagship solution, the YubiKey, is used by individuals, businesses, and organizations worldwide to safeguard personal and corporate digital accounts against modern cyberattacks, such as phishing and account takeovers, including those driven by Generative AI and Agentic AI.
The YubiKey is a hardware security key that enables the most secure passkey-based authentication. It replaces legacy authentication methods, such as passwords and shared secrets (e.g., SMS and OTP), with modern authentication based on public key cryptography and human presence, verified through tap or touch.
Yubico solutions are deployed in more than 160 countries and are used by many of the world’s largest technology companies, enterprises, and public sector organizations. These include 19 of the top 20 global technology firms, 18 of the top 20 AI companies, 9 of the top 10 global financial services organizations, 8 of the top 10 global media organizations, and 8 of the top 10 global retail organizations. Yubico has been at the forefront of security innovation with groundbreaking multi-factor authentication (MFA) technology in the form of hardware passkeys—YubiKeys. This has made it easier than ever before for security conscious organizations to adopt modern MFA at scale against the backdrop of increasing phishing attacks which are supercharged by AI.
What is a YubiKey?
Yubico’s flagship product the YubiKey, is a hardware security key that enables the most secure passkeys, storing up to 100 passkeys per device. It helps organizations eliminate passwords and outdated authentication methods. With fast and easy access to digital accounts, YubiKeys secure the workforce and end customers with a user-friendly experience—minimizing friction and operational overhead while ensuring cyber resilience and business continuity in an era of increasingly intelligent and fast-paced threats. The YubiKey is the foundation and a piece of critical infrastructure that protects other critical infrastructure. Yubico solutions, including the YubiKey, makes every identity interaction provable, auditable, and resilient.
The YubiKey provides phishing-resistant multi-factor and passwordless authentication. Unlike passwords or authenticator apps, a YubiKey stores cryptographic credentials on a secure element chip that never exposes secrets to the network.
To authenticate, users insert the YubiKey via USB or use NFC, then confirm their presence with a tap or touch. The YubiKey uses public-key cryptography to verify identity without transmitting shared secrets, making it resistant to phishing, credential theft, and attacker-in-the-middle (sometimes called man-in-the-middle attacks) attacks.
A single YubiKey supports multiple authentication protocols, including FIDO2/WebAuthn/passkeys for modern passwordless login; FIDO U2F for legacy two-factor authentication, PIV smart card for certificate-based enterprise access, OTP for one-time passwords; and OpenPGP for encryption and signing.
Why modern authentication matters now
Attackers are increasingly using Generative Artificial Intelligence (AI) to launch more dangerous and sophisticated phishing attacks, enabling advanced and highly targeted phishing campaigns at tremendous speed and scale. Generative AI accelerates and automates key stages of the attack lifecycle, compressing processes that once took days or weeks into a matter of minutes. Looking ahead, Generative AI may further amplify the effectiveness of emerging threats, including quantum-based cyberattacks.
Cyber threats are evolving faster than traditional defenses can keep pace. While Generative AI does not yet fully automate attacks, it significantly enhances attackers’ ability to research targets, personalize messages, and scale campaigns. Industry reports indicate malicious email volumes have surged over the past year, and continue to rise.
The numbers highlight the challenge According to the 2025 Global State of Authentication Report, 60% of people still use usernames and passwords for personal accounts and 56% do so for work accounts. Even more concerning, 41% trust SMS-based authentication — a method that CISA, the FBI, and multiple state governments now explicitly warn against, recommending it only for low-risk accounts.
The gap between perception and reality is alarming: 84% of employees believe their company’s cybersecurity is adequate, even though security measures often vary by role, leaving entry points for attackers to exploit. Meanwhile, 45% of people who have never used a passkey report that they are simply unaware of the technology.
What problems does Yubico solve?
Most attackers don’t break in — they log in. Organizations invest billions in network security and breach detection, yet many still rely on legacy passwords and authenticator apps that modern attackers can easily bypass.
Passwords are no longer sufficient. Generative AI can crack 51% of common passwords in less than a minute and 71% within a day, while legacy mobile solutions such as SMS, OTP and push notification apps remain vulnerable to interception and abuse. (Source)
Securing user identities against cyber threats, including those supercharged by AI, requires protecting the entire user lifecycle across digital environments. To make trust portable across different devices, auditable and privacy preserving, organizations must adopt phishing-resistant authentication from onboarding through offboarding. Yubico exists to rethink identity security to defeat modern threats by creating a trusted digital identity for every user and driving cyber resilience and business continuity with phishing-resistant passwordless authentication.
