Yubico is preparing to launch refreshed versions of its YubiKey 5, Security Key and Security Key Enterprise Edition authentication hardware to help organizations move away from password-based security. On Monday, the company announced that new security keys with updated firmware 5.7 will be available in late May, providing improved security features such as expanded key storage and the ability to force more complex PINs.
For security reasons, existing YubiKey hardware cannot be updated to the new 5.7 firmware, so users will need to purchase new keys (currently starting at $25 for an NFC security key) to benefit from the improved security. These include enterprise attestation, up-to-date FIDO2 protocols such as the ability to set a minimum PIN length, and memory for up to 100 keys, 24 PIV certificates, 64 OATH seeds and 2 OTP seeds.
“Organizations continue to face an increase in the variety and complexity of cyber threats at historic rates, often driven by compromised employee credentials, often resulting from attacks such as phishing,” said Jeff Wallace, senior vice president of product at Yubico. “These updates provide enterprises with the latest advances in authentication and the tools to create specific strategies to create phishing-resistant users and mitigate phishing threats to employees, external identities and customers.”
The new security hardware with new firmware will be launched alongside Yubico Authenticator 7 updates, which includes a streamlined user interface, French and Japanese language support, and can be used to manage upcoming YubiKey 5.7 features. The new Authenticator 7 app is available now for desktop and Android devices, with an update for iOS users coming later at an unspecified date.
Credit : www.theverge.com