Today sees YubiKey security keys become even better with Yubico's launch of the YubiKey Bio — biometric authentication built right into a security key, allowing for quick, simple, and streamlined passwordless authentication for desktop-based FIDO-supported services and applications.
The YubiKey Bio uses a three-chip architecture that stores the biometric fingerprint in a separate secure element, offering protection from physical attacks.
This, according to Yubico, allows the YubiKey Bio to "act as a single, trusted hardware-backed root of trust which allows the user to authenticate with the same key across multiple desktop devices, operating systems, and applications."
For when biometrics are not supported, users can enter a PIN entered during the initial setup.
By having everything built into the key, it means that authentication mechanisms are protected from tampering even if the host systems are compromised.
The keys can be managed using the Yubico Authenticator for Desktop, an app that is available for Windows, macOS, and Linux. This is used to enroll new fingerprints and add or delete fingerprints when native platform and browser capabilities are limited.
Customers should choose the YubiKey Bio if they are:
- Securing an account with a service that supports only FIDO U2F or FIDO2/WebAuthn protocols
- Authenticating using a desktop device
- In cloud-first environments
- Using shared workstations and are in mobile-restricted environments
However, there are situations where users will be better off using the YubiKey Series 5 keys :
- They require broader form factors and NFC support
- The users need to work across desktop and mobile devices
- Users need to support applications and services using a range of protocols such as OTP, FIDO U2F and FIDO2/WebAuthn, and Smart card/PIV
- They are securing legacy and modern environments offering a bridge to passwordless, utilizing non-FIDO protocols
I've had my hands on the YubiKey Bio for the past few days, and I have to say that they are an impressive bit of technology. The biometric reader is fast and super reliable, and the whole robust package is everything I've come to expect from Yubico.
The YubiKey Bio enables biometric login on desktop with all applications and services that support FIDO protocols, as well as offering out-of-the-box support for Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory and Microsoft 365, Okta, and Ping Identity.
The YubiKey Bio Series is available in USB-A and USB-C form factors, and keys are priced at $80 and $85, respectively. They are available for purchase from Yubico.