Earlier this month, we announced the launch of Yubico Authenticator 7 and the upcoming availability of YubiKey 5.7 firmware. We're pleased to announce that starting today, YubiKey 5 Series, Security Key Series, and Security Key Series - Enterprise Edition keys purchased and shipped from Yubico will include the new firmware. Keys with the new firmware will also be available through certified resellers.
And we've heard the same enthusiasm from our customers and partners. Iain Wotherspoon, Director of Product Management at Intercede, commented on 5.7 and the expected impact on their business: "We are delighted to be collaborating with Yubico on the recent launch of YubiKey 5.7 firmware. We are working closely together to meet our customers' needs and adapt to evolving industry standards, including the recent DoD memo promoting stronger RSA keys and the latest FIDO features. Our commitment to improving security is evident in these updates and demonstrates our strong commitment to the partnership and our mutual interest in delivering superior security solutions to our mutual customers."
The new features in version 5.7 enable organizations to improve their security posture and achieve compliance while increasing flexibility and streamlining critical processes such as asset tracking and account recovery. New and enhanced enterprise-focused features in YubiKey 5.7 firmware include:
YubiKey 5 Series (multi-protocol)
- Improved PIN complexity settings for all YubiKey applications, including FIDO2, PIV, and OpenPGP.
- Enterprise Attestation facilitates the retrieval of unique identifiers during FIDO2 enrollment and streamlines asset tracking by enabling identity providers to read the serial number from the YubiKey during FIDO2 enrollment.
- The implementation of FIDO Client to Authenticator Protocol (CTAP) 2.1 brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, thus addressing PIN requirements in enroll-on-behalf scenarios.
- Expanded storage options for passkeys and passwordless passwords - up to 100 device-bound passkeys (instead of 25), 64 OATH seeds (instead of 32), 24 PIV certificates and 2 OTP seeds for a total of 190 credentials can be stored simultaneously.
- Extension and improvement of public key algorithms , including support for larger RSA keys (RSA-3072 and RSA-4096), Ed25519 and X25519 key types, improves key management capabilities and flexibility for organizations, and complies with DoD memo requirements for stronger public key algorithms. Migration to Yubico's own cryptographic library, which performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.
Security Key Series - Enterprise Edition (FIDO only)
- This product line, available only through a YubiEnterprise subscription, includes all the FIDO benefits of the aforementioned YubiKey 5 series. Smart Card/PIV capabilities, OpenPGP, OATH, and OTP credentials are not available on any Security Key series, so these updates are not applicable.
Security Key Series (FIDO only)
- This series, updated to 5.7, reflects the same updates as the Security Key Series - Enterprise Edition, with the exception of the ability to support enterprise attestation and perform associated asset tracking.
With firmware 5.7 now officially available, the updated YubiKey and Security Key series are the perfect complement to the updated features of Yubico Authenticator 7. These include PIN management, device-bound passkeys, and the added PIV support, which allows users to manage private keys and certificates on their YubiKey. The app is available for download for all major desktop platforms, as well as Android. Enhanced features for iOS will be available in the next version of the iOS app.
Remember that you can only get the new firmware 5.7 for the YubiKey 5 Series, Security Key Series and Security Key Series Enterprise Edition by purchasing new keys.
Source: yubico.com
