YubiKey

YubiKey is a hardware authentication security key that eliminates account takeovers through phishing-resistant multi-factor authentication (MFA) using cryptographic proof of identity. Unlike SMS codes or authenticator apps vulnerable to phishing, man-in-the-middle, and SIM-swap attacks, YubiKey creates a cryptographic link between user credentials and specific website domains, refusing to authenticate even when users click fraudulent links. The physical security token combines something you know (password/PIN) with something you have (the physical key), requiring user presence to complete authentication and supporting passwordless login via FIDO2/WebAuthn passkey technology.

YubiKey supports multiple authentication protocols including FIDO2/WebAuthn for passwordless authentication, FIDO U2F for two-factor authentication, OATH-TOTP/HOTP for one-time passwords, OpenPGP for email encryption and code signing, and Smart Card (PIV) for certificate-based authentication on legacy systems. The device requires no batteries, software installation, or network connectivity, functioning as a USB keyboard that works offline across Windows, macOS, Linux, iOS, and Android. YubiKey integrates natively with hundreds of services including Google Workspace, Microsoft 365, AWS, Azure, GitHub, password managers (1Password, LastPass, Bitwarden), and identity providers (Okta, Ping Identity, Microsoft Entra ID).

Founded in 2007 by Stina and Jakob Ehrensvärd, Yubico pioneered the one-touch authentication concept and co-created the FIDO U2F and FIDO2 open authentication standards with Google, serving as a founding board member of the FIDO Alliance. The company has sold over 22 million YubiKeys protecting users in 160+ countries, manufactured in USA and Sweden facilities meeting FIPS 140-2 and Common Criteria certifications. According to Forrester Consulting research, organizations using YubiKeys achieved 99.9% reduction in security incidents, 75% drop in password-related helpdesk tickets, 92% reduction in support calls, and 203% three-year ROI, with Google eliminating employee account takeovers entirely. Yubico is publicly traded on Nasdaq Stockholm with 500+ employees and generated $225M in trailing twelve-month revenue.