Yubico

Yubico is a company that designs and manufactures hardware authentication devices and cryptographic security modules intended to provide phishing-resistant multifactor authentication. Founded in 2007, the company produces small USB and NFC tokens and related services used by individuals, enterprises, and governmental organizations to protect access to online accounts, networks, and cryptographic keys. Yubico’s offerings are positioned within a broader ecosystem of identity providers, standards bodies, and platform vendors.

History

Yubico was founded in 2007 by Stina Ehrensvärd and Jakob Ehrensvärd and emerged amid growing interest from institutions such as Google, Facebook, and Twitter in stronger authentication after high-profile incidents involving compromised accounts on platforms like Yahoo! and Sony Pictures Entertainment. Early technical collaborations and pilots involved engineers and security teams from Microsoft, Amazon, Dropbox, GitHub, and Salesforce as organizations began evaluating token-based authentication alongside initiatives from National Institute of Standards and Technology and civil society groups such as the Electronic Frontier Foundation. Yubico’s timeline includes product releases timed with standards work at FIDO Alliance and member interactions with standards contributors from Internet Engineering Task Force and World Wide Web Consortium. Over time, the company expanded operations with offices in Stockholm, Palo Alto, and regional hubs interacting with vendors such as Apple, Google Cloud, IBM, and Oracle.

Products and Technology

Yubico’s flagship hardware tokens are compact devices supporting interfaces used by platforms like Microsoft Azure, Google Workspace, Okta, Ping Identity, and Duo Security. The product family includes USB-A, USB-C, Lightning, and NFC form factors compatible with operating systems and platforms including Windows Server, macOS, Linux, Android, and iOS. Core technologies implemented in the devices align with specifications from the FIDO Alliance—notably FIDO U2F and FIDO2—and cryptographic protocols such as Public-key cryptography and One-time password schemes inspired by work from OATH (initiative). Yubico also produces dedicated hardware security modules (HSMs) marketed as HSM devices for enterprise key storage, integrated in deployments alongside Thales Group and Entrust. Software offerings and SDKs enable integration with identity providers like Active Directory and cloud platforms such as Amazon Web Services, Microsoft Azure Active Directory, and Google Cloud Identity. Developer and open-source communities including contributors from OpenSSL, OpenSSH, and The Apache Software Foundation have interoperated with the company’s tools and libraries.

Security Standards and Certifications

Yubico’s products implement and promote compliance with standards promulgated by organizations such as the FIDO Alliance, the Internet Engineering Task Force, and the National Institute of Standards and Technology. Device firmware and manufacturing processes have been framed to meet evaluation criteria similar to Common Criteria assurance profiles and to satisfy procurement frameworks used by agencies like European Union institutions and national CERTs. The HSM and secure element designs follow approaches consistent with testing regimes from Federal Information Processing Standards and certification schemes used by vendors collaborating with NATO member procurement teams and contractors. Interoperability testing involves participation in industry events alongside the OpenID Foundation, WS-I, and large platform vendors such as Cisco Systems and VMware.

Business and Partnerships

Yubico has engaged in partnerships, reseller agreements, and enterprise integrations with identity and security vendors including Okta, Ping Identity, Duo Security (now part of Cisco Systems), ForgeRock, and SailPoint. Cloud and platform alliances span Google Cloud, Microsoft, Amazon Web Services, and Apple ecosystem services for account protection. The company’s business development and channel strategy have included distribution through enterprise resellers such as Ingram Micro and collaboration with security consultancies and systems integrators like Accenture and Deloitte for large-scale rollouts to customers including multinational firms and public institutions. Strategic engagement with standards organizations such as the FIDO Alliance and memberships in industry consortia have reinforced go-to-market coordination with technology partners including Yammer users and developer ecosystems centered on GitHub and GitLab.

Reception and Impact

Products from Yubico have been cited in press coverage, corporate security guidance, and incident postmortems from technology companies and government agencies including Department of Homeland Security and various national cybersecurity agencies praising hardware-backed authentication for reducing account takeover risk. Academic research and security analyses from institutions like Carnegie Mellon University, Massachusetts Institute of Technology, and independent labs have examined token security models that influenced enterprise adoption at firms such as Google (notably their internal push toward mandatory hardware MFA). Advocacy organizations including the Electronic Frontier Foundation and Access Now have referenced hardware tokens in recommendations for protecting activists, journalists, and civil society figures. Critics in security forums and publications such as Wired and The Verge have debated trade-offs around usability, supply chain risk, and recovery models, prompting enhancements in device management and enterprise lifecycle processes adopted by customers like Dropbox and Facebook.

Category:Computer security companies