Hubbry Logo
YubiKeyYubiKeyMain
Open search
YubiKey
Community hub
YubiKey
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
YubiKey
YubiKey
YubiKey
View on Wikipedia
from Wikipedia
First YubiKey USB token of the FIDO standard in 2014

Key Information

The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols[1] developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords.[2] Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts.[3][4][5] Some password managers support YubiKey.[6][7] Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.[8][9][10]

The YubiKey implements the HMAC-based one-time password algorithm (HOTP) and the time-based one-time password algorithm (TOTP), and identifies itself as a keyboard that delivers the one-time password over the USB HID protocol. A YubiKey can also present itself as an OpenPGP card using 1024, 2048, 3072 and 4096-bit RSA (for key sizes over 2048 bits, GnuPG version 2.0 or higher is required) and elliptic curve cryptography (ECC) p256, p384 and more, depending on version,[11] allowing users to sign, encrypt and decrypt messages without exposing the private keys to the outside world. Also supported is the PKCS#11 standard to emulate a PIV smart card. This feature allows code signing of Docker images as well as certificate-based authentication for Microsoft Active Directory and SSH.[12][13][14][15]

Founded in 2007 by former CEO now Chief Evangelist Stina Ehrensvärd, Yubico is a Public company with offices in Santa Clara, CA, Bellevue, WA, and Stockholm, Sweden.[16] Yubico CTO, Jakob Ehrensvärd, is the lead author of the original strong authentication specification that became known as Universal 2nd Factor (U2F).[17]

YubiKey released the YubiKey 5 series in 2018, which adds support for FIDO2.[18]

History

[edit]

Yubico was founded in 2007 and began offering a Pilot Box for developers in November of that year.[19] The original YubiKey product was shown at the annual RSA Conference in April 2008,[20][21] and a more robust YubiKey II model was launched in 2009.[22] Yubico's explanation of the name "YubiKey" is that it derives from the phrase "your ubiquitous key", and that "yubi" is the Japanese word for finger.[23]

YubiKey II and later models have two "slots" available, for storing two distinct configurations with separate AES secrets and other settings. When authenticating, the first slot is used by only briefly pressing the button on the device, while the second slot gets used when holding the button for 2 to 5 seconds.

In 2010, Yubico began offering the YubiKey OATH and YubiKey RFID models. The YubiKey OATH added the ability to generate 6- and 8-character one-time passwords using protocols from the Initiative for Open Authentication (OATH), in addition to the 32-character passwords used by Yubico's own OTP authentication scheme. The YubiKey RFID model included the OATH capability plus also included a MIFARE Classic 1k radio-frequency identification chip,[24] though that was a separate device within the package that could not be configured with the normal Yubico software over a USB connection.[25]

Yubico announced the YubiKey Nano in February 2012, a miniaturized version of the standard YubiKey which was designed so it would fit almost entirely inside a USB port and only expose a small touch pad for the button.[26] Most later models of the YubiKey have also been available in both standard and "nano" sizes.

2012 also saw the introduction of the YubiKey Neo, which improved upon the previous YubiKey RFID product by implementing near-field communication (NFC) technology and integrating it with the USB side of the device.[27] The YubiKey Neo (and Neo-n, a "nano" version of the device) are able to transmit one-time passwords to NFC readers as part of a configurable URL contained in a NFC Data Exchange Format (NDEF) message. The Neo is also able to communicate using the CCID smart-card protocol in addition to USB HID (human interface device) keyboard emulation. The CCID mode is used for PIV smart card and OpenPGP support, while USB HID is used for the one-time password authentication schemes.[28]

In 2014, the YubiKey Neo was updated with FIDO Universal 2nd Factor (U2F) support.[29] Later that year, Yubico released the FIDO U2F Security Key, which specifically included U2F support but none of the other one-time password, static password, smart card, or NFC features of previous YubiKeys.[8] At launch, it was correspondingly sold at a lower price point of just $18, compared to $25 for the YubiKey Standard ($40 for the Nano version), and $50 for the YubiKey Neo ($60 for Neo-n).[30] Some of the pre-release devices issued by Google during FIDO/U2F development reported themselves as "Yubico WinUSB Gnubby (gnubby1)".[31]

In April 2015, the company launched the YubiKey Edge in both standard and nano form factors. This slotted in between the Neo and FIDO U2F products feature-wise, as it was designed to handle OTP and U2F authentication, but did not include smart card or NFC support.[32]

The YubiKey 4 family of devices was first launched in November 2015, with USB-A models in both standard and nano sizes. The YubiKey 4 includes most features of the YubiKey Neo, including increasing the allowed OpenPGP key size to 4096 bits (vs. the previous 2048), but dropped the NFC capability of the Neo.

At CES 2017, Yubico announced an expansion of the YubiKey 4 series to support a new USB-C design. The YubiKey 4C was released on February 13, 2017.[33] On Android OS over the USB-C connection, only the one-time password feature is supported by the Android OS and YubiKey, with other features not currently supported including Universal 2nd Factor (U2F).[34] A 4C Nano version became available in September 2017.[35]

In April 2018, the company brought out the Security Key by Yubico, their first device to implement the new FIDO2 authentication protocols, WebAuthn (which reached W3C Candidate Recommendation status in March[36]) and Client to Authenticator Protocol (CTAP). At launch, the device is only available in the "standard" form factor with a USB-A connector. Like the previous FIDO U2F Security Key, it is blue in color and uses a key icon on its button. It is distinguished by a number "2" etched into the plastic between the button and the keyring hole. It is also less expensive than the YubiKey Neo and YubiKey 4 models, costing $20 per unit at launch because it lacks the OTP and smart card features of those previous devices, though it retains FIDO U2F capability.[9]

Product features

[edit]

A list of the primary features and capabilities of the YubiKey products.[37]

