Security Stack Logo
YubiKey logo

Hardware Security

YubiKey

Hardware security keys for phishing-resistant MFA and passwordless authentication.

Hardware Authentication KeysPasswordless Authentication

YubiKey Overview

What it does

YubiKey is a hardware authentication security key that eliminates account takeovers through phishing-resistant multi-factor authentication (MFA) using cryptographic proof of identity. Unlike SMS codes or authenticator apps vulnerable to phishing, man-in-the-middle, and SIM-swap attacks, YubiKey creates a cryptographic link between user credentials and specific website domains, refusing to authenticate even when users click fraudulent links. The physical security token combines something you know (password/PIN) with something you have (the physical key), requiring user presence to complete authentication and supporting passwordless login via FIDO2/WebAuthn passkey technology.

How it works

YubiKey supports multiple authentication protocols including FIDO2/WebAuthn for passwordless authentication, FIDO U2F for two-factor authentication, OATH-TOTP/HOTP for one-time passwords, OpenPGP for email encryption and code signing, and Smart Card (PIV) for certificate-based authentication on legacy systems. The device requires no batteries, software installation, or network connectivity, functioning as a USB keyboard that works offline across Windows, macOS, Linux, iOS, and Android. YubiKey integrates natively with hundreds of services including Google Workspace, Microsoft 365, AWS, Azure, GitHub, password managers (1Password, LastPass, Bitwarden), and identity providers (Okta, Ping Identity, Microsoft Entra ID).

Credentials and traction

The YubiKey 5 FIPS Series is FIPS 140-3 validated (Certificate #5291, Overall Level 2 with Physical Security Level 3) and supports NIST authenticator assurance level AAL3. Yubico was named Best Security Company of the Year at the 2025 Cyber Security Awards and one of PCMag's Best Tech Brands for 2025, and holds a TrustRadius 2025 Top Rated Award. More than 22 million keys are in use across 160-plus countries; in a 2025 deployment, T-Mobile rolled out over 200,000 phishing-resistant YubiKeys.

Key Capabilities

mapped to solution categories
Hardware Authentication Keys

Provides an enterprise portal for registering, managing, and auditing hardware key deployment across the organization at scale.

Implements the FIDO2 WebAuthn specification for phishing-resistant authentication, binding authentication to the registered origin, preventing credential use on phishing domains.

Supports FIDO2, FIDO U2F, PIV (smart card), and TOTP on a single device, enabling use across web applications, VPNs, OS login, and legacy systems.

Supports NFC tap-based authentication for mobile devices alongside USB-C and USB-A, determining which use cases and device types the key supports.

Uses FIDO attestation during registration to verify the make and model of each hardware key, so an enterprise can require only approved, certified authenticators.

Passwordless Authentication

Binds passkeys to specific device hardware (TPM, Secure Enclave), the private key cannot be exported or used from a different device.

Implements FIDO2/WebAuthn for phishing-resistant authentication, binding credentials cryptographically to the registered origin to prevent use on phishing domains.

Supports parallel operation of password and passwordless authentication during transition, allowing gradual user migration without a hard cutover.

Enables passwordless authentication for applications that do not natively support FIDO2, using reverse proxy, credential injection, or identity broker patterns.

Compliance

certifications
FIPS 140-2

Integrations

compatible tools
1PasswordActive DirectoryAWSAzureBitwardenCiscoDockerDropboxDuo SecurityGitHubGitLabGoogle WorkspaceKubernetesLastPassMicrosoft 365Microsoft Entra IDOktaPing IdentitySalesforceSSH

Implementation & support

Pricing structure
One-Time PurchaseSubscription
Support channels
24/7 SupportCustomer Success Manager (CSM)DocumentationEmail SupportKnowledge BaseTicketing PortalTraining / Academy

Info last updated on May 27, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.