Yubico YubiKey 5 FIPS Series extends phishing-resistant MFA to additional use cases

Yubico announced its next-generation FIPS security keys: the YubiKey 5 FIPS Series. The new product line is the industry’s first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card (PIV/CAC), to receive FIPS 140-2 validation, Overall Level 1 and Level 2.

The addition of the YubiKey 5 NFC, YubiKey 5C NFC, and YubiKey 5Ci into the FIPS series lineup significantly expands coverage for mobile-first environments that many organizations have been waiting for.

This combination of desktop and mobile functionality allows U.S. government agencies and contractors, as well as other highly-regulated entities, to modernize their existing authentication framework and achieve phishing-resistant passwordless authentication for all users.

“We are delighted to see Yubico’s continued commitment to the federal market with the introduction of the YubiKey 5 FIPS Series,” shared Treasury Enterprise Identity, Credential, and Access Management (TEICAM), U.S. Treasury Department.

“We certainly understand how difficult it is to go through these certification processes, but the Yubico team has shown an unwavering understanding for our evolving needs, particularly during this pandemic. Yubico is a partner that consistently goes above and beyond to support their clients, so we’re thrilled to celebrate this great progress today!”

In the wake of COVID-19 and the shift to remote hybrid work, the public sector — like many other industries — has been tasked with accelerating their path to digital transformation by months, and even years.

With it, comes the added challenge to not only modernize existing infrastructures, but to adequately secure them from afar.

The YubiKey 5 FIPS Series enables agencies to navigate this transition period with ease, working in parallel with existing strong authentication methods like Personal Identity Verification (PIV) and Common Access Cards (CAC) to extend phishing-resistant multi-factor authentication (MFA) to non PIV/CAC eligible employees and contractors, remote workers, Bring Your Own Approved Device (BYOAD) mobile users, and even mobile-restricted environments.

“Our customers are struggling with the stressful and complex task of finding ways to bridge the gap between legacy and modern infrastructures while maintaining compliance,” said Suresh Thiru, Chief Product Officer, Yubico.

“The YubiKey 5 FIPS Series puts many of these common concerns to rest. Unlike mobile-based authenticators, these keys defend against phishing and man-in-the-middle attacks with proven success rates, while being flexible enough to support an organization’s entire authentication lifecycle.”

The YubiKey 5 FIPS Series introduces several key enhancements:

• FIDO2 and WebAuthn support enables the bridge to passwordless — Most notably, the YubiKey 5 FIPS Series now includes FIDO2 and WebAuthn, supporting both legacy and modern environments and offering the bridge to secure passwordless workflows. With support for several other protocols such as smart card (PIV), FIDO U2F, Yubico OTP, and OATH HOTP, it enables organizations to achieve strong authentication across legacy and modern technologies and devices.
• Additional form factors support mobile users — The latest YubiKey FIPS lineup is now available across a wide range of form factors including support for USB-A, USB-C, NFC and Lightning, enabling FIPS-validated trusted authentication for mobile users and modern devices. Three new form factors include the YubiKey 5 NFC FIPS, YubiKey 5C NFC FIPS, and the YubiKey 5Ci FIPS, which is the industry’s first FIPS-validated, Lightning supported, multi-protocol security key specifically designed for iOS devices. In total, the YubiKey 5 FIPS Series is available in six different form factors.
• Upgraded firmware benefits specific business scenarios — Based on firmware 5.4.2, this marks a major upgrade from three years ago when the original YubiKey FIPS Series was launched with firmware 4.4.5. The new firmware offers enhanced encryption and smart card (PIV) management capabilities including tighter integrations with CMS services, secure remote provisioning, secure channel communication, and expanded methods for smart card/PIV management.

The YubiKey 5 FIPS Series is certified at FIPS 140-2, Overall Level 1 and Level 2, and in addition has achieved Physical Security Level 3; the YubiKey 5 FIPS series is able to meet the requirements for Authenticator Assurance Level 3 (AAL3) as defined in NIST SP800-63B.

Yubico’s FIPS product lineup is manufactured using stringent processes and a secure supply chain for trustworthy components, ensuring strong security and regulatory compliance for the most security conscious organizations.