Quantum computers will break today’s cryptography. Yubico has already demonstrated next-generation PQC algorithms (ML-DSA) on YubiKey hardware — building the bridge before most vendors have started planning.
The EU mandates digital identity wallets by late 2026. Yubico created the wwWallet — the most tested and interoperable solution in the EU Large Scale Pilot Programs — built on YubiKey-backed passkeys for true phishing resistance.
With Yubico and YubiKeys:
Every user is part of the attack surface and Yubico secures the range of internal employees and 3rd party external users across a range of business scenarios.

Stopping account takeovers: YubiKeys eliminate vulnerabilities that enable credential-based attacks. Secrets do not leave the hardware device and cannot be phished, cloned, or intercepted. Organizations using YubiKeys report up to a 99.99% reduction in credential-based threat risk.
Reducing IT support burden: Password resets and account lockouts consume IT resources and frustrate users. YubiKeys simplify authentication to a single tap. Google reported 92% fewer IT tickets after deploying YubiKeys companywide. Organizations typically see up to 90% reduction in help desk tickets.
Enabling strategic security initiatives: YubiKeys provide the high-assurance authentication required forZero Trust architectures, passwordless deployments, and regulatory compliance.
Yubico helps organizations create phishing-resistant users — not just phishing-resistant authentication. Every employee, regardless of role, is a potential target. Research consistently shows that the most breaches involve a non-malicious human element, such as clicking a malicious link or unknowingly sharing credentials.
How does YubiKey authentication work?
YubiKey authentication is based on public-key cryptography. When a YubiKey is registered with a service, the device generates a unique public-private key pair. The private key remains securely stored within the YubiKey’s secure element and never leaves the device.
When a user logs in, the service sends a cryptographic challenge. The YubiKey signs this challenge with the private key stored on the device. The service verifies the signature using the stored public key. If the signature is valid and you touched the device (proving physical presence), authentication succeeds.
This approach eliminates the shared secrets that make passwords and SMS codes vulnerable. There is no password to steal, no code to intercept, and no way to remotely impersonate the user without physical possession of the YubiKey.
How it works: The Power of Physical Presence
- Insert or Tap: The user inserts the YubiKey into a USB port or taps it against an NFC-enabled device.
- Physical Touch: A simple touch on the gold sensor proves the user’s physical presence. This action cannot be triggered remotely by an attacker.
- Cryptographic Verification: The YubiKey automatically verifies the legitimacy of the service before completing authentication, preventing phishing attacks and blocking fraudulent sites from capturing sensitive information.
Who uses Yubico?
Global technology leaders: YubiKeys are trusted by many of the world’s largest technology companies, including Google, which has reported zero successful phishing attacks on employee accounts since mandating YubiKeys in 2017.
Enterprises: T-Mobile deployed YubiKeys companywide in nine months to stop phishing attacks. Hyatt leveraged passwordless to reduce risk & elevate the guest experience. Okta rolled out YubiKeys to their entire 6,000+ global workforce using FIDO Pre-reg as part of YubiKey as a Service.
- 18 of the top 20 AI companies
- 9 of top 10 Financial Services companies
- 19 of top 20 Technology companies
- 8 of top 10 Media companies
- 8 of top 10 Retail companies
- 6 of top 10 Telecom Services companies
- 5 of top 10 Oil and Gas companies
From Forbes Global 2000, excluding Chinese owned)
Trusted by nineteen of the top twenty global technology companies and global critical infrastructure organizations, Yubico remains the recognized leader in phishing-resistant, passwordless authentication. Manufactured in the USA and Sweden, all products benefit from a secure, high-integrity supply chain designed for a Zero-Trust world.
“We’ve made YubiKeys a standard part of how we protect OpenAI employees.” — Dane Stuckey, CISO, OpenAI
“Folks that aren’t really computer savvy are able to register so quickly, so painlessly, and then begin using their YubiKey so effortlessly and instantaneously—that’s an easy win for us” — Art Chernobrov, AVP of Identity, Hyatt
“The reason we went on this security journey to secure T-Mobile companywide is because we had cybersecurity challenges in the past and we finally put our foot down and said, no more, it’s over” — Jeff Simon, CIO, T-Mobile
“Afni received insurance at a 30% decrease from its previous level. When I’m going down by a third and others are going up by 20% or higher, that’s a really big win. In fact, I estimate our premiums are nearly half of what others are having to pay.” —Brent Deterding, CISO, AFNI
“Our aim was to eliminate account takeovers by adopting stronger MFA. Adopting YubiKeys has made it easy for us to continuously move our authentication strategy forward. Our goal is to enable passwordless authentication for all users in the future.” —Mr. Daisuke Okamoto, IT Platform Division, Mitsubishi Electric Digital Innovation
Public sector: Federal civilian agencies, Department of Defense, and state and local governments useFIPS-validated YubiKeys to meet Zero Trust mandates and protect critical infrastructure.