Model Years sold Secure
static
passwords 		OTP standards Smartcards FIDO standards HSM FIPS
140-2
variant 		Interface
OATH
OTP 		Yubico
OTP 		OATH: HOTP
(event) 		OATH: TOTP
(time) 		PIV OpenPGP U2F FIDO2 NFC USB-A USB-C Lightning
YubiKey VIP 2011–2017 Yes Yes
YubiKey Nano 2012–2016 Yes Yes Yes Yes
YubiKey NEO 2012–2018 Yes Yes Yes Yes Yes Yes Yes Yes Yes
FIDO U2F Security Key 2013–2018 Yes Yes
YubiKey Plus 2014⁠–⁠2015 Yes Yes Yes
YubiKey NEO-n 2014–2016 Yes Yes Yes Yes Yes Yes Yes Yes
YubiKey Standard 2014–2016 Yes Yes Yes Yes
YubiKey Edge-n 2015–2016 Yes Yes Yes Yes Yes Yes Yes
YubiKey 4 Nano 2016–2017 Yes Yes Yes Yes Yes Yes Yes
YubiHSM 1 2015–2017 Yes Yes
YubiKey 4 2015–2018 Yes Yes Yes Yes Yes Yes Yes Yes
YubiKey 4 Nano 2015–2018 Yes Yes Yes Yes Yes Yes Yes Yes
YubiKey 4C Nano 2017–2018 Yes Yes Yes Yes Yes Yes Yes Yes
YubiKey 4C 2017–2018 Yes Yes Yes Yes Yes Yes Yes Yes
YubiHSM 2 2017– Yes Available Yes
Security Key by Yubico 2018–2020 Yes Yes Yes
Security Key NFC by Yubico 2019– Yes Yes Yes Yes
YubiKey 5C Nano 2018– Yes Yes Yes Yes Yes Yes Yes Yes Available Yes
YubiKey 5C 2018– Yes Yes Yes Yes Yes Yes Yes Yes Available Yes
YubiKey 5 Nano 2018– Yes Yes Yes Yes Yes Yes Yes Yes Available Yes
YubiKey 5 NFC 2018– Yes Yes Yes Yes Yes Yes Yes Yes Available Yes Yes
YubiKey 5Ci 2019– Yes Yes Yes Yes Yes Yes Yes Yes Available Yes Yes
YubiKey 5C NFC 2020– Yes Yes Yes Yes Yes Yes Yes Yes Available Yes Yes

ModHex

[edit]

When being used for one-time passwords and stored static passwords, the YubiKey emits characters using a modified hexadecimal alphabet which is intended to be as independent of system keyboard settings as possible. This alphabet is referred to as ModHex and consists of the characters "cbdefghijklnrtuv", corresponding to the hexadecimal digits "0123456789abcdef".[38]

Since YubiKeys use raw keyboard scan codes in USB HID mode, there can be problems when using the devices on computers that are set up with different keyboard layouts, such as Dvorak. ModHex was created to avoid conflicts between different keyboard layouts. It only uses characters that are located in the same place on most Latin alphabet keyboards, but is still 16 characters, allowing it to be used in place of hexadecimal.[39] Alternatively, this issue can be addressed by using operating system features to temporarily switch to a standard US keyboard layout (or similar) when using one-time passwords. However, YubiKey Neo and later devices can be configured with alternate scan codes to match layouts that aren't compatible with the ModHex character set.[40]

This problem only applies to YubiKey products in HID mode, where it must emulate keyboard input. U2F authentication in YubiKey products bypasses this problem by using the alternate U2FHID protocol, which sends and receives raw binary messages instead of keyboard scan codes.[41] CCID mode acts as a smart card reader, which does not use HID protocols at all.

Security issues

[edit]

YubiKey 4 closed-sourcing concerns

[edit]

Most of the code that runs on a YubiKey is closed source. While Yubico has released some code for industry standard functionality like PGP and HOTP it was disclosed that as of the 4th generation of the product this is not the same code that the new units ship with.[42][43] Because new units are permanently firmware locked at the factory it is not possible to compile the open source code and load it on the device manually, a user must trust that the code on a new key is authentic and secure.

Code for other functionality such as U2F, PIV and Modhex is entirely closed source.

On May 16, 2016, Yubico CTO Jakob Ehrensvärd responded to the open-source community's concerns with a blog post saying that "we, as a product company, have taken a clear stand against implementations based on off-the-shelf components and further believe that something like a commercial-grade AVR or ARM controller is unfit to be used in a security product."[44]

Techdirt founder Mike Masnick strongly criticized this decision, saying "Encryption is tricky. There are almost always vulnerabilities and bugs -- a point we've been making a lot lately. But the best way to fix those tends to be getting as many knowledgeable eyes on the code as possible. And that's not possible when it's closed source."[45]

ROCA vulnerability in certain YubiKey 4, 4C, and 4 Nano devices

[edit]

In October 2017, security researchers found a vulnerability (known as ROCA) in the implementation of RSA keypair generation in a cryptographic library used by a large number of Infineon security chips, as used in a wide range of security keys and security token products (including YubiKey). The vulnerability allows an attacker to reconstruct the private key by using the public key.[46][47] All YubiKey 4, YubiKey 4C, and YubiKey 4 Nano devices within the revisions 4.2.6 to 4.3.4 were affected by this vulnerability.[48] Yubico remedied this issue in all shipping YubiKey 4 devices by switching to a different key generation function and offered free replacements for any affected keys until March 31, 2019. In some cases, the issue can be bypassed by generating new keys outside of the YubiKey and importing them onto the device.[49]

OTP password protection on YubiKey NEO

[edit]

In January 2018, Yubico disclosed a moderate vulnerability where password protection for the OTP functionality on the YubiKey NEO could be bypassed under certain conditions. The issue was corrected as of firmware version 3.5.0, and Yubico offered free replacement keys to any user claiming to be affected until April 1, 2019.[50]

Reduced initial randomness on certain FIPS series devices

[edit]

In June 2019, Yubico released a security advisory reporting reduced randomness in FIPS-certified devices with firmware version 4.4.2 and 4.4.4 (there is no version 4.4.3), shortly after power-up.[51] Security keys with reduced randomness may leave keys more easily discovered and compromised than expected. The issue affected the FIPS series only, and then only certain scenarios, although FIPS ECDSA usage was "at higher risk". The company offered free replacements for any affected keys.

