Yubico

Yubico is a security company that develops hardware-based authentication products and services for strong user verification in enterprise and public-sector environments.

• Hardware authentication keys for multi-factor and passwordless login (identity and access management)
• Support for FIDO2, WebAuthn, FIDO U2F, one-time password, and smart card/PIV authentication protocols (authentication standards)
• Enterprise integrations with identity providers, operating systems, cloud services, and developer tools (enterprise security integration)
• Device lifecycle management, policy enforcement, and deployment tooling for large-scale key rollouts (identity governance and administration)
• Developer resources, SDKs, and APIs for embedding hardware-backed authentication into applications (developer security enablement)

More About Yubico

Yubico focuses on hardware-based authentication that enterprises use to implement phishing-resistant multi-factor and passwordless access for workforce, privileged users, and external collaborators. Its primary offerings center on physical security keys (hardware authentication) that store cryptographic secrets and perform authentication operations on-device, so credentials are not exposed to the host system or network during normal use.

The company builds its products around open authentication standards, including FIDO2 and WebAuthn (web authentication), FIDO U2F (universal second factor), one-time passwords based on open algorithms (OTP), and smart card/Personal Identity Verification (PIV) interfaces built on Public Key Infrastructure (PKI) (public key infrastructure). These capabilities place Yubico’s products in enterprise categories such as identity and access management (IAM), strong authentication, and phishing-resistant Multifactor Authentication (MFA). Support for multiple protocols on a single device enables organizations to run mixed environments that include legacy systems, modern cloud applications, and smart card–based infrastructure.

In enterprise environments, Yubico’s hardware keys integrate with major identity providers and directory services, major operating systems, and widely used cloud applications. This allows organizations to protect access to services such as corporate email, collaboration platforms, VPNs, servers, and administrative consoles, using the same hardware-backed factor. Many deployments use the keys to replace or augment passwords, implement step-up authentication for sensitive actions, or secure access for administrators and developers who manage critical infrastructure.

From an architectural perspective, Yubico’s approach relies on asymmetric cryptography, with private keys stored on the device and public keys registered with services during enrollment. Protocols such as FIDO2 and WebAuthn use origin-bound credentials and challenge-response flows, which help mitigate risks from phishing, credential replay, and man-in-the-middle attacks. The smart card/PIV and PKI features allow the keys to function as certificates for logon, signing, and encryption, aligning with existing enterprise certificate and device-trust workflows.

Yubico also provides tooling, documentation, and management capabilities directed at IT and security teams. These include utilities for configuring keys, setting PIN policies, managing protocol modes, and preparing devices for issuance at scale. Deployment guides and integration patterns address common enterprise scenarios such as Windows and macOS login, Secure Shell (SSH) access, Virtual Private Network (VPN) authentication, and Single Sign-On (SSO) integration with cloud identity platforms. For developers, SDKs and APIs enable applications and services to request authentication from the hardware keys and validate responses according to FIDO, OAuth, OpenID Connect (OIDC), or PKI-based flows.

Within a technology directory, Yubico can be categorized under multi-factor authentication, hardware security keys, phishing-resistant authentication, identity and access management, and developer security enablement. Its offerings are used by organizations that require hardware-backed assurance for workforce identities, regulatory compliance, or higher-assurance access control for cloud and on-premises (on-prem) resources.