As phishing attacks have reached an unprecedented level of frequency and sophistication, enterprises must prioritize authentication that is phishing-resistant – regardless of the business scenario, platform or device users are working with. This is why Yubico prioritizes consistent product innovations that deliver on our customer’s needs for modern, phishing-resistant authentication solutions that enable businesses to safeguard their digital assets, employees, customers and partners.
However, it’s also become clear that organizations must go beyond only addressing moments of authentication – they need to focus on building phishing-resistant users. Fostering phishing-resistant users is not just a reactive measure, but a proactive enterprise strategy aimed at removing the risk of phishing by eliminating all phishable events from the entire user lifecycle – thus ensuring even the least security conscious users are protected in their day-to-day activities. As a result, Yubico’s product enhancements over the past year have focused on helping organizations create phishing-resistant users for their entire employee account lifecycle, by empowering enterprise security and bolstering protection against account takeovers through easily deploying the highest-assurance modern hardware security keys – in turn enabling passwordless authentication at scale.
Commitment to secure, simple and scalable authentication solutions
In 2024, Yubico launched more products and services than any previous year in our history. In early 2024, we expanded the countries where YubiEnterprise Delivery can support single key shipments by over 50% – targeting areas where we saw the highest demand. Simultaneously, the move eased the path to quickly enable the delivery of more YubiKeys to user’s doorsteps based on market demand, including five additional countries now available upon request: Sri Lanka, Georgia, Macedonia, Uruguay and Ecuador.
In mid-2024, we rolled out YubiKey Firmware 5.7 across all YubiKey and Security Key Series keys which is tailor-made for enterprise needs and reinforced Yubico’s commitment to secure, simple and scalable authentication solutions. We also expanded the Yubico Bio Series with a new YubiKey Bio – Multi-protocol offering to add PIV/Smart Card and support both modern and legacy applications with phishing-resistant protocol options. With enhanced features like increased PIN complexity, expanded device-bound passkey storage, and Yubico’s own cryptographic library, these updates have made it easier for organizations to secure their enterprise.
Additionally, we announced Yubico Enrollment Suite for Okta and Microsoft users – a set of offerings that include Yubico FIDO Pre-reg and the brand new YubiEnroll – which delivers choices for organizations on how to easily enroll YubiKeys on behalf of their users and enable them to accelerate onboarding. We also unveiled enhancements to YubiKey as a Service to empower enterprises to quickly deploy pre-registered YubiKeys, including to the countries we expanded YubiEnterprise Delivery. This eliminated critical points where businesses may otherwise be exposed to compromise across the account lifecycle, such as onboarding, authentication and account recovery.
At the end of the year, we submitted the YubiKey 5 Series and the YubiHSM 2 for FIPS 140-3 validation to the Cryptographic Module Validation Program (CMVP). This ensures we are able to help our government and highly regulated industry customers achieve their evolving compliance requirements.
Enhancements for the ultimate YubiKey management tool
We’ve also focused on improvements to the Yubico Authenticator, highlighted by the launch of Yubico Authenticator 7 including support for new protocols – solidifying its role as the ultimate YubiKey management tool. With increased interest in going passwordless and the shift from passwords to passkeys, the YubiKey paired with the Yubico Authenticator adds an extra layer of protection for online accounts.
Notably, PIV support was added, allowing users to manage private keys and certificates on their YubiKey and enabling functions like programming Yubico OTP credentials and setting static passwords accessed by touching the YubiKey. In late 2024 we also announced new features for Yubico Authenticator for iOS which addressed frequently requested features and provided new functionalities for a seamless authentication experience on iOS – including seamless PIN management for FIDO2 and a refreshed and intuitive user interface.
Looking ahead: Yubico’s commitment to product innovation
As Yubico evolves as a company and our customers adapt to constantly changing cyber trends and challenges, the natural evolution and lifecycle of Yubico’s products – including support of these products – also need to meet this same reality. As a result, there comes a time when the development and service of products may need to come to an end, which is the case for some of our products – all of which can be found listed on the page here and updated whenever appropriate in the future.
We believe our end of life policy, and associated processes, will help our customers to stay informed and will enable us to focus our energy and resources on the products and services making the biggest impact for our customers and partners today.
As we move further into 2025, Yubico continues to be committed to making the internet safer for everyone through our ongoing investments and innovation to ensure we can offer the most secure, phishing-resistant security available to keep ahead of constantly evolving threats. Our customers can expect to see and hear more from us regarding the expansion and evolution of enterprise services to support our customers in their phishing-resistant journey.
