YubiKey 5 Series Adds FIDO2/WebAuthn Support

Yubico today announced its YubiKey Series 5 family of multi-protocol security keys. The new keys now support FIDO2/WebAuthn, in addition to previous support for FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and challenge-response. And one of the new keys supports NFC as well.

“The YubiKey 5 Series is the industry’s first set of multi-protocol security keys to support FIDO2/WebAuthn, the open authentication standard that Yubico helped to pioneer, along with Microsoft and others,” Yubico’s Jerrod Chong writes. “All leading platforms and browsers have either made support or are engaged in this standards work, expanding authentication choices using authentication devices, such as a YubiKey, with or without a username and password.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

So what is FIDO2/WebAuthn exactly? This is the technology that Microsoft has co-created to help put an end to passwords. It’s an open standard and widely adopted by platform makers. And it is integrated across the Microsoft stack, from Windows to Edge to the firm’s online services.

“This will allow Microsoft customers to use any Microsoft identity – both personal Microsoft accounts and organizational identities based on Azure Active Directory – to sign-in using a FIDO device instead of a password on any FIDO2 compatible device or browser,” Microsoft explained back in April.

The YubiKey 5 Series includes the YubiKey 5 Nano, YubiKey 5C, YubiKey 5C Nano, and the YubiKey 5 NFC. Each can be used in single-factor, two-factor (username/password + key) or multi-factor (passwordless + PIN + touch) scenarios. And as its name suggests, the YubiKey 5 NFC provides a tap-and-go NFC-based experience.

The keys are available now and cost $45 to $60 depending on model.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 11 comments

  • Jeffsters

    24 September, 2018 - 6:17 pm

    <p>I seriously don't get the point of these things! I love the keychain picture as I've NEVER seen anyone with it on their keychain. 90% of people I see in our VERY VERY large office, especially those with the smaller version, always leave their YubiKey in a USB port of their laptop and never remove it. It's tiny and flush with the case, so why not I guess, but what good is a YubiKey now? How is that situation any better than an unprotected laptop with only a single factor password? Shrug.</p>

    • Polycrastinator

      24 September, 2018 - 10:55 pm

      <blockquote><em><a href="#327415">In reply to Jeffsters:</a></em></blockquote><p>Depends on your threat vector. Obviously it's not helpful if someone sits down at your computer. I don't worry about that. I worry about a phishing attack stealing a password, and for that it's great, because it will prevent the attacker from using that password to gain access to accounts. Leave it in the port. It's accessible then and there when you need it. If your threat vectors include stolen devices, you need a different solution. But for most people, password compromises are the risk.</p>

    • wright_is

      Premium Member
      25 September, 2018 - 3:22 am

      <blockquote><em><a href="#327415">In reply to Jeffsters:</a></em></blockquote><p>The security officer is obviously not doing his job in training the people or enforcing company policy (assuming there is one). If it was me, I'd walk around the office and collect the keys from unattended devices.</p><p>I keep mine in my pocket at all times, when it isn't currently needed.</p>

      • m_p_w_84

        26 September, 2018 - 1:37 pm

        <blockquote><em><a href="#327503">In reply to wright_is:</a></em></blockquote><p>I cannot begin to describe how furious i would be if you did that to me. I think i might quit my job on the spot.</p>

      • locust infested orchard inc

        27 September, 2018 - 4:42 am

        <blockquote><em><a href="#327503">In reply to wright_is:</a></em></blockquote><p>That's precisely how the message of security is paramount shall become to be instilled into the minds of the security-lax majority.</p>

  • mclark2112

    Premium Member
    24 September, 2018 - 8:52 pm

    <p>We are thinking of implementing this or something like it for login to all our AD machines. I think this is the future of security in the enterprise.</p>

  • Polycrastinator

    24 September, 2018 - 10:57 pm

    <p>Really excited for these. I'm hoping Microsoft quickly rolls out support. I see far too many people with depressingly guessable passwords and who refuse to use a second factor because it's apparently too much hassle to type a code from a phone. The passwordless login with a PIN to unlock the Yubikey seems like a really viable solution to get the lazy people onto a secure login method.</p>

  • wright_is

    Premium Member
    25 September, 2018 - 2:29 am

    <p>I've been waiting for this for a while. I wanted to buy a new Yubikey Neo, but they still only had the original version, whilst all of the others were at least one generation ahead. I use my Yubikey Neo with LastPass on my mobile, no Yubikey, no access to the LastPass app and its safe. </p><p>On the desktop, I just plug it in to the USB port, but, obviously, smartphones don't support that, so you have to use NFC to unlock the password safe. My original still works well, but is getting long in the tooth and I wanted a replacement / spare, but didn't want to fork out for old technology, when newer (non-NFC) versions, with more features were available. After around 3 years wait, it looks like I can finally order new Yubikeys!</p><p>Also, the old Neo also supported Mifare, so I could use it as the NFC token for booking into and out of the office at my previous employer, it was better than carrying around yet another credit card sized token – given the number of NFC enabled cards these days (national ID card, driving license, credit cards and debit cards), it often played havoc with the card readers at the doors, people would hold their wallet against the reader and we would get readings from dozens of different cards, marked as illegal access attempts and the employee left standing in the rain, until he dug the card out of his wallet and held it against the reader, without the others being in range.</p>

  • smccandlish

    Premium Member
    25 September, 2018 - 9:20 am

    <p>So each application that you use needs to support <span style="color: rgb(0, 0, 0);">FIDO2/WebAuthn so that you can use this, right?</span></p>

    • Polycrastinator

      25 September, 2018 - 1:22 pm

      <blockquote><em><a href="#327539">In reply to smccandlish:</a></em></blockquote><p>It's backwards compatible, so services using U2F or other security key standards still work. But for the passwordless login yes, you'll need to wait for FIDO2 to be implemented. </p>

  • m_p_w_84

    26 September, 2018 - 1:38 pm

    <p>As someone who loves gadgets and is quite technologically minded etc. I still don't understand what these are for, they keep trying to market them at your 'average' consumer and I really can't understand why.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC