Fingerprint identification in YubiKey Bio security key helps ban passwords


YubiKey Bio hardware security keys are available in USB-C and USB-A options.

Stephen Shankland / CNET

Yubico, a maker of hardware security keys, on Tuesday began selling two new USB models called YubiKey Bio that incorporate fingerprint recognition to add an extra level of login security on a single device.

Hardware security keys such as Yubico’s are often used in combination with passwords to strengthen conventional login processes. A hacker with your password also cannot access your account without the security key. Hackers cannot download millions of hardware security keys like they can with stolen passwords.

The YubiKey Bio adds another layer of protection to the authentication process by activating a second identification factor, a fingerprint. This could completely replace a password on sites like Microsoft’s that allow you to save the key. The key itself stores fingerprint data and tells the site when you have successfully authenticated.

Yubico’s new products, an $ 85 UBS-C dongle and an $ 80 USB-A dongle, are part of a growing movement to overturn passwords, the reigning method for login technology. Passwords are convenient and familiar, but face many security gaps. They can be stolen, forgotten, reused, and easily guessed.

Tech giants like Microsoft, Facebook, and Google are pushing password weaknesses and, in some cases, going beyond them altogether. In addition to hardware security keys, the tech industry alleviates password issues with biometrics, authentication apps on phones, and an authentication standard called FIDO (Fast Identity Online).

Google, a huge player with billions of people using services like Gmail, YouTube, and Google Workspace, is working hard to overcome the weaknesses of passwords alone. On Tuesday, she announced that she was switching 150 million people to two-factor authentication (2FA), which she calls two-step verification (2SV). It also uses hardware security keys to protect employee accounts.

I tried the YubiKey Bio with my Microsoft account without a password and found it to be easy to set up throughout the process of adding a hardware security key offered on the Microsoft account page. (Head to its Security section, then the Advanced Security Options subsection.) Once I registered my fingerprint, logging in involved entering my username, inserting the key, and then signing in. touch the fingerprint sensor of the YubiKey bio.

The key also contains a PIN code. This ensures that it can be useful for sites that do not support the biometric approach. However, they do not support the NFC wireless links that other security keys use to communicate with phones.

The YubiKey Bio, released to coincide with National Cyber ​​Security Awareness Month, is not the first biometric security key. Feitian, a Chinese company that also manufactures Google’s Titan hardware security keys, has been selling its BioPass keys for years. Yubico, based in Sweden, is the largest manufacturer of security keys.

YubiKey Bio fingerprint enrollment

Registering the YubiKey Bio for use on a website requires registering your fingerprint, much like the setup process you may have experienced for phones or PCs.

Screenshot by Stephen Shankland / CNET

Significant obstacles have prevented the generalization of hardware security keys. The differences from conventional physical keys outweigh their outward similarity. They cost a lot more than conventional keys, and you can’t just make a copy of them at a mall kiosk. Hardware security keys are also more complex to manage, such as saving them for use on multiple websites.

If you can stand the hassle, hardware keys offer major security benefits. Hardware keys protect against phishing attempts using fake websites because they are registered with specific websites. Unlike conventional keys, a single hardware security key can be used to log into many sites.


Leave A Reply