Yubico has announced the upcoming release of YubiKey 5.7 firmware for the YubiKey 5 Series, Security Key Series and Security Key Series – Enterprise Edition. Yubico says the update reinforces its commitment to providing secure, simple, and scalable authentication solutions and setting the gold standard for phishing-resistant multi-factor authentication.
Security keys with firmware 5.7 will be available to purchase in late May 2024. They will offer improved features such as improved PIN complexity, enterprise attestation, and expanded passkey credentials storage, encouraging organisations to adopt passwordless-first, modern phishing-resistant authentication.
As part of Yubico’s goal of helping enterprises raise the bar for security with greater flexibility, the company has also announced the availability of Yubico Authenticator 7, which will support the upcoming YubiKey 5.7 features.
“Organisations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fuelled by compromised employee login credentials, frequently resulting from attacks such as phishing,” said Yubico Senior Vice President Jeff Wallace. “The rise in use of artificial intelligence exacerbates this trend. We’re excited to continue offering best-in-class solutions that protect organisations and accelerate their transition to passwordless with the latest enterprise-focused updates to the YubiKey. We’re confident that organisations are now better equipped than ever to enforce compliance requirements and elevate their security posture.”
Yubio’s key updates and enhancements to the YubiKey 5 Series and Security Key Series include:
- Enhanced PIN complexity across all YubiKey applications that will block simple patterns and common PINs at the hardware level to enable compliance with upcoming NIST requirements and corporate mandates. This includes FIDO2, PIV, and OpenPGP;
- Enterprise attestation to allow organisations to enforce the usage of YubiKeys that they purchased via custom programmed keys with enterprise attestation. Working in conjunction with identity providers, this capability can also facilitate the retrieval of unique identifiers during FIDO2 registration to streamline asset tracking and account recovery;
- FIDO2 enhancements to empower organisations to enforce compliance requirements and elevate security measures surrounding PIN usage. YubiKey 5.7 implements FIDO Client-to-Authenticator Protocol (CTAP) 2.1, embracing the latest FIDO2 protocol features such as Force PIN Change and Minimum PIN length;
- Expanded passkey and passwordless storage that provides ample storage space to meet authentication needs while maintaining strong security standards. More storage for FIDO2 discoverable credentials (passkeys) and OATH one-time passwords will now accommodate up to 100 passkeys, 24 PIV certificates, 64 OATH seeds, and 2 OTP seeds at once for a total of 190 credentials;
- Expansion and enhancement of public key algorithms for PIV applications that align with DoD memo requirements and offer advanced key management functions, enhancing flexibility for organisations through support of larger RSA keys (RSA-3072 and RSA-4096), as well as Ed25519 and X25519 key types; and
- Migration to Yubico’s own cryptographic library that performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.
“The new features within 5.7 allow enterprises to streamline critical processes such as asset tracking and account recovery while also enhancing flexibility,” said Wallace. “These updates empower enterprises with the latest authentication advancements and tools to build specific strategies for creating phishing-resistant users and mitigating phishing threats for employees, external identities, and customers.”
The new 5.7 YubiKeys’ capabilities also align with recent US Government memo requirements on adopting phishing-resistant MFA and offer advanced key management functions. Enforcing the blocking of simple patterns and common PINs at the hardware level also supports compliance with upcoming NIST requirements and corporate mandates.
Aligned with the 5.7 firmware release, significant updates within Yubico Authenticator 7 launched this week to support managing these new features. This new version enables the use of the new public key algorithms for PIV, bringing more advanced management options and streamlines the interface for a better user experience when handling many credentials.
The Yubico Authenticator delivers strong security by enabling users to store credentials on a YubiKey instead of a mobile phone, thereby significantly removing risks posed by remote attackers targeting software-based authenticator apps. By incorporating hardware-backed strong two-factor authentication in the YubiKey, credentials stay safe, and the bar for security is raised while delivering the convenience of an authenticator app.
Additionally, it adds localisation with official support for French and Japanese, with additional community-provided translations. The app is now available for all major desktop platforms, as well as for Android. Enhanced features for iOS will be coming in the next version of the iOS application.