Regulated industries: Financial services, healthcare, pharmaceuticals, energy, and manufacturing organizations deploy YubiKeys to meet compliance requirements, protect sensitive data, and secure critical operations.
What are the benefits?
Total Economic Impact™ (TEI) of Yubico YubiKeys
The results of a commissioned Total Economic Impact™ (TEI) of Yubico YubiKeys study conducted by Forrester Consulting highlights further the benefit of YubiKeys. The study, comprised of interviews with global enterprises with over 5,000 employees, found that a composite organization based on interviewed customers achieved a 265% return on investment (ROI), an8-month payback period, 90% reduction in support incidents and a net present value (NPV) of $5.3 million over three years by replacing traditional multi-factor authentication (MFA) and one-time passwords (OTPs) with phishing-resistant YubiKeys.
- Goodbye, Password Reset Tickets: The study found $476,000 in savings just by eliminating the help desk tickets that pile up when employees lose access to mobile apps or forget their passwords.
- Faster Workdays: We often think of security as a speed bump. However, the TEI study showed that users authenticated 80% faster with YubiKeys than with legacy MFA. For the composite organization of 5,000 employees, that added up to $2.2 million in productivity value.
- Operational Peace of Mind: By removing the “human error” variable from phishing, organizations saved $912,000 in labor by avoiding the investigation of addressable credential-based attacks.
“Yubico is easy to work with. They had the ability to deliver at the scale and velocity we needed.” – Senior manager, cybersecurity, telecom services
“Account takeovers have not happened since we rolled everybody over to YubiKeys.” – General director of information assurance, transportation
“After acquiring YubiKeys to deploy to all our employees, we sought to have it so that their first login would be through a pre-enrolled YubiKey. FIDO Pre-reg satisfied the phishing-resistant requirement and satisfied the goal to be 100% passwordless all in one.” – Principal identity engineer, technology
“Not only do YubiKeys make us more secure, but they also make it easier for our staff and they are cost-effective. We are going to be 99.99% phishing resistant.” – Director of information technology and cybersecurity, government
“If we protect these identities and restrict their usage to FIDO2, it really reduces the attack surface. It is affordable for your partners. You can build it into your contracts and offset that cost. Yubico ships globally and they will handle logistics. No partner wants to be the reason that your customer data got out.” – Senior manager, cybersecurity, telecom services
“Our CEO stated that we are going to be 100% phishing resistant and passwordless. We had to look for what could help us achieve passwordless for the full employee lifecycle and what was 100% phishing resistant. The only solution that fit the bill was YubiKeys.” – Principal identity engineer, technology
“YubiKeys are phishing-resistant. They provide the strongest layer of authentication we can offer our clients.” – Director of client authentication, financial services
“YubiKeys are a fiscally responsible way to increase your cybersecurity posture.” – Director of information technology and cybersecurity, government
“With cybersecurity incidents rising and the climate getting worse, we needed to do everything we could to protect our customer information and data.” – Senior manager, cybersecurity, telecom services
How is a Yubico YubiKey different from an authenticator app?
Phishing resistance
Authenticator apps (OTP-based) generate codes that can be phished in real-time. An attacker who tricks a user into entering a code on a fraudulent site can use it immediately.
YubiKeys using FIDO2/WebAuthn/passkeys perform origin-bound cryptographic authentication. The authentication request is tied to the legitimate site’s domain, making phishing attacks significantly more difficult.
Device independence
Authenticator apps typically run on a mobile device, creating a dependency on the device’s security and availability. If that device is lost, stolen, or compromised, authentication may also be at risk.
A YubiKey is a separate hardware authenticator, independent of a phone or operating system and can be used across multiple devices (laptops, desktops, mobile).
No shared secrets
Authenticator apps rely on shared secrets (seed values) stored by both the service and the app . If a service is breached, those shared secrets may be exposed.
In contrast, YubiKeys using FIDO2/WebAuthn/passkeys, generate unique public-private key pairs for each service, eliminating shared secrets and reducing the risk of credential reuse across accounts .