Infineon ECDSA private key recovery

[edit]

In September 2024, security researchers from NinjaLab discovered a cryptographic flaw in Infineon chips that would allow a person to clone a Yubikey if an attacker gained physical access to it. The security vulnerability permanently affects all Yubikeys prior to firmware update 5.7. Yubico rated the issue as "moderate" citing the need for an attacker to have physical access to the key, expensive equipment, and advanced cryptographic and technical knowledge.[52][53][54]

Social activism

[edit]

In 2018, Yubico gave away free YubiKeys with laser engraved logos to new WIRED and ArsTechnica subscribers.[55]

Yubico provided 500 YubiKeys to protesters during the 2019–2020 Hong Kong protests. The company states the decision was based on their mission to protect vulnerable Internet users and work with free speech supporters.[56][57]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

YubiKey

View on Grokipedia
from Grokipedia
The YubiKey is a series of durable keys manufactured by Yubico to enable phishing-resistant (MFA), passwordless login, and cryptographic operations for protecting access to computers, networks, and online services.
Introduced in 2008, the device supports multiple open standards including FIDO2/ for passwordless authentication, FIDO U2F for second-factor verification, and Yubico's (OTP) protocol, allowing seamless integration with services from providers like , , and .
Yubico, founded in 2007 by Stina Ehrensvärd in with subsequent expansion to the , developed the YubiKey to address vulnerabilities in traditional password-based and SMS-based authentication by embedding tamper-resistant technology in a compact USB, NFC, or form factor.
Certain models achieve certification, meeting stringent requirements for government and enterprise use, while the series has been adopted by major organizations to mitigate account takeover risks without introducing significant user friction.

History

Founding of Yubico and Early Development

Yubico was founded in 2007 in , , by Stina Ehrensvärd and Jakob Ehrensvärd to address vulnerabilities in online , particularly attacks and reliance on weak passwords. The company's initial focus was developing a hardware token for simple, secure one-touch logins without requiring users to remember complex credentials. Stina Ehrensvärd, who served as CEO for 16 years until 2023, drew from personal and professional experiences in security to prioritize usability alongside protection against man-in-the-middle exploits. The inaugural YubiKey device, version 1.0, was designed as a USB-based generator emulating keyboard input for seamless integration with existing systems. Manufacturing began in in 2008, marking the first production of a compact, durable key capable of generating event-based or time-based codes via a proprietary . Early prototypes emphasized tamper resistance and broad compatibility, avoiding software dependencies to minimize attack surfaces. By late 2008, the device supported initial deployments for enterprise and users seeking alternatives to SMS-based two-factor . Development progressed rapidly into 2009–2010, with the release of YubiKey 2.0 featuring a molded monoblock design for enhanced durability against physical wear and environmental factors. This iteration incorporated refinements to the (OTP) protocol, allowing customization of secret keys and configuration slots for varied authentication modes. Early adoption was driven by partnerships with tech communities and validation servers, enabling free personalization services to build ecosystem trust. These advancements laid the groundwork for scalable , prioritizing hardware-bound cryptography over revocable software tokens.

Key Product Releases and Milestones

The first YubiKey device was publicly demonstrated at the RSA Conference in April 2008, introducing one-touch authentication via (OTP) emulation for enhanced user login security. A more durable YubiKey II model followed in 2009, featuring improved hardware robustness while maintaining compatibility with Yubico's validation servers for OTP verification. In 2012, Yubico released the YubiKey NEO, adding (NFC) support for contactless on mobile devices, alongside the compact YubiKey Nano form factor designed for semi-permanent USB port installation. The 2014 launch of the FIDO U2F Security Key marked Yubico's entry into public-key cryptography-based second-factor , certified under the standard to resist attacks without relying on shared secrets. The YubiKey 5 Series debuted on September 24, 2018, as the industry's first multi-protocol security keys supporting FIDO2 and for passwordless login, alongside protocols like OTP, U2F, PIV smart card, and OATH-HOTP/TOTP. Variants such as the YubiKey 5Ci, released August 20, 2019, introduced dual and connectors for broader device compatibility, including . Subsequent advancements included the YubiKey 5 FIPS Series on May 3, 2021, achieving Level 2 validation for government and enterprise compliance while retaining multi-protocol capabilities. The YubiKey Bio Series launched October 4, 2021, integrating biometric with FIDO2 for simplified passwordless access. In May 2024, version 5.7 rolled out across YubiKey 5 and Key Series, enhancing PIN complexity requirements, enterprise , and attestation certificate handling for improved posture. This update became available in devices shipping from late May 2024, with the YubiKey Bio FIDO Edition following in August 2024 to prioritize FIDO-only protocols.

Expansion and Recent Advancements

In 2021, Yubico completed an on , raising approximately SEK 1.15 billion to fund further development and market expansion. This capital infusion supported scaling production and global distribution, enabling the company to address rising demand for hardware-based amid increasing threats and regulatory requirements for . Yubico expanded its enterprise delivery model significantly in May 2025, increasing YubiKey availability to 175 countries and 24 territories—more than doubling prior coverage—to facilitate faster deployment of pre-configured devices for remote and office users. This enhancement of the YubiKey subscription targeted organizations adopting passwordless strategies, reducing logistical barriers and accelerating phishing-resistant rollout. Product advancements continued with the July 2025 release of YubiKey 5 series variants featuring enhanced PIN controls, including automatic activation of PIN complexity requirements and a minimum six-character length, designed to comply with stringent regional standards in and elsewhere. Concurrent version 5.7 introduced support for up to 100 resident passkeys (up from 25), FIDO2 Level 2 certification for improved biometric integration verification, and new cryptographic algorithms such as RSA 3072/4096, Ed25519, and X25519 for PIV operations. These updates bolstered compatibility with emerging standards like while maintaining with legacy protocols. Partnerships advanced integration capabilities, exemplified by the October 2025 collaboration with to enable FIDO2-based, phishing-resistant passwordless access to encrypted vaults, prioritizing hardware-bound credentials over software alternatives. Yubico's 2024-2025 initiatives also emphasized growth, with expanded "Works with YubiKey" certifications enhancing across identity providers and endpoint management tools. These developments reflect sustained revenue momentum, with Q2 2025 reports indicating recovering order intake despite macroeconomic pressures.

