FIDO2 Passwordless authentication

Improved Usability

Use of a hardware-based security key is fast and easy. For FIDO2 supported services, users are freed from having to remember and type passwords.

Strong account security

Replaces weak passwords with strong hardware-based authentication using Private / Public Key (asymmetric) cryptography.

One key to all accounts

A single security key that can work across thousands of accounts with no shared secrets.

FIDO2 – An Open Authentication Standard

FIDO2 is an open authentication standard, hosted by the FIDO Alliance, that consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authentication Protocol (CTAP). CTAP is an application layer protocol used for communication between a client (browser) or a platform (operating system) with an external authenticator such as the YubiKey 5 Series, and Security Key by Yubico. Yubico is a core contributor to the FIDO2 open authentication protocol.

FIDO2 is an extension of FIDO U2F, and offers the same level of high-security based on public key cryptography. FIDO2 offers expanded authentication options including strong single factor (passwordless), strong two factor, and multi-factor authentication. With these new capabilities, the YubiKey can entirely replace weak static username/password credentials with strong hardware-backed public/private-key credentials. These credentials cannot be reused, replayed, or shared across services, and are not subject to phishing and MiTM attacks or server breaches.

FIDO2 Authentication Options

Passwordless Authentication

Strong single factor authentication using a hardware authenticator,  eliminates the need for weak password-based authentication.

Two factor authentication

Strong two factor authentication using a hardware authenticator as an extra layer of protection beyond a password.

Multi-factor authentication

Strong multi-factor authentication using a hardware authenticator and a PIN or biometric, to meet high assurance requirements such as needed for financial transactions and ordering a prescription.

FIDO2 Authenticators

YubiKey 5 Series

The YubiKey 5 Series is a hardware based authentication solution that offers strong two-factor, multi-factor and passwordless authentication with support for multiple protocols including FIDO2, U2F, PIV, Yubico OTP, and OATH HOTP. By offering the first set of multi-protocol security keys supporting FIDO2, the YubiKey 5 Series helps users accelerate to a passwordless future.

Security Key by Yubico

The Security Key by Yubico delivers FIDO2 and FIDO U2F in a single device, supporting thousands of existing U2F two-factor authentication (2FA) services as well as future FIDO2 implementations.