Yubico YubiKey 5 Series NFC 2FA Security Key FIDO

Description

Relying solely on username and password security puts enterprise data at risk

• Catastrophic security breaches top world headlines every day, and for good reason. A single corporate security breach costs an average of $4.88M,1 with phishing and stolen or compromised credentials the two most common initial attack vectors. As a result, IT organizations cannot rely exclusively on passwords to protect access to corporate data. Adopting stronger employee and customer authentication is essential to avoiding risk and becoming the next target.

Phishing-resistant authentication with Smart Card/PIV and FIDO2/WebAuthn

• The YubiKey 5 Series is a hardware-based authentication solution that provides superior defense against account takeovers and enables compliance. The YubiKey offers strong authentication with support for multiple protocols, including existing Smart Card/PIV, and FIDO2/WebAuthn, the new standard enabling the replacement of weak passwordbased authentication. With the YubiKey, security is heightened with strong hardware-based authentication using public key cryptography. And the YubiKey is easy to use, fast and reliable, and is proven at scale to significantly reduce IT costs and eliminate account takeovers.

The YubiKey 5 Series security keys deliver expanded authentication options

• Strong Single Factor—Passwordless: Replaces weak passwords with passwordless tap-n-go secure login.
• Strong Two Factor—Password + Authenticator: Adds a  tap-n-go second factor for secure two factor authentication.
• Strong Multi-Factor—Passwordless + PIN: Combines  tap-n-go authentication with a PIN, to solve high assurance requirements such as financial transactions, or submitting  a prescription.

The YubiKey delivers enhanced protection at scale –The YubiKey multi-protocol support streamlines authentication for existing systems while paving the way forward to a passwordless future.

• Authentication and cryptographic protocols supported include FIDO Universal 2nd Factor (U2F), FIDO2/WebAuthn, Personal Identity Verification-compatible (PIV) Smart Card, and OpenPGP.
• Works across major operating systems including Microsoft Windows, macOS, iOS, Android, and Linux, as well as leading browsers.
• Available in a choice of form factors that enables users to connect via the USB, NFC or Lightning connector.
• The YubiKey 5C NFC offers multi-protocol capabilities with both USB-C and NFC capabilities for secure tap-n-go authentication on all the modern devices users love.
• Streamlines asset tracking and account recovery processes with enterprise attestation for custom programmed keys.
• Enforces compliance requirements and elevates security for PIN usage with the latest FIDO2 features such as Force PIN Change and Minimum PIN Length.
• Expanded storage capabilities for FIDO2 discoverable credentials and OATH one-time passwords, accommodating up to 100 passkeys and 64 OATH slots per application.

Eliminate account takeovers – Any software downloaded on a computer or phone is vulnerable for malware and hackers. The YubiKey is based on hardware with the authentication secret stored on a separate secure chip built into the YubiKey, with no connection to the internet so it cannot be copied or stolen.

Reduce IT costs – The YubiKey dramatically reduces the number one IT support cost—password resets—which cost Microsoft over $12M  per month. By switching from mobile one time passwords (OTPs) to YubiKeys, Google saw the following results. (1) Zero account takeovers (2) 4x faster logins (3) 92% fewer IT support calls

Fast and easy user experience – Users don’t need to install anything and can use the YubiKey in minutes. And the YubiKey is reliable because it does not require a battery or cellular connectivity, so it’s always on  and accessible. The YubiKey 5 NFC, YubiKey 5C NFC, fit conveniently on a keyring, This ensures every YubiKey is easy to access and provides the same level of digital security.

Cost-effective global rollouts – IT can deploy YubiKeys in days, not months. A single key, through its flexible multi-protocol capabilities, can work  out-of-the-box with hundreds of systems, both cloud and  on-premises. This eliminates the need for costly integrations  or separate devices for each system.

Applications:

FIDO2(USB Interface: FIDO): The FIDO2 application allows for secure single and multi-factor authentication, and can store up to 25 discoverable credentials (100 with firmware 5.7+). These credentials, which are protected by a PIN, enable passwordless login, where the YubiKey, unlocked by a PIN and authorized by touch, can log you in to your accounts without entering a username or password.

FIDO U2F (USB Interface: FIDO): The U2F application can hold an unlimited number of U2F credentials.

PIV (Smart Card): This application provides a PIV compatible smart card. On Windows, the smart card functionality can be enhanced with the YubiKey Smart Card Minidriver.

• Default Values: PIN: 123456 | PUK: 12345678 | Management Key: 010203040506070801020304050607080102030405060708
• Supported Algorithms: ECC P256 | ECC P384 |RSA 1024 | RSA 2048
• Additional Supported Algorithms (firmware 5.7+): RSA 3072 | RSA 4096 | Ed25519 | X25519
• Management Key Algorithms: TDES | AES 128/192/256 (firmware 5.4+)

Slot Information (USB Interface CCID): Slot 9a: Authentication | Slot 9b: Management Key | Slot 9c: Digital Signature | Slot 9d: Key Management | Slot 9e: Card Authentication | Slot f9: Attestation | Slots 82-95: Retired Key Management

OATH (USB Interface: CCID): The YubiKey 5 Series supports both OATH-TOTP (time based) and OATH-HOTP (counter based). Accessing this application requires Yubico Authenticator.

OTP (USB Interface: OTP): The OTP application contains two programmable slots, each can hold one of the following credentials: Yubico OTP | HMAC-SHA1 Challenge-Response | Static Password | OATH-HOTP

OpenPGP (USB Interface: CCID): This application implements version 3.4 of the OpenPGP Smart Card specification starting in firmware version 5.2, which can be used with GnuPG. For firmware versions 5.0-5.1, version 2.0 of the OpenPGP Smart Card specification is implemented.

• Supported Algorithms: RSA 1024 | RSA 2048 | RSA 3072 | RSA 4096
• Additional Supported Algorithms (firmware 5.2+): secp256r1 | secp256k1 | secp384r1 | secp521r1 | brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 | curve25519 | x25519 (decipher only) | ed25519 (sign / auth only)

Technical Information:

• Brand: Yubico
• Series: Yubikey 5
• Hardware interface: USB
• Special features: Dust Proof, IP68
• Compatible Devices: Windows, Mac OS, Linux, Android, iOS
• Operational range: 0 °C to 40 °C (32 °F to 104 °F)
  Storage range: -20 °C to 85 °C (-4 °F to 185 °F)
• Interface: USB 2.0 | NFC .
• USB Interface: FIDO