Offline capability
Authenticator apps can generate OTPs offline, but authentication still requires the service to verify the code, which typically involves a connected system. YubiKeys work completely offline, making them suitable for air-gapped networks, manufacturing floors, and mobile-restricted environments.
What is YubiKey as a Service?
To make it easy to deploy passwordless authentication at scale to secure digital identities against modern AI-driven threats, Yubico offers YubiKey as a Service for fast and frictionless deployment of enterprise-grade security that moves at customer speed.
With YubiKey as a Service, organizations can benefit from simple and scalable global deployments of YubiKeys for their workforce, supply chain, and end customers. YubiKey as a Service offers customers opex pricing, replacement stock, discounts on additional YubiKeys, a dedicated Customer Support Manager and priority customer support, all for less than the price of a cup of coffee per month.
Customers also have access to turnkey Enrollment and Delivery services that help IT get users quickly onboarded with YubiKeys to fast track to phishing-resistance and then get YubiKeys to end users across the world, including corporate and residential addresses. Users can even experience self-service ordering of YubiKeys, giving them the freedom to choose their preferred form factor and have the keys shipped to their preferred address anytime they need. YubiKey as a Service customers receive continual enhancements to available and new services assuring a smart and future-proofed security investment.
YubiKey as a Service provides global logistics, pre-registration, IDV, backup provisioning, and a team of dedicated professional services and customer success experts. More than a third of the Fortune 500 already trust Yubico to deliver reliably, at speed and scale.
What is YubiHSM?
YubiHSM 2 is a compact, USB-based hardware security module (HSM) designed to protect cryptographic keys used by services, applications, and other computing systems. It is the world’s smallest HSM.
YubiHSM 2 is designed for teams securing cryptographic operations for PKI infrastructure, IoT device authentication, cloud workloads, and bring-your-own-key (BYOK) scenarios. It supports secure key generation, signing, wrap/unwrap operations, and attestation.
The YubiHSM also comes in a FIPS-validated version, and meets the latest FIPS 140-3 validation requirements.
What industries does Yubico serve?
The mission of Yubico is to create a safer digital world for all. We’ve helped thousands of organizations across a variety of industries globally. The importance of deploying hardware passkeys and cryptographic protection in the age of AI-driven threats impacts every industry ranging from critical infrastructure – global government institutions, financial services, utilities, telecommunications, manufacturing and more– all the way down to everyday citizens.
Global government cities and institutions: Global government cities and institutions use the YubiKey to strengthen their cyber posture and protect their national security. As an example the City of Munich protects itself from cyber attacks with YubiKeys, along with other global government institutions,
US Public Sector: Federal civilian agencies, and state and local governments deploy FIPS-validated YubiKeys to meet phishing-resistant and Zero Trust mandates.
US Federal civilian agencies: Meet OMB 22-09 and Zero Trust mandates; extend secure access to contractors and BYOD for non PIV/CAC (Smart Card) eligible users and use cases such as mobile and personal devices, privileged users, SCIFs and air-gapped networks, office and field workers, and citizen-facing digital services. The YubiKey that is FIPS-validated and provides phishing-resistant MFA that meets the highest-assurance authenticator level AAL3, supports derived credentials, and with multi-protocol support for Smart Card (PIV/CAC) and modern FIDO authentication protocols for federal.
Department of Defense: Meet phishing-resistant MFA in NSM-8, Zero Trust and highest-assurance modern authentication for modern DoD use cases such as non-eligible employees and contractors, privileged users, mobile and personal devices, SCIFs and air-gapped networks and office workers. The YubiKey that is FIPS-validated and phishing-resistant MFA that meets the highest-assurance authenticator level AAL3, supports derived credentials, and with multi-protocol support for Smart Card (PIV/CAC) and modern FIDO authentication protocols.
State and local government: Protect elections, public services, and remote/hybrid workers with phishing-resistant multi-factor and passwordless authentication that meets Zero Trust and cyber insurance mandates. Ideal for users that can’t, don’t or won’t use mobile-based authenticators. With the YubiKey state and local governments experience easy-to-deploy MFA with union-friendly, non-mobile formats.
Federal System Integrators: Use YubiKeys to meet federal contractor standards (CMMC, NIST); avoid supply chain risk. Multi-protocol MFA and secure delivery in air-gapped environments for IT and OT environments, helping FSIs stay in federal compliance and drive new federal contracts.
K–12 & Higher Ed: With scalable, affordable YubiKeys that provide high security and the best user experience to meet MFA mandates and secure access across staff, faculty, and students in education.
Financial Services: Banks, capital markets firms, and insurance companies use YubiKeys to combat high breach costs ($5.90M average), secure call centers, hybrid employees, high -risk transactions, customer data, retail and commercial banking customer accounts, and meet evolving MFA regulations.
Technology: High Tech companies are the single most targeted industry for cyberattacks. Bad actors are relentlessly trying to acquire technological IP – patents, code, trade secrets, and strategic plans. Yubico can help tech organizations stay agile without sacrificing strong security.
Manufacturing: Remote access, smart technology and the Industrial Internet of Things (IIoT) introduce new cybersecurity vulnerabilities in the manufacturing industry already ripe with compromised credentials from phishing and ransomware. The manufacturing industry is vital to everyday life and impacts an array of sectors critical to daily operations (i.e. high-tech, retail, machinery, medical, energy, transportation and more). Cyber attacks can range from theft of the IP for financial extortion or corporate espionage. Manufacturing organizations implement phishing-resistant authentication with the YubiKey and cryptographic protection using the YubiHSM as a first-line defense to secure access to protect critical data, IT and OT environments. The YubiKey provides a durable IP68-certified, multi-protocol security key to secure user access to IT and OT systems (i.e. SCADA) whether in harsh industrial factory floors or corporate environments; and cryptographic protection via YubiHSM to protect servers and devices. Yubico solutions enable manufacturers to deploy solutions that protect legacy systems as well as cloud-based modern systems with cryptographic protection.
Telecommunications: Ransomware, Generative AI-driven phishing, attacker-in-the-middle (AitM) attacks, SIM swapping, credential reuse continue to create widespread damage for telcos. Leverage the YubiKey for phishing-resistant authentication and passwordless, to secure access for anyone, anywhere including critical systems used to support voice and data services including wired and wireless phone, satellite, cable and Internet services. Where people can’t, won’t, or don’t use mobile phones, YubiKeys provide always-available phishing-resistant authentication, even when servicing remote locations.
Insurance: Reduce phishing attacks and account takeovers, secure customer data and meet evolving MFA regulations. Hardware-based MFA, with YubiKeys, that stops cyber threats and reduces password-related help desk support costs for insurance organizations.
Healthcare: Hospitals and health systems protect patient data in HIPAA-regulated, mobile-restricted, and shared-use environments using YubiKeys.
Pharmaceuticals: Safeguard R&D, IP, and manufacturing operations across global sites. With Yubico we provide portable MFA and HSM-backed crypto tools for clean rooms, labs, and partners. YubiKeys help close the cyber threat gap across pharmaceutical organizations, uniting security and digital transformation with phishing-resistant multi-factor and passwordless authentication.
Critical Infrastructure: Sectors like energy, manufacturing, telecom, and other critical infrastructure organizations deploy durable multi-protocol YubiKeys (IP68-certified) to secure user access to IT and OT systems whether in harsh industrial factory floors or corporate environments; and cryptographic protection via YubiHSM to protect servers and devices. Yubico solutions meets you where you are to help manage legacy systems.
Energy and natural resources: The critical nature of these services (heat, electricity, fuel, etc.) make energy organizations a top target for cyber attacks. With the highly durable YubiKey, it provides phishing-resistant authentication that moves with the user across devices, systems and locations (i.e. wind, and solar farms, offshore drilling and office environments.) The YubiKey complements Smart Cards to secure access in across locations like air-gapped networks and with the YubiHSM secure servers and devices.
Retail & hospitality: Retail and hospitality organizations deploy YubiKeys to secure point-of-sale access, protect shared workstations and POS devices, and meet PCI DSS 4.0 strong authentication requirements. YubiKeys are used in environments where phones are prohibited or impractical, providing phishing-resistant authentication without device dependency.
What products does Yubico offer?
Yubico offers a range of hardware security keys, enterprise services, and software tools.
Hardware
- YubiKey 5 Series for enterprise multi-protocol authentication
- Including the Enhanced PIN Edition for use cases with greater compliance needs
- YubiKey Bio Series for fingerprint login
- YubiKey 5 FIPS Series for government and compliance use cases
- YubiKey 5 CCN Series for the Spanish public sector market
- * there is no collaboration, affiliation, endorsement, or any other formal relationship with the Centro Criptológico Nacional.
