Security Market Segment LS
Wednesday, 05 May 2021 20:57

Yubico launches YubiKey 5 FIPS series - industry-first FIPS 140-2 passwordless authentication


Hardware authentication security key provider Yubico today announced the general availability of its next-generation FIPS security keys, the YubiKey 5 FIPS series. This is the industry’s first set of multi-protocol security keys with FIDO2 and WebAuthn support to receive FIPS 140-2 validation.

FIDO2 is a specification by the FIDO Alliance - the name meaning "Fast IDentity Online" - which is an open industry association with the mission of developing and promoting passwordless authentication standards.

These standards aren't simply because the organisation doesn't like passwords; it's because passwords are inherently fraught with security failures. People forget them, people write them down, people re-use them for multiple services, and people even inadvertently divulge them during phishing attacks.

Enter multi-factor authentication - adding a third piece of information, such as a one-time code sent by text message - so even if the “bad guys” get your username and password they won’t know the third item.

Yet, using a mobile phone number for multi-factor authentication is similarly risky. In fact, we all hand out our mobile phone number freely. There’s little effort in the proverbial “bad guys”, again, using techniques like social engineering and SIM swapping to get hold of your mobile service and gain access to your services.

This takes us to hardware-based authentication and the Yubico security keys. This is the solution recommended by cybersecurity experts worldwide to give yourself the greatest security over your identity. This advice also comes from Google, which advocates the use of a hardware key like YubiKey for such people as journalists and whistleblowers in despotic regimes, and for whom protecting their identity is a matter of life-and-death, not only the safety of their finances.

Yubico has been at the forefront of hardware security keys and its new product takes it to the next level. It is the first multi-protocol security key to receive FIPS 140-2 validation, the Federal Information Processing Standards from the National Institute of Standards and Technology (NIST).

Yubico has added its existing YubiKey 5 NFC, YubiKey 5C NFC, and YubiKey 5Ci into the FIPS series line-up. These devices offer desktop and mobile functionality and allow individuals, enterprises, government agencies, and anyone else to achieve phishing-resistant passwordless authentication for all their users.

“We are delighted to see Yubico’s continued commitment to the federal market with the introduction of the YubiKey 5 FIPS Series,” said a representative for Treasury Enterprise Identity, Credential, and Access Management (TEICAM), U.S. Treasury Department.

“We certainly understand how difficult it is to go through these certification processes, but the Yubico team has shown an unwavering understanding for our evolving needs, particularly during this pandemic. Yubico is a partner that consistently goes above and beyond to support their clients, so we’re thrilled to celebrate this great progress today!”

“Our customers are struggling with the stressful and complex task of finding ways to bridge the gap between legacy and modern infrastructures while maintaining compliance,” said Suresh Thiru, chief product officer, Yubico. 

“The YubiKey 5 FIPS Series puts many of these common concerns to rest. Unlike mobile-based authenticators, these keys defend against phishing and man-in-the-middle attacks with proven success rates, while being flexible enough to support an organisation’s entire authentication lifecycle.”

The YubiKey 5 FIPS series supports FIDO2, WebAuthn, PIV, FIDO U2F, Yubico OTP, and OATH HOTP. The devices support USB-A, USB-C, NFC, and Lightning form factors. The YubiKey 5 FIPS series is able to meet the requirements for Authenticator Assurance Level 3 (AAL3) as defined in NIST SP800-63B.

The devices are available on the Yubico store and through resellers and partners.

Here is a recent Yubico video on the importance of YubiKeys to protect free speech, featuring Melanio Escobar, journalist and executive director for Redes Ayuda, a Venezuelan-based non-Government organisation that helps defend freedom of speech and human rights, and supports journalists with digital security training. Your own personal needs may not be so dire, but why trust your online identity and finances to anything less?

Read 1681 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News