Yubico has added new biometric capabilities to its popular range of hardware security keys known as YubiKeys. The YubiKey Bio supports fingerprint recognition for use in passwordless and two-factor authentication logins.
The hardware integrates native biometric enrolment and management features that are supported by desktop-based, FIDO-supported services and applications.
Yubico explains that the YubiKey Bio’s three-chip architecture allows the biometric fingerprint material to be stored in a separate secure element which delivers enhanced protection from physical attacks.
“The YubiKey Bio acts as a single, trusted hardware-backed root of trust which allows the user to authenticate with the same key across multiple desktop devices, operating systems, and applications,” the company states.
Further, The YubiKey Bio enables biometric login on desktop with all applications and services that support FIDO protocols and works out-of-the-box with Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory and Microsoft 365, Okta and Ping Identity. With the growing adoption of modern authentication, Yubico continues to work closely with its partner ecosystem to encourage support of biometric authentication as detailed in the WebAuthn and FIDO2 specs.
According to Yubico CEO and cofounder Stina Ehrensvärd, the company aims to raise the standard of biometric security keys.
“[We enable] simple and strong passwordless authentication for our enterprise customers and everyday YubiKey users.”
Duo Security senior product manager Chris Demundo says, “Authenticating with the combined solution of the Duo platform and the YubiKey has always
been remarkably easy and fast. Biometrics play an important role in any company’s strategy to go passwordless, and we’ve tested the YubiKey Bio extensively with Duo’s upcoming solution, with great results. We’re excited to provide customers a simpler, faster and more convenient way to protect against phishing and other access threats.”
YubiKey Bio features include:
- Fingerprint templates stored in a separate secure element on the YubiKey Bio.
- Support for FIDO2/WebAuthn and FIDO U2F, based on the Yubico invention of enabling one single authenticator to work across any number of applications, with highest level of security, and without sharing any information between services.
- Works across desktop platforms supporting WebAuthn such as Windows, macOS, Chrome OS, and Linux and across browsers such as Edge and Chrome as well as other Chromium based browsers.
- Available as both USB-A and USB-C in Yubico’s keychain design.
- Portability, allowing users to switch devices, log into shared workstations, and also support mobile-restricted environments.
- Allows for use of security key PIN for scenarios where biometrics cannot be used.
- Supported by Yubico Authenticator for Desktop app on Windows, macOS and Linux to enrol new fingerprints, add or delete fingerprints when native platform and browser capabilities are limited.
The Yubico Bio is available from resellers now.