Flexible YubiKey licensing for large organizations
YubiKey 5 NFC FIPS
YubiKey 5 NFC FIPS
Yubico recommends a spare key
Why is a spare key so important?
It’s best practice to keep at least one spare YubiKey in case your primary is lost or stolen. Having a spare key gives you the assurance that you will not be without access to critical accounts when you need them most. No need to fear being locked out of any accounts, and no need to go through a lengthy recovery and identity verification process to recover them.
Please note that to register your spare key you will need to follow the same process as registering your primary key. Not all services support registering multiple YubiKeys. More information: yubico.com/spare.
About this product
- FIPS 140-2 validated (Overall Level 2, Physical Security Level 3)
- The simplest, most effective way to protect your users such as employees against account takeovers
- Deliver an intuitive user experience with a hardware-backed security key that's easy to set up, deploy, and use
- Increase organizational security and reduce helpdesk tickets for password reset or account lockout
The YubiKey 5 FIPS Series is a hardware based authentication solution that provides superior defense against phishing, eliminates account takeovers, and enables compliance requirements for strong authentication. This series of security keys are FIPS 140-2 validated (Overall Level 2, Physical Security Level 3.) and meet authenticator assurance level 3 (AAL3) of NIST SP800-63B guidance.
The YubiKey offers superior security by combining hardware-based authentication and public key cryptography to effectively defend against phishing attacks and eliminate account takeovers. Each key offers multi-protocol support including Yubico OTP, OATH HOTP, U2F, PIV, and OpenPGP. Users have the broadest options for strong authentication including two-factor and multi-factor authentication.
Easy, Fast and Reliable
The YubiKey provides a simple and intuitive authentication experience that users find easy to use, ensuring rapid adoption and organizational security. With authentication speeds up to 4X faster than OTP or SMS based authentication, the YubiKey does not require a battery or network connectivity, making authentication always accessible.
Reduce IT Operational Costs
The ease of use and reliability of the YubiKey is proven to reduce password support incidents by 92%. This was documented in a research paper by Google, describing the Google employee rollout to more than 70 countries. Deployments are faster and cost less with the YubiKey’s industry leading support for numerous protocols, systems and services.
Modern Authentication from the Industry Leader
The YubiKey is the trusted secure authentication choice for the largest technology, finance, and retail companies in the world. This includes 9 of the top 10 technology companies, 4 of the top 10 US banks, and 2 of the top 3 global retailers. Companies including Google, Facebook, Salesforce and thousands more trust the YubiKey to protect account access to computers, networks and online services.
Meet Compliance Requirements
The YubiKey FIPS Series enables government agencies and regulated industries to meet authenticator assurance level 3 (AAL3) requirements from the new NIST SP800-63B guidance.
|Government Certified||FIPS 140-2 Validated (AAL3) of NIST SP800-63B guidance|
|Multi-Protocol||Support for WebAuthn, FIDO U2F, FIDO2 Passwordless, smart card (PIV), Yubico OTP, OATH-TOTP, OATH-HOTP, and Challenge-Response|
|Configurable||Easily configure multiple protocols across computers, networks, and online applications and services|
|Broad Ecosystem||Deploy instantly with Centrify, Ping, Okta, Google and more|
|Easy to Use||No battery or network connectivity required, users simply insert and tap to authenticate|
|Trusted Partner||The YubiKey is deployed and loved by 9 of the top 10 internet brands and by millions of users|
|Authentication Methods||Strong Two Factor, Strong Multi-Factor|
|Identity & Access Management||AWS Identity and Access Management (IAM), Centrify, Duo Security, Google Cloud Identity, Microsoft Active Directory, Microsoft Azure AD, Okta, Ping Identity|
|Productivity & Communication||Google Account, Microsoft account, Salesforce.com|
|Password Managers||1Password, Keeper®, LastPass Premium, Bitwarden Premium|
|Function||WebAuthn via Universal 2nd Factor (U2F) and CTAP1, FIDO2 CTAP2, Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), Secure Static Password, OpenPGP|
|Certifications||FIPS 140-2 Certification, FIDO Universal 2nd Factor (U2F) Certified, FIDO 2 Certified|
|Cryptographic Specifications||RSA 2048, ECC p256, ECC p384|
|Design & Durability||IP68 rated, Crush Resistant, No Batteries Required, No Moving Parts|
|Device Type||FIDO HID Device, CCID Smart Card, HID Keyboard|
|Manufacturing||Made in USA and Sweden|
Frequently Asked Questions
|I want to make a bulk order for my business, how can I do that?||The Yubico website has trays of 10 & 50 on the online store. If you are looking to make a purchase of over 500 keys, it is recommended to connect with one of our solutions experts. Click here to contact sales.|
|Do I need the FIPS key to secure my organization?||FIPS stands for Federal Information Processing Standard. The FIPS key is primarily used for companies working in or with regulated industries, usually federal or government agencies. If you do not work in a federal or government space that requires the FIPS 140-2 certification then it is not necessary for your organization. FIPS is a security certification that meets strict security standards. Click here to learn more.|
|Do you provide co-branded YubiKeys?||Yes, we do! However concerning production efforts, we do have an order quantity minimum of 300 YubiKeys for co-branding opportunities.|
|Does the YubiKey FIPS work with Windows Hello?||At this time, the YubiKey for Windows Hello App is not compatible with YubiKey FIPS series devices. We are looking into options to resolve this. You can use the Windows Logon Tool & Configuration Guide to secure your Windows account.|
|Does the YubiKey work with Active Directory||Yes, the YubiKey can work with Active Directory using the PIV smart card protocol. Vist the Smartcard Deployment guide to set up you YubiKey with Active Directory.|
Have more questions? Contact support