Yubico debuts fingerprint-based security keys
Yubico, one of the largest and most trusted makers of hardware-based security keys, has debuted this week YubiKey Bio, the company's first-ever fingerprint-based biometric security key.
The product's launch comes after the company first teased the Bio series at the Microsoft Ignite conference in 2019.
The general idea behind it is that users will be able to insert a security key into a laptop or smartphone, press their finger on a fingerprint reader embedded in the key, and authenticate on the device, on local applications, or remote services.
The idea of adding a fingerprint reader to a security key is not new, and similar devices have been available from other vendors, such as Kensington and Feitian, with some alternatives being available for several years.
What the YubiKey Bio series has going for itself is Yubico's stellar reputation as one of top security vendors on the market today and its history of being one of the US government's official contractors.
New YubiKey Bio series features:
- Comes in two versions, with USB-A and USB-C connectors.
- The USB-A version is initially priced at $80.
- The USB-A version is initially priced at $85.
- FIDO2, WebAuthn and U2F support.
- If the Bio's fingerprint authentication fails, the device will default to using a PIN authentication system (PIN is set up when enrolling a fingerprint).
- Uses a three-chip design to store fingerprint data separately from other key data.
Yubico says the Bio keys should work out of the box with most apps and online services that support the FIDO2, WebAuthn, and U2F authentication protocols.
The company said it already successfully tested the Bio with Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory, Microsoft 365, Okta, and Ping Identity.
The Bio security keys are also compatible with the company's Yubico Authenticator for Desktop, an app that lets users easily manage the key's fingerprint database and other features.
YubiKey Bio keys are now available via the company's store.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.