Technical Design

Hardware Architecture

The YubiKey employs a compact, tamper-resistant monoblock design encapsulated in for physical durability, lacking batteries or to ensure reliability across an operational lifespan exceeding 100,000 touch cycles. Core models, such as those in the YubiKey 5 Series, integrate a single secure as the primary computational and cryptographic element, paired with minimal passive components like capacitors and resistors for power regulation and . This supports multiple authentication protocols through firmware-defined applications stored in isolated slots within the chip, with a dedicated application enforcing access controls via a 16-byte lock code. The central in YubiKey 5 Series devices is an Infineon M7893 B11 (or variants like SLE78 CLUFX3000PH for most models and SLE78 CLUFX5000PH for YubiKey 5Ci), certified to EAL6+ for high-assurance security, featuring non-updatable firmware in and hardware-enforced isolation between cryptographic operations. This chip handles key generation, storage, and operations for protocols including FIDO, PIV, and OTP, with up to 144 KB of for credential data across five application slots. It exposes a composite USB interface operating at full speed (12 Mbps), emulating HID keyboard, CCID reader, and FIDO authenticator classes, while NFC-enabled variants incorporate an ISO 14443-compliant antenna for contactless operation. User interaction relies on a capacitive touch sensor connected via GPIO pins to the microcontroller, triggering authentication upon contact with the device's gold-plated sense plate, often accompanied by an LED indicator for status feedback. Power is drawn directly from the host USB port (<50 mA consumption) or NFC field, enabling operation without external sources. Form factors vary—such as USB-A, USB-C, Nano, or Lightning connectors—but share this uniform core chipset for consistent behavior, with dimensions typically around 18–45 mm in length and 3–5 mm thickness. Earlier YubiKey generations, like the YubiKey 4 Series, utilized similar secure element principles but with distinct chipsets validated under FIPS 140-2 Level 2.

Supported Protocols and Interfaces

The YubiKey hardware security keys, particularly the YubiKey 5 Series, incorporate multiple applications that enable support for diverse protocols, allowing compatibility with a wide range of services and systems. These protocols leverage the device's to perform cryptographic operations without exposing private keys. Key supported protocols include FIDO2, which facilitates passwordless login and (MFA) using and client-to-authenticator protocols (CTAP), with capacity for up to 25 resident credentials; FIDO U2F, an earlier standard for second-factor across web services via universal second factor (U2F) challenges; and , a W3C standard integrated with FIDO2 for browser-based supporting both hardware keys and platform authenticators. Additional protocols encompass for time-based (TOTP) and counter-based (HOTP) s, storing up to 64 credentials; OpenPGP for smart card operations including signing, , and with RSA or ECC keys; Yubico OTP and static password modes for generation via HID interface; and PIV (Personal Identity Verification), compliant with NIST SP 800-73, enabling smart card middleware for certificate-based , digital signatures, and across designated slots. The device also supports HMAC-SHA1 challenge-response for legacy systems. These protocols operate independently or in combination, with firmware segmentation ensuring isolation between applications to mitigate cross-protocol risks.
ProtocolPrimary FunctionKey Standards/Features
FIDO2/WebAuthnPasswordless MFA, resident keysCTAP2, up to 25 keys, PIN/biometric support
FIDO U2FSecond-factor authPublic-key crypto, no drivers needed
OATHDynamic OTPsTOTP/HOTP, up to 64 slots via CCID
PIV/Smart CardCertificate authNIST SP 800-73, RSA/ECC operations
OpenPGPSigning/encryptionECC/RSA, smart card compatible
OTPOne-time passwordsYubico mode, challenge-response
For physical connectivity, YubiKeys utilize USB 2.0 as a composite device exposing interfaces such as HID for OTP/FIDO and CCID for smart card protocols like PIV and OpenPGP, compatible with Windows, macOS, (via ), and Android. Form factors include USB-A, , or dual connectors, with NFC support adhering to ISO/IEC 14443-A/M standards for contactless operations on compatible models, enabling touch-based within 20 seconds on devices like and later. Select variants, such as the YubiKey 5Ci, incorporate Apple for iOS integration, mirroring functionality for OTP and . These interfaces ensure broad platform interoperability without requiring batteries or specialized drivers in most cases.

Features and Operations

Authentication Mechanisms

YubiKeys facilitate authentication through hardware-bound cryptographic operations that prevent credential extraction, leveraging protocols such as , FIDO U2F, one-time passwords (OTP), (HOTP/TOTP), (PIV), and OpenPGP. In FIDO2 and , the device generates a public-private key pair during registration, retaining the private key securely within its tamper-resistant chip; during authentication, it signs a server-issued challenge using the private key upon user touch, enabling phishing-resistant verification without transmitting secrets over the network. FIDO U2F operates similarly but as a second-factor , confirming user presence via a touch-activated signature on a challenge, integrated into browsers like Chrome and services such as accounts since its standardization in 2014. For OTP mechanisms, YubiKeys emulate keyboard input to deliver Yubico OTP—a proprietary 44-character code comprising a public ID, private ID, and AES-encrypted dynamic payload—or OATH-compliant HOTP (counter-based ) and TOTP (time-based ), where the device computes codes from a seed without exposing it. authentication via the PIV application stores X.509 certificates and private keys, allowing certificate-based (e.g., for VPNs or SSH) through challenge-response operations compliant with NIST SP 800-73 standards, with keys protected against . The OpenPGP application supports key pair generation for signing, encryption, and , enabling GnuPG-compatible workflows where private keys remain non-exportable and operations require physical touch for user verification. These mechanisms operate independently across applications on the YubiKey 5 Series and later models, with up to five protocols configurable per slot via USB, NFC, or interfaces, ensuring compatibility with legacy systems while prioritizing passwordless flows in modern deployments. Authentication success relies on origin binding in FIDO protocols to thwart man-in-the-middle attacks, and monotonic counters or timestamps in OTP/ to prevent replay, with all operations executed in a certified to Level 2 or higher in validated variants.

Customization and Management Tools

YubiKey customization primarily involves configuring its multiple slots and applications, such as OTP (), FIDO2, PIV (Personal Identity Verification), and OpenPGP, using dedicated software tools provided by Yubico. The primary tool for this is YubiKey Manager, a cross-platform application available in both graphical (yubikey-manager-qt) and (ykman) variants, supporting Windows, macOS, and . It enables users to identify YubiKey models, versions, and serial numbers; configure FIDO2 PINs and credentials; manage PIV certificates and keys; set up OTP slots for Yubico OTP, static passwords, or challenge-response modes; and reset specific applications if needed. The ykman CLI offers advanced capabilities for scripting and automation, including detailed slot programming—such as loading AES keys for OTP generation, enabling touch-triggered responses, or appending user-defined prefixes/suffixes—and firmware version checks without altering the device. For FIDO2 customization, users can set PINs, manage resident keys, and configure credentials via the tool, ensuring compatibility with protocols. PIV management includes generating key pairs, importing certificates, and slotting asymmetric keys for smart card-like operations, adhering to NIST SP 800-73 standards. An older tool, the YubiKey Personalization Tool (including its GUI and library variants), was historically used for batch programming OTP credentials, checking , and basic slot reconfiguration, particularly for static passwords or HMAC-SHA1 challenge-response. However, Yubico announced its end-of-life effective February 19, 2026, recommending migration to YubiKey Manager for all configuration needs due to the latter's broader protocol support and ongoing maintenance. YubiKey Manager supersedes it by integrating OTP, FIDO, and PIV functionalities into a unified interface, reducing the need for multiple tools. For enterprise-scale management, Yubico offers integrations like YubiEnterprise Delivery for bulk provisioning and encoding, which automates customization workflows such as pre-loading credentials or enforcing policies via APIs, though core device-level tools remain YubiKey Manager. These tools do not support user-initiated firmware updates, as YubiKey firmware is factory-set and non-upgradable on most models to maintain security integrity. All configurations require physical access to the device, preventing remote tampering.

