FIDO2 passwordless authentication
Improved usability
Use of a hardware-based security key is fast and easy. For FIDO2 supported services, users are freed from having to remember and type passwords.
Strong account security
Replaces weak passwords with strong hardware-based authentication using Private / Public Key (asymmetric) cryptography.
One key to all accounts
A single security key that can work across thousands of accounts with no shared secrets.
FIDO2 – an open authentication standard
FIDO2 is an open authentication standard, hosted by the FIDO Alliance, that consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authentication Protocol (CTAP). CTAP is an application layer protocol used for communication between a client (browser) or a platform (operating system) with an external authenticator such as the YubiKey 5 Series, and the Security Key Series by Yubico. Yubico is a core contributor to the FIDO2 open authentication protocol.
FIDO2 is the evolution of FIDO U2F, and offers the same improved level of security based on public key cryptography. FIDO2 offers expanded authentication options including strong single factor (passwordless), two factor, and multi-factor authentication. With these new capabilities, the YubiKey enables the replacement of weak username/password credentials with strong hardware-backed cryptographic key pair credentials. These credentials are not shared across services, are resistant to phishing & replay attacks, and with the correct architecture resistant to MiTM attacks.
FIDO2 authentication options
Passwordless authentication
Strong single factor authentication using a hardware authenticator, eliminates the need for weak password-based authentication.
Two factor authentication
Strong two factor authentication using a hardware authenticator as an extra layer of protection beyond a password.
Multi-factor authentication
Strong multi-factor authentication using a hardware authenticator and a PIN or biometric, to meet high assurance requirements such as needed for financial transactions and ordering a prescription.
FIDO2 authenticators
YubiKey 5 Series
The YubiKey 5 Series is a hardware based authentication solution that offers strong two-factor, multi-factor and passwordless authentication with support for multiple protocols including FIDO2, U2F, PIV, Yubico OTP, and OATH TOTP. By offering the first set of multi-protocol security keys supporting FIDO2, the YubiKey 5 Series helps users accelerate to a passwordless future.
Security Key Series by Yubico
Security Key Series by Yubico delivers FIDO2 and FIDO U2F in a single device, supporting thousands of existing U2F two-factor authentication (2FA) services as well as future FIDO2 implementations.
FIDO2 advantages
Strong security
Replaces weak passwords with strong hardware-based authentication using public key crypto to protect against phishing, session hijacking, man-in-the-middle, and malware attacks. No secrets are shared between services.
Open standard
Open standards provide flexibility and product choice. Designed for existing phones and computers, for many authentication modalities, and with different communication methods including USB and NFC.
Step up authentication
For services requiring a higher level of authentication security, FIDO2 supports step up authentication allowing use of strong single factor (passwordless), two-factor and multi-factor authentication for additional protection.
Learn more about FIDO2 for developers.