Earlier this month, we announced the launch of Yubico Authenticator 7 as well as the upcoming availability of YubiKey 5.7 firmware. Beginning today, we’re excited to share that YubiKey 5 Series, Security Key Series, and Security Key Series – Enterprise Edition keys purchased and shipped from Yubico will include the new firmware. Keys with the new firmware will also be available through certified channel resellers.
And we’ve heard the same excitement from our customers and partners as well. Iain Wotherspoon, director of product management at Intercede, shared their thoughts on 5.7 and its expected impact on their business: “We are excited to partner with Yubico on their recent launch of YubiKey 5.7 firmware, working closely together to fulfill customer needs and align with evolving industry standards, including the recent DoD memo promoting stronger RSA keys and the latest FIDO capabilities. Our dedication to improving security is evident in these updates and demonstrates our strong commitment to partnership and mutual interest in providing superior security solutions for our joint customers.”
The new features within 5.7 empower organizations to enhance their security posture and achieve compliance, while gaining the ability to enhance flexibility and streamline critical processes such as asset tracking and account recovery. New and enhanced enterprise-focused features within the YubiKey 5.7 firmware include:
YubiKey 5 Series (multi-protocol)
- Enhanced PIN complexity settings across all YubiKey applications, including FIDO2, PIV, and OpenPGP.
- Enterprise attestation facilitates the retrieval of unique identifiers during FIDO2 registration and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.
- FIDO Client to Authenticator Protocol (CTAP) 2.1 implementation brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in “enroll on behalf” scenarios.
- Expanded passkey and passwordless storage capabilities – accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials.
- Expansion and enhancement of public key algorithms, including support for larger RSA keys (RSA-3072 and RSA-4096), Ed25519, and X25519 key types enhances key management functions and flexibility for organizations, aligning with DoD memo requirements on stronger public key algorithms
- Migration to Yubico’s own cryptographic library that performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.
- Restricted NFC usage during transit: NFC capable YubiKeys (YubiKey 5 NFC, YubiKey 5C NFC) and Security Keys (Security Key NFC, Security Key C NFC) have restricted NFC usage to prevent manipulation during transit. Read more here.
Security Key Series – Enterprise Edition (FIDO-only)
- This lineup, available only via YubiEnterprise Subscription, contains all the FIDO-focused benefits of the YubiKey 5 Series mentioned above. Smart Card/PIV capabilities, OpenPGP, OATH and OTP credentials are not available on any Security Key Series thus these updates are not applicable.
Security Key Series (FIDO-only)
- This lineup with the update to 5.7, mirrors the same updates as the Security Key Series – Enterprise Edition, except for the ability to support enterprise attestation and conduct related asset tracking.
With 5.7 firmware now officially available, the updated YubiKey and Security Key Series are the perfect companion to the updated features within Yubico Authenticator 7. This includes management of PINs, device-bound passkeys, and added PIV support which allows users to manage private keys and certificates on their YubiKey. The app is available to download for all major desktop platforms, as well as for Android. Enhanced features for iOS will be coming in the next version of the iOS application.
Remember, the only way to get the new 5.7 firmware for the YubiKey 5 Series, Security Key Series, and Security Key Series – Enterprise Edition is via purchase of new keys. Visit our store or speak with your Yubico representative to get yours today! Make sure to register here for our upcoming webinar, Unlocking the future: Fast-tracking modern enterprises to passwordless, where we’ll dive into the innovations within the 5.7 firmware updates.
Note: YubiEnterprise Subscription customers can leverage their available replacement entitlements to receive YubiKeys with the new firmware. For Subscription customers interested in a full refresh, reach out to your Yubico representative for additional details.