Proprietary Encoding: ModHex

ModHex is a custom base-16 encoding scheme developed by Yubico for use in YubiKey's (OTP) output, designed to mitigate ambiguities arising from diverse keyboard layouts. Unlike standard , which employs digits 0-9 and letters A-F, ModHex substitutes a restricted alphabet of 16 characters—c b d e f g h i j k m n r t u v—each representing a unique 4-bit value to ensure consistent interpretation across input methods. This mapping corresponds directly to hexadecimal values as follows: 0→c, 1→b, 2→d, 3→e, 4→f, 5→g, 6→h, 7→i, 8→j, 9→k, A→m, B→n, C→r, D→t, E→u, F→v. The selected characters avoid visually similar glyphs (e.g., excluding 0, O, 1, I, l) and prioritize positions that yield reliable keycodes on QWERTY-derived layouts, thereby enabling keyboard-layout-independent data transmission during OTP entry. In YubiKey OTP generation, ModHex encodes into human-readable strings for seamless integration with text-based systems. A standard YubiKey OTP comprises 44 ModHex characters: the initial 12 characters encode a 6-byte public identifier (fixed per device configuration), while the subsequent 32 characters represent a 16-byte AES-128-encrypted incorporating unique elements such as a private ID, session counters, timestamps, and random data to prevent replay attacks. This encoding packs 4 bits per character, yielding the compact 44-character format from 22 bytes of binary input (6 bytes public ID + 16 bytes encrypted). Yubico introduced ModHex specifically for OTP to address early challenges with international keyboard variations, where standard hex characters could map to unintended inputs; for instance, non-QWERTY layouts might confuse l with 1 or alter positional outputs. The proprietary nature of ModHex stems from Yubico's tailored design choices, including the custom alphabet and validation rules integrated into their validation servers (e.g., YubiCloud), which decode ModHex exclusively for OTP verification. Tools like Yubico's modhex utility facilitate conversion between ModHex strings and binary/hex equivalents for configuration and , as in modhex -e test to encode ASCII "test" into ModHex. While effective for OTP's low-bandwidth, touch-triggered use case, ModHex's layout-specific optimizations assume primary compatibility, prompting Yubico recommendations to temporarily switch to layouts for OTP entry in divergent configurations. This encoding remains central to YubiKey's legacy OTP mode, distinguishing it from protocol-agnostic alternatives like FIDO2.

Security Assessment

Core Security Principles

The YubiKey employs hardware-based where private keys are generated within the device's and never exported or transmitted outside the hardware. This isolation prevents extraction of secrets even if the host system is compromised, as all signing operations occur on-device using tamper-resistant components. High-entropy further ensures resistant to attacks. Phishing resistance forms a , particularly through FIDO protocols like U2F and FIDO2, which bind credentials to specific origins via challenge-response mechanisms that verify the authentic domain before releasing assertions. This design thwarts man-in-the-middle and credential by rejecting signatures for mismatched origins, reducing successful phishing risk by 99.9% according to empirical studies. Protocols such as SCP11 and CTAP2.2 incorporate and encrypted channels (e.g., AES-GCM, ECDH) without relying on pre-shared secrets, minimizing exposure to network-based attacks. Physical and access protections include validation at Level 3 for tamper-evidence, enabling detection of unauthorized access attempts. Brute-force resistance is enforced via limited PIN attempts (e.g., three failures trigger lockout) and mandatory minimum PIN lengths of six characters in compliant modes. The absence of batteries, moving parts, and wireless dependencies (beyond optional NFC) reduces attack surfaces from or environmental vectors, while IP68-rated durability supports operation in harsh conditions without compromising integrity.

Documented Vulnerabilities and Exploits

In September 2024, researchers disclosed a side-channel (CVE-2024-45678) in the Infineon cryptographic library used by YubiKey 5 Series devices with versions prior to 5.7.0, enabling extraction of ECDSA private keys through timing discrepancies during operations. The attack, dubbed EUCLEAK by its discoverers at NinjaLab, requires physical possession of the device and thousands of measurements to recover keys, primarily affecting FIDO2 attestation and credential keys due to their default use of vulnerable ECDSA operations. No remote exploitation is possible, and the flaw stems from implementation details in the underlying rather than YubiKey design. In April 2025, Yubico reported CVE-2025-29991 affecting YubiKey firmware from 5.4.1 to 5.7.3 (prior to 5.7.4), involving a flawed implementation of the FIDO CTAP PIN/UV Auth Protocol Two that generates predictable nonces, facilitating offline brute-force attacks on user PINs. This issue allows an attacker with physical access to attempt PIN recovery more efficiently than intended, though success depends on PIN complexity and the device's retry limits. The vulnerability does not compromise keys directly but undermines the protocol's resistance to exhaustive search. Earlier vulnerabilities include a 2015 PIN validation logic flaw in YubiKey NEO's OpenPGP applet (YSA-2015-1), which permitted incorrect PIN handling under specific retry conditions, potentially enabling unauthorized access after exhaustion of attempts. Such issues have been limited in scope, with no public demonstrations of widespread exploits compromising deployed YubiKeys without physical tampering. Independent analyses, such as attempts to reverse-engineer devices, have not yielded scalable breaks beyond protocol-specific weaknesses.
CVE IDAffected FirmwareDescriptionRequirementsImpact
CVE-2024-45678< 5.7.0 (YubiKey 5 Series)ECDSA key extraction via timing side-channelPhysical access, repeated measurementsKey recovery, FIDO cloning possible
CVE-2025-299915.4.1–5.7.3Predictable nonces in PIN/UV auth protocolPhysical access, offline computationAccelerated PIN brute-force
YSA-2015-1NEO variantsOpenPGP PIN validation bypassSpecific retry sequencesPotential unauthorized access

