Yubico’s new hardware key includes fingerprint reader for password-less logins – TechCrunch

Yubico, the maker of hardware security keys, unveiled the YubiKey Bio, its first key supporting biometric authentication for passwordless logins and multi-factor authentication (2FA)

The launch of the YubiKey Bio comes as tech giants move away from traditional password-based logins, a prime target for cyber attacks. Microsoft recently rolled out a password-less sign-in option for all consumer accounts, and Google this year announced plans to eventually eliminate the password.

The YubiKey Bio – first teased almost two years ago at Microsoft Ignite in November 2019 – jumps on the password-less bandwagon by integrating a fingerprint reader built into the key. Yubico describes this as the “next logical step” for the business, especially since most modern laptops still lack built-in biometric security.

Once a fingerprint is registered on the device, the data is stored in a secure element, while the biometric subsystem runs independently of the key’s basic security functionality. All communications between the secure element and the rest of the key are encrypted to help thwart replay attacks.

“With the launch of the YubiKey Bio series, we are proud to raise the level of biometric security keys, enabling simple and strong password-less authentication for our corporate customers and daily YubiKey users,” said Stina Ehrensvärd, CEO and co-founder of Yubico.

The company also notes that while no security system is foolproof, a hacker with a false impression would have to get hold of the user’s physical device to take advantage of that impression, greatly reducing the threat to the average YubiKey customer. Yubico will allow users to use their PIN codes to log in in case biometric authentication does not work due to variables in skin texture related to humidity or temperature.

Like other Yubico hardware security keys, such as the YubiKey 5C NFC, the YubiKey Bio is a plug-and-play device; it doesn’t require any batteries, drivers, or associated software, and it will work on macOS, Windows, and Linux machines. YubiKeys also support open security and authentication standards – the FIDO U2F, FIDO2, and WebAuthn protocols – so they work on Macs, iPhones, Windows PCs, and Android devices, as well as apps. and services supporting FIDO out-of-the-box protocols.

The YubiKey Bio is now available in USB-A ($ 80) and USB-C ($ 85) versions.