- Security Key Series for FIDO-only use cases
- Inc Enterprise Edition for pin complexity requirements
- YubiHSM 2 for cryptographic key protection in servers
- Also available in a FIPS validated form
Services
- YubiKey as a Service an industry-first cybersecurity service that fast tracks organizations to strong phishing resistance and passwordless at scale. YubiKey as a Service provides access to turnkey Enrollment and Delivery services that help IT get users quickly onboarded with YubiKeys.
- YubiKey as a Service–Delivery for turnkey global delivery of YubiKeys—whether IT-led or through user self-service
- Delivery–Self-service Ordering: Empowering end users to request YubiKeys via self-service and shipping directly to the address of their choice.
- YubiKey as a Service–Enrollment to enroll YubiKeys on behalf of users in multiple ways for fast user onboarding of YubiKeys and adoption. Enrollment– FIDO Pre-reg: Available exclusively through YubiKey as a Service, FIDO Pre-Reg enables organizations to create phishing-resistant users at speed and scale. YubiKeys are pre-activated using FIDO standards, allowing users to go passwordless without manual setup or enrollment.
- White Glove Service for hands-on support
- YubiKey as a Service–Customer Portal an intuitive, centralized web dashboard to streamline YubiKey deployment and management, giving IT teams instant oversight into inviting users to order keys, inventory, shipments, delivery and much more.
Software
- Yubico Authenticator for managing one-time passwords
- YubiKey Passkey Enabler Passkey authentication for your Android device for quick tap-and-go security
- Developer tools for building YubiKey integrations
Frequently asked questions
YubiKeys help organizations meet authentication requirements across industries and regulatory frameworks.
Government
- FIPS 140-3 validated (Certificate #5291) — the hardware standard for federal and regulated industries. Meets NIST AAL3, the highest authentication assurance level.
- Supports Zero Trust mandates including OMB 22-09, Executive Order 14028, and NSM-8
- CCN certification
Financial Services
- PCI DSS 4.0 strong authentication requirements
- NYDFS Cybersecurity Regulation
- SOX access controls
Healthcare
- HIPAA authentication safeguards
- HITECH security provisions
International
- NIS2 (EU) multi-factor authentication requirements
- GDPR data protection and access control requirements
Critical Infrastructure
- Essential Eight
- IEC 62443
Retail and Hospitality
- PCI DSS 4.0 strong authentication requirements
Yubico provides step-by-step setup guides at yubico.com/setup. Setup typically involves registering your YubiKey with each service you want to protect. Most take under two minutes per service.
YubiKeys work out-of-the-box with over 1000 applications and services including Google, Microsoft, Apple, Amazon, Meta, X (Twitter), GitHub, Dropbox, 1Password, LastPass, Salesforce, and many more with no additional software required.. Native partnerships with Microsoft, Okta, Ping, and Google at the engineering level. The full list is available in the Works with YubiKey catalog.
Yes. YubiKeys support FIDO2/WebAuthn, the passkey standard. YubiKeys store device-bound passkeys on a hardware secure element. Unlike synced passkeys (which are encrypted and synchronized across devices through cloud services like iCloud Keychain or Google Password Manager), device-bound passkeys cannot be extracted, copied, or compromised through cloud account takeover — providing the highest level of protection for any user, compliance requirements, and Zero Trust architectures.
Microsoft Entra ID works seamlessly with YubiKeys to deliver secure, scalable access that resists phishing, eliminates passwords, and adapts to enterprise risk. this hardware-backed approach builds trust into every login — from first tap to final audit — to grant access to thousands of SAML- and OIDC-connected workflows that fit any enterprise deployment scenario. YubiKeys provide unmatched protection with the following differentiation points: privileged access, compliance, and recovery. Microsoft has made passwordless incredibly accessible. We help organizations implement the complete Entra ID architecture by leveraging their native support for hardware keys in privileged scenarios. Most organizations use Microsoft’s software solutions for general users and YubiKeys for high-risk access—all managed through the same Conditional Access infrastructure.
Yubico recommends registering a backup YubiKey with your accounts. If you lose your primary key, you can authenticate with your backup and remove the lost key from your accounts. Most services also offer recovery codes or alternative recovery methods. For enterprises, YubiKey as a Service includes replacement options.
YubiKeys have no batteries, no moving parts, and are built to last. They are water-resistant, crush-resistant, and designed to withstand years of daily use. Many users report YubiKeys lasting 10+ years.
No. YubiKeys are powered by the device they plug into (USB) or by the NFC field from your phone. They work completely offline, making them suitable for air-gapped environments and areas with limited connectivity.
It depends on your devices and use case. Yubico offers a quiz to help you choose the right YubiKey, or you can compare models directly.