Responses, Mitigations, and Ongoing Improvements

Yubico maintains a structured process for addressing security issues in YubiKey devices, issuing detailed advisories that include descriptions, affected versions, severity ratings, and recommended mitigations. For instance, in response to a side-channel (CVE-2024-45678) discovered in Infineon's cryptographic , affecting YubiKey 5 Series and Security Key Series devices with prior to 5.7.0, Yubico rated the issue as moderate severity due to the need for physical access and extensive computational resources (up to 2^30 operations for a 4-digit PIN). To mitigate this unpatchable hardware flaw in the , Yubico released version 5.7.0 on May 21, 2024, incorporating an updated library from Infineon that prevents key recovery under similar conditions. For legacy devices unable to receive the update, operational mitigations include enforcing PINs of at least 5 digits to raise the attack complexity by orders of magnitude (e.g., 100,000 combinations for 5 digits versus 10,000 for 4), alongside reliance on and user presence verification protocols. Subsequent advisories demonstrate proactive patching; YSA-2025-02, issued April 2, 2025, addressed a low-severity flaw in the FIDO CTAP PIN/UV Auth Protocol implementation for firmware versions 5.4.1 through 5.7.3, with fixes deployed in later releases to prevent partial bypasses. Yubico's —spanning minor to critical—guides users on risk prioritization, emphasizing empirical factors like exploit feasibility over theoretical impacts. Ongoing improvements focus on enhancements that bolster resilience, such as the 5.7 series' support for CTAP 2.1, enterprise attestation, expanded passkey storage, and larger RSA/EC key sizes (up to 4096-bit RSA and Ed25519), reducing exposure to known cryptographic weaknesses. The latest firmware version for the YubiKey 5C NFC (part of the YubiKey 5 Series) is 5.7.1, released in September 2024, which includes minor bug fixes and improvements. There is no publicly announced firmware version or update specifically for or planned in 2026. Later variants, including YubiKey 5 Enhanced PIN models announced July 15, 2025, enforce minimum 6-character PINs with automatic complexity checks and mandatory user validation, addressing patterns of weak credential use observed in prior incidents. Yubico collaborates with hardware vendors like Infineon for library updates and advocates layered defenses, including immutability to prevent tampering, though this limits retroactive fixes for embedded secure elements.

Adoption and Influence

Enterprise and Consumer Applications

YubiKeys are widely adopted in enterprise environments for implementing phishing-resistant (MFA), particularly in scenarios involving hybrid and remote workers, privileged user access, mobile-restricted devices, shared workstations, and securing customer-facing applications. These deployments leverage YubiKey's support for protocols such as FIDO2 and PIV to enable and integration with enterprise systems like , which secures access to cloud services, VPNs, and sensitive data for organizations including federal agencies and small businesses. Yubico reports that its solutions protect over 4,000 businesses and more than 10 million users across nearly 160 countries, with integrations facilitating scalable rollout for high-assurance use cases like enterprise attestation to verify device authenticity in regulated sectors. Notable enterprise implementations include Google's large-scale deployment of YubiKeys for employee , demonstrating efficacy in preventing attacks at organizational scale. issued YubiKeys to all employees enterprise-wide to safeguard access to data, applications, and services, emphasizing hardware-bound credentials over software alternatives vulnerable to interception. Similarly, Hotels utilized YubiKeys to transition to passwordless MFA within its environment, reducing reliance on passwords while maintaining compatibility with legacy systems. Services like YubiKey as a Service further support enterprises by providing managed provisioning and revocation for protecting identities in dynamic workforces. For consumers, YubiKeys enable strong authentication for personal accounts on major platforms, including Google Accounts, Microsoft services (such as and ), Facebook, and , where users register the device for FIDO-based 2FA or passwordless login to mitigate risks like . These applications allow individuals to upgrade security for , social media, and without software tokens, using form factors like USB-A, NFC-enabled variants for mobile, or models for portability. Consumer use cases often focus on phishing resistance for high-value accounts, with YubiKeys supporting passkeys for seamless sign-ins across apps and devices, though adoption remains niche compared to app-based authenticators due to the need for physical possession.

Contributions to Industry Standards

Yubico co-developed the Universal Second Factor (U2F) protocol with , initiating the project in 2013 to provide phishing-resistant second-factor authentication using hardware tokens. The U2F specifications were subsequently contributed to the as an , with Yubico joining the organization as a board member on May 7, 2013, to participate in the dedicated U2F . This effort marked one of the earliest industry pushes toward standardized for browser-based authentication, influencing subsequent protocols by prioritizing hardware-bound challenges over software-based alternatives. Extending U2F, Yubico acted as a principal inventor and core contributor to FIDO2, ratified by the in 2019, which expanded capabilities to include passwordless login via client-to-authenticator protocols (CTAP). Parallel to this, Yubico provided technical input to the standard, developed under the W3C and finalized on March 4, 2019, enabling seamless integration of FIDO2 credentials into web applications without proprietary extensions. These contributions emphasized cross-platform compatibility and resistance to man-in-the-middle attacks, as verified through Yubico's production of the first FIDO-certified U2F devices in 2015. Through sustained board-level involvement in the , Yubico has advocated for mandatory attestation in hardware authenticators to ensure supply-chain integrity, influencing certification levels (e.g., FIDO2 Level 1 for basic compliance versus higher tiers for advanced features). This role extends to promoting passkey adoption within extensions, with Yubico's proposals integrated to support hybrid credential types balancing usability and security. Empirical deployment data from early U2F pilots at , involving thousands of employees, informed these standards' design for scalability and minimal friction. The market for phishing-resistant hardware authentication solutions, exemplified by YubiKeys, has expanded in response to escalating cyber threats and mandates for robust . Yubico, the developer of YubiKeys, achieved net sales of SEK 2,326.2 million in , reflecting a 27.3% year-over-year increase driven by enterprise demand for passwordless and MFA deployments. This momentum persisted into 2025, with first-quarter sales climbing 24.9% to SEK 623.1 million, though second-quarter figures dipped 18.8% to SEK 499.1 million amid broader economic pressures. Yubico's listing in further accelerated global scaling, with enterprise YubiKey distribution extended to 175 countries and 24 territories by May 2025 to support faster delivery of pre-configured devices. Adoption trends reveal growing enterprise reliance on such hardware, with approximately 298 tracked organizations utilizing Yubico solutions as of 2025, alongside surveys showing heightened confidence in hardware keys for resistance. In Yubico's 2025 Global State of Authentication survey of 18,000 employed adults across nine countries, respondents' trust in keys and passkeys as the most secure option rose from 17% in 2024 to 37%, with similar upticks in the . These shifts correlate with regulatory pushes and high-profile breaches underscoring legacy MFA vulnerabilities, positioning YubiKeys within a broader ecosystem projected to grow at double-digit CAGRs through 2030. Empirical assessments quantify YubiKeys' impact on breach . A Forrester Total Economic Impact study, based on interviews with four Yubico customers, calculated a 99.9% reduction in breach exposure following deployment, yielding a three-year of $3.2 million and 203% ROI through averted incident costs and productivity gains. Independent analyses affirm this, reporting post-adoption slashes in and credential theft risks by 99.9%, as hardware-bound credentials resist real-time social engineering attacks inherent to software-based alternatives. Such data-driven outcomes highlight the devices' role in causal risk reduction, though realization depends on comprehensive beyond isolated use.

