Yubico's key innovations strengthen enterprise security and phishing-resistant passwordless authentication at scale
Major YubiKey 5.7 firmware updates include increased passkey storage capacity and enhanced security, as well as greater flexibility with the launch of Yubico Authenticator 7
SANTA CLARA, CALIFORNIA and STOCKHOLM, SWEDEN, May 6, 2024: today Yubico (NASDAQ: YUBICO), the leading provider of hardware authentication security keys, has announced the upcoming firmware version YubiKey 5.7 for YubiKey 5 Series, Security Key Series and Security Key Series – Enterprise Edition. By focusing on enterprise needs, these updates reinforce Yubico's commitment to delivering secure, simple and scalable authentication solutions. Security keys featuring firmware 5.7 will be available for purchase at the end of May 2024. It will incorporate enhanced features such as increased PIN complexity, enterprise attestation and extended passkey credential storage. These updates enable enterprises to adopt modern passwordless authentication first, thereby promoting phishing-resistant usage worldwide.
As part of Yubico's objective to help organizations raise the bar on security with greater flexibility, the company also announced the launch of Yubico Authenticator 7. This will support the upcoming YubiKey 5.7 features.
"Companies continue to face an unprecedented increase in the variety and complexity of cyber threats, often fueled by compromised employee login credentials resulting from attacks such as phishing. This trend is exacerbated by the ever-increasing use of artificial intelligence (AI)," said Jeff Wallace, Senior Vice President of Products at Yubico. "We are delighted to continue offering cutting-edge solutions that protect businesses and accelerate their transition to passwordless authentication, thanks to the latest YubiKey updates designed for them. We are confident that businesses are now better equipped than ever to enforce compliance requirements and strengthen security within their organizations."
YubiKey 5.7: companies accelerate their transition to passwordless authentication
To help businesses meet this challenge, the key updates and improvements made to the YubiKey 5 Series and the Security Key Series* include the following:
- Increased PIN complexity for all YubiKey applications
- Block simple patterns and common PINs at the hardware level to ensure compliance with NIST requirements and upcoming corporate obligations. This includes FIDO2, PIV and OpenPGP.
- Company certificate
- Enable enterprises to enforce the use of YubiKeys they have purchased through custom-programmed keys with enterprise attestation. In collaboration with identity providers, this feature can also facilitate the retrieval of unique identifiers during FIDO2 registration in order to streamline asset tracking and account recovery.
- FIDO2 improvements
- Enable enterprises to enforce compliance requirements and strengthen security measures related to PIN usage. YubiKey 5.7 implements the Client-to-Authenticator Protocol (CTAP) 2.1, incorporating the latest features of the FIDO2 protocol, including Force PIN Change and Minimum PIN Length.
- Extended passkey and passwordless storage
- Provide sufficient storage capacity to meet authentication needs while maintaining strict security standards. More storage for detectable FIDO2 credentials (passkeys) and OATH one-time passwords: support for 100 passkeys, 24 PIV certificates, 64 OATH Seeds, and 2 OTP Seeds simultaneously, for a total of 190 credentials.
- Extension and improvement of public key algorithms for PIV applications
- Align with the requirements of the United States Department of Defense memo and offer advanced key management functions, thereby improving flexibility for businesses through support for larger RSA keys (RSA-3072 and RSA-4096), as well as Ed25519 and X25519 key types.
- Migration to the Yubico cryptographic library
- Yubico has developed an in-house library that performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.
"The new features in version 5.7 enable businesses to streamline strategic processes such as asset tracking and account recovery, while enhancing flexibility," explains Mr. Wallace. "These updates allow businesses to leverage the latest authentication tools and advancements to develop specific strategies. The goal: to ensure phishing-resistant users and reduce phishing threats for employees, external identities and customers."
The capabilities of the new YubiKey 5.7 also align with recent United States requirements, detailed in a memo, regarding the adoption of phishing-resistant MFA. Furthermore, they incorporate advanced key management functions. Compliance with NIST requirements and upcoming corporate obligations is also ensured through the hardware-level enforcement of simple pattern blocking and common PIN restrictions.
*Note: Smart Card/PIV, OATH and OTP features are not available on the Security Key Series and these updates are therefore not applicable. Enterprise attestation is available on the YubiKey 5 Series and Security Key Series – Enterprise Edition. Please refer to this page for more details. Consult this page for more details.
Yubico Authenticator 7: hardware authentication application for desktop computers and mobile devices
Alongside the firmware updates, significant updates to Yubico Authenticator 7 were released today to enable the management of these new features. This new version supports the use of new public key algorithms for PIV, bringing more advanced management options and streamlining the interface for an improved user experience when managing large numbers of credentials. In addition, it provides official support for French and Japanese, as well as additional community-provided translations. The Android edition also benefits from FIDO functionality, with support for PIN management, passkeys, and fingerprint management on mobile devices.
Yubico Authenticator ensures enhanced security. How? By allowing users to store credentials on a hardware key instead of a mobile phone, thereby significantly eliminating the risks posed by remote hackers targeting software authentication applications. Thanks to the YubiKey's strong two-factor hardware authentication (2FA), credentials remain secure and security is reinforced, while offering the convenience of an authentication application.
For more information on Yubico's innovation announcements, visit here. To obtain Yubico's Authenticator 7 application, visit here.