• FIDO2 passwordless authentication

    Improved usability

    Use of a hardware-based security key is fast and easy. For FIDO2 supported services, users are freed from having to remember and type passwords.

    Strong account security

    Replaces weak passwords with strong hardware-based authentication using Private / Public Key (asymmetric) cryptography.

    One key to all accounts

    A single security key that can work across thousands of accounts with no shared secrets.

    FIDO2 – an open authentication standard

    FIDO2 is an open authentication standard, hosted by the FIDO Alliance, that consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authentication Protocol (CTAP). CTAP is an application layer protocol used for communication between a client (browser) or a platform (operating system) with an external authenticator such as the YubiKey 5 Series, and the Security Key Series by Yubico. Yubico is a core contributor to the FIDO2 open authentication protocol.

    FIDO2 is the evolution of FIDO U2F, and offers the same improved level of security based on public key cryptography. FIDO2 offers expanded authentication options including strong single factor (passwordless),  two factor, and multi-factor authentication. With these new capabilities, the YubiKey enables the replacement of weak  username/password credentials with strong hardware-backed cryptographic key pair credentials. These credentials are not shared across services, are resistant to phishing & replay attacks, and with the correct architecture resistant to MiTM attacks.

    FIDO2 authentication options

    Passwordless authentication

    Strong single factor authentication using a hardware authenticator,  eliminates the need for weak password-based authentication.

    Two factor authentication

    Strong two factor authentication using a hardware authenticator as an extra layer of protection beyond a password.

    Multi-factor authentication

    Strong multi-factor authentication using a hardware authenticator and a PIN or biometric, to meet high assurance requirements such as needed for financial transactions and ordering a prescription.

    FIDO2 authenticators

    YubiKey 5 Series

    The YubiKey 5 Series is a hardware based authentication solution that offers strong two-factor, multi-factor and passwordless authentication with support for multiple protocols including FIDO2, U2F, PIV, Yubico OTP, and OATH TOTP. By offering the first set of multi-protocol security keys supporting FIDO2, the YubiKey 5 Series helps users accelerate to a passwordless future.

    Security Key Series by Yubico

    Security Key Series by Yubico delivers FIDO2 and FIDO U2F in a single device, supporting thousands of existing U2F two-factor authentication (2FA) services as well as future FIDO2 implementations.

    FIDO2 advantages

    Strong security

    Replaces weak passwords with strong hardware-based authentication using public key crypto to protect against phishing, session hijacking, man-in-the-middle, and malware attacks. No secrets are shared between services.

    Open standard

    Open standards provide flexibility and product choice. Designed for existing phones and computers, for many authentication modalities, and with different communication methods including USB and NFC.

    Step up authentication

    For services requiring a higher level of authentication security, FIDO2 supports step up authentication allowing use of strong single factor (passwordless), two-factor and multi-factor authentication for additional protection.

    Learn more about FIDO2 for developers.