Criticisms and Debates

Closed-Source and Transparency Concerns

YubiKey devices incorporate firmware and secure element implementations developed by Yubico, which are not publicly available for independent or modification. This closed-source approach extends to core cryptographic operations, distinguishing YubiKey from fully open-source alternatives like Nitrokey, where is accessible for community scrutiny. In May 2016, Yubico transitioned the YubiKey 4's OpenPGP applet from open-source to a version, citing the need for enhanced features incompatible with disclosure. This decision prompted criticisms from researchers and open-source advocates, who argued it undermined trust by preventing verification of implementation integrity and potential undisclosed flaws or backdoors. For instance, raises risks of subtle errors or vendor-specific weaknesses that evade external detection, as independent audits cannot encompass unexamined paths. Transparency concerns persist due to limited third-party access to internals, fostering reliance on Yubico's self-reported advisories rather than reproducible peer validation. While Yubico publishes vulnerability disclosures—such as the 2024 side-channel flaw in pre-5.7.0 stemming from an Infineon dependency—the opaque nature of the hampers comprehensive external analysis of mitigations or root causes. Critics in -focused communities highlight potential for unverified features like remote attestation or tracking, though no evidence of such implementations has surfaced. Yubico defends its model by emphasizing hardware-based protections in certified secure chips, which resist common attacks even if source code were exposed on less robust microcontrollers. Nonetheless, the absence of full firmware audits—unlike open-source hardware—means users must weigh vendor reputation against the principle of verifiable security, with some experts advocating diversified authentication ecosystems to mitigate single-vendor risks.

Involvement in Privacy Advocacy and Activism

Yubico, the developer of YubiKey, has supported advocacy through its Secure it Forward initiative, which donates up to 5% of YubiKeys purchased via its online store to nonprofit organizations focused on , freedom of expression, and . Launched to provide phishing-resistant tools to at-risk users, the program has distributed keys to groups combating and protecting journalists, enabling secure access to sensitive data without reliance on vulnerable or app-based methods. In 2019, Yubico donated hundreds of YubiKeys to pro-democracy protesters following a request from activists facing heightened cyber threats, including hacking attempts aimed at doxxing and account takeovers. This action provided hardware-based to safeguard communications and online identities amid political unrest, demonstrating a direct response to activist needs for robust tools against state-sponsored risks. The company extended its efforts with the Yubico for Free Speech Program in August 2020, targeting nonprofits and individuals defending and online security. This initiative has supplied YubiKeys to organizations like the , which uses them for phishing-resistant to protect journalists' accounts and sources. Similarly, the International Service for Human Rights (ISHR) and the ISC Project have integrated YubiKeys to secure confidential reporting on abuses, underscoring Yubico's role in equipping advocacy groups with verifiable, hardware-enforced measures. These donations prioritize practical enablement over direct , focusing on distributing hardware to mitigate real-world threats like credential , which empirical data shows accounts for over 80% of breaches in activist contexts. While Yubico's corporate announcements highlight these as commitments to "," independent verification from recipient organizations confirms the tools' deployment in high-stakes privacy defense, though critics note such programs may serve dual purposes of brand enhancement alongside genuine support.

References

  1. https://www.yubico.com/products/yubikey-5-overview/
  2. https://www.yubico.com/authentication-standards/
  3. https://www.yubico.com/products/
  4. https://www.yubico.com/blog/why-we-designed-the-yubikey-the-way-we-did/
  5. https://www.yubico.com/why-yubico/yubico-innovation-history/
  6. https://td.usnh.edu/TDClient/60/Portal/KB/ArticleDet?ID=4449
  7. https://investors.yubico.com/en/about-yubico/
  8. https://www.yubico.com/blog/how-yubikeys-are-made-security-at-scale/
  9. https://canvasbusinessmodel.com/blogs/brief-history/yubico-brief-history
  10. https://www.yubico.com/products/identifying-your-yubikey/
  11. https://www.yubico.com/press-releases/yubico-launches-yubikey-5-series-the-industrys-first-multi-protocol-security-keys-supporting-fido2/
  12. https://www.yubico.com/press-releases/yubico-launches-the-worlds-first-lightning-compatible-security-key-the-yubikey-5ci/
  13. https://www.yubico.com/press-releases/yubico-launches-yubikey-5-fips-series-industrys-first-fips-140-2-validated-multi-protocol-security-keys-to-enable-passwordless-authentication/
  14. https://www.yubico.com/press-releases/yubico-launches-first-yubikeys-with-biometric-authentication/
  15. https://www.yubico.com/blog/now-available-for-purchase-yubikey-5-series-and-security-key-series-with-new-5-7-firmware/
  16. https://www.yubico.com/blog/coming-soon-yubikey-bio-series-fido-edition-with-new-features-and-enhancements-fast-tracks-users-to-passwordless/
  17. https://www.yubico.com/press-releases/yubico-more-than-doubles-global-reach-of-yubikeys-for-enterprises-to-175-countries-and-24-territories-simplifying-passwordless-at-scale/
  18. https://www.yubico.com/blog/ceo-corner-maintaining-stable-growth-while-navigating-global-uncertainty/
  19. https://www.yubico.com/blog/yubico-delivers-pin-advancements-with-new-yubikey-5-enhanced-pin-keys/
  20. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/yk5-firmware-overview.html
  21. https://developers.yubico.com/yubioath-flutter/Release_Notes.html
  22. https://www.stocktitan.net/news/YUBICO/dashlane-and-yubico-partner-to-launch-phishing-resistant-lwb6850s4giv.html
  23. https://www.yubico.com/blog/works-with-yubikey-spotlight-expanded-partnerships-redefining-phishing-resistance-in-2025/
  24. https://investors.yubico.com/en/wp-content/uploads/sites/2/2021/10/interim-report-q2-2025-250814.pdf
  25. https://developers.yubico.com/Developer_Program/Guides/YubiKey_Hardware.html
  26. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/
  27. https://cyber.gouv.fr/sites/default/files/2021/09/anssi-cible-cspn-2021_18en.pdf
  28. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/technical-specifications.html
  29. https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3204.pdf
  30. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/yk5-apps.html
  31. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/yk5-phys-interfaces.html
  32. https://www.yubico.com/products/how-the-yubikey-works/
  33. https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3914.pdf
  34. https://www.yubico.com/support/download/yubikey-manager/
  35. https://docs.yubico.com/software/yubikey/tools/ykman/intro.html
  36. https://developers.yubico.com/PIV/Tools.html
  37. https://www.yubico.com/support/download/yubikey-personalization-tools/
  38. https://developers.yubico.com/yubikey-personalization/
  39. https://www.yubico.com/support/download/
  40. https://www.yubico.com/products/yubikey-as-a-service/
  41. https://developers.yubico.com/OTP/Modhex_Converter.html
  42. https://developers.yubico.com/yubico-c/Manuals/modhex.1.html
  43. https://support.yubico.com/hc/en-us/articles/5093789359516-Using-YubiKeys-with-various-keyboard-layouts
  44. https://developers.yubico.com/OTP/OTPs_Explained.html
  45. https://www.rcdevs.com/wp-content/uploads/2019/08/YubiKeyManual_v3.4.pdf
  46. https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-credentials.html
  47. https://developers.yubico.com/Secure_Domain/Technical_Deep_Dive.html
  48. https://www.yubico.com/blog/yubicos-u2f-key-wrapping/
  49. https://nvd.nist.gov/vuln/detail/CVE-2024-45678
  50. https://www.yubico.com/support/security-advisories/ysa-2024-03/
  51. https://ninjalab.io/eucleak/
  52. https://www.cvedetails.com/cve/CVE-2025-29991/
  53. https://www.yubico.com/support/security-advisories/ysa-2025-02/
  54. https://kf106.medium.com/trying-to-break-a-yubikey-4765e5184d0b
  55. https://www.yubico.com/support/security-advisories/
  56. https://nvd.nist.gov/vuln/detail/cve-2024-45678
  57. https://www.yubico.com/support/issue-rating-system/
  58. https://docs.yubico.com/hardware/yubikey/yk-tech-manual/5.7-firmware-specifics.html
  59. https://www.yubico.com/why-yubico/for-business/
  60. https://www.yubico.com/solutions/microsoft-365-mfa/
  61. https://www.yubico.com/resources/reference-customers/
  62. https://www.yubico.com/resources/reference-customers/datadog-leads-in-authentication-best-practices-deploys-yubikeys-to-all-employees-enterprise-wide/
  63. https://www.yubico.com/
  64. https://www.yubico.com/works-with-yubikey/catalog/google-accounts/
  65. https://www.yubico.com/works-with-yubikey/catalog/microsoft-accounts/
  66. https://www.yubico.com/works-with-yubikey/catalog/facebook/
  67. https://www.yubico.com/why-yubico/for-individuals/
  68. https://developers.yubico.com/Passkeys/Passkey_use_cases.html
  69. https://www.yubico.com/blog/google-yubico-join-fido/
  70. https://developers.yubico.com/U2F/
  71. https://fidoalliance.org/company/yubico/
  72. https://www.yubico.com/authentication-standards/fido2/
  73. https://www.yubico.com/blog/w3c-standardizes-webauthn/
  74. https://developers.yubico.com/WebAuthn/
  75. https://finance.yahoo.com/news/yubico-u2f-yubikeys-earn-fido-151226379.html
  76. https://developers.yubico.com/WebAuthn/Passkeys.html
  77. https://www.yubico.com/blog/what-is-fido2/
  78. https://investors.yubico.com/en/year-end-report-1-january-31-december-2024/
  79. https://investors.yubico.com/en/wp-content/uploads/sites/2/2021/10/report-interim-report-q1-2025-250513.pdf
  80. https://cybersecurityasia.net/yubico-expands-global-reach-to-175-countries/
  81. https://electroiq.com/stats/yubico-statistics/
  82. https://www.yubico.com/blog/2025-global-state-of-authentication-survey-a-world-of-difference-in-cybersecurity-habits/
  83. https://www.grandviewresearch.com/industry-analysis/hardware-security-modules-market-report
  84. https://tools.totaleconomicimpact.com/go/yubico/yubikeys/
  85. https://www.threatscape.com/cyber-security-blog/what-are-the-business-benefits-of-yubikeys/
  86. https://eprint.iacr.org/2020/1298.pdf
  87. https://www.yubico.com/blog/secure-hardware-vs-open-source/
  88. https://www.techdirt.com/2016/05/16/bad-news-two-factor-authentication-pioneer-yubikey-drops-open-source-pgp-proprietary-version/
  89. https://news.ycombinator.com/item?id=11690774
  90. https://www.reddit.com/r/privacy/comments/184qivx/whats_the_consensus_on_yubicoyubikey_considering/
  91. https://news.ycombinator.com/item?id=11710602
  92. https://www.yubico.com/why-yubico/secure-it-forward/
  93. https://www.yubico.com/blog/making-digital-security-a-right-inside-yubicos-secure-it-forward-program/
  94. https://www.scmp.com/news/hong-kong/society/article/3032287/swedish-tech-firm-yubico-hands-hong-kong-protesters-free
  95. https://www.business-humanrights.org/en/latest-news/hong-kong-swedish-tech-firm-yubico-donates-security-keys-to-protest-movement-to-protect-vulnerable-internet-users/
  96. https://www.yubico.com/blog/new-yubico-for-free-speech-program-arms-nonprofits-with-strong-authentication/
  97. https://www.yubico.com/resources/reference-customers/freedom-of-the-press-foundation-protects-press-freedom-with-the-yubikey/
  98. https://www.yubico.com/resources/reference-customers/isc-project-case-study/
  99. https://www.yubico.com/blog/donating-yubikeys-globally-to-those-who-need-it-most-a-spotlight-on-yubicos-secure-it-forward-program/
  100. https://defendcampaigns.org/ddcblog/qa-with-yubico
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.