Yubico, the leading provider of hardware authentication security keys, today launched the Security Key by Yubico, the company’s first hardware authentication device that fully supports the new FIDO2 and WebAuthn API authentication standards from the FIDO Alliance and World Wide Web Consortium (W3C).
As a core inventor and driver of innovative, open authentication standards, first with FIDO Universal 2nd Factor (U2F) and now FIDO2, Yubico is introducing its first FIDO2-enabled authentication security key. The Security Key by Yubico delivers FIDO2 and FIDO U2F in a single device, supporting existing U2F two-factor authentication (2FA) as well as future FIDO2 passwordless implementations.
The company is also introducing the Yubico Developer Program, a resource for organizations exploring adoption and implementation of strong authentication for web and mobile applications, using Yubico supported protocols including FIDO U2F, OTP, PIV (Smart Card), OpenPGP, OATH (HOTP/TOTP) and the new FIDO2 Client to Authenticator Protocol (CTAP) specification.
“Since we launched the first YubiKey 10 years ago at the RSA Conference, our mission has been to enable one single security key to work across any number of services, and with great user experience, security, and privacy. Today, this vision is closer to its reality,” said Stina Ehrensvard, CEO and Founder, Yubico. “FIDO2 is a natural evolution of U2F, delivering trusted, passwordless authentication for the modern, distributed workforce.”
“The FIDO Alliance thanks all organizations and members that have contributed to the FIDO2 open standards work, enabling a future of simpler, stronger and passwordless authentication for users across the globe,” said Brett McDowell, executive director, the FIDO Alliance. “Yubico plays a central role in this creation process, from co-inventing the protocol that enables one single security key to access any number of services, without shared secrets, to where we are today, announcing the FIDO2 Project.”
What is FIDO2 and how does it differ from FIDO U2F and FIDO UAF?
U2F is an open authentication standard that enables hardware authenticators, coupled with a username and password, to securely access any number of web-based services — instantly and with no drivers or client software needed.
The FIDO2 Project consists of an API (Application Programming Interface) and a Protocol. The Security Key by Yubico supports both the WebAuthn API and FIDO’s CTAP. FIDO2 provides strong authentication as a single factor, eliminating the need for passwords. FIDO2 can also conveniently pair with PINs, biometrics, or gestures as additional on-device authentication factors.
FIDO UAF (Universal Authentication Framework) is a separate technical working group and standards initiative within the FIDO Alliance, focused on biometrics and mobile devices that requires client software.
The WebAuthn API was developed by FIDO Alliance members, including Yubico, Microsoft, Google, PayPal, Mozilla and Nok Nok Labs, and standardized by the World Wide Web Consortium (W3C). Once a specification is endorsed by the W3C, it becomes globally available, creating a ubiquitous web platform for FIDO2 support. WebAuthn allows for a Security Key to create a public key-based credential for authentication and use that credential to securely log in with a web-based interaction similar to U2F.
Client to Authenticator Protocol (CTAP)
CTAP is an application layer protocol and is used to communicate between a client (desktop) or a platform (operating system) and an external authenticator (i.e. Security Key by Yubico). The CTAP model allows one device, such as a Security Key by Yubico, to act as an authenticator to log in to a second device.
Yubico Developer Program
The Yubico Developer Program is designed to enable integration of strong authentication to support Yubico hardware within web and mobile applications. Those who sign up will have access to developer resources including workshops, webinars, implementation guides, reference code, and SDKs. Those interested in FIDO2 can sign up to receive early access to Yubico resources to aid in implementations of the FIDO2 open authentication standard. Organizations can sign up here to begin receiving updates on the Yubico Developer Program and early FIDO2 materials from Yubico.
Yubico will demonstrate the Security Key by Yubico and new functionality next week at the RSA Conference 2018, booth #S2241. The Security Key by Yubico is available for $20 at the Yubico online store. To learn more about Yubico and the company’s products and ecosystem, visit www.yubico.com