Security experts have long abhorred passwords. They’re hackable, forgettable, and, sometimes, guessable (looking at you, password1). As companies like Microsoft and Google move to embrace password-less logins, Yubico thinks it has the key to keeping things simple. The YubiKey Bio Series announced today is the company’s first hardware security key to offer fingerprint logins.

Yubico’s Bio Series introduces biometric authentication to the hardware security key-maker’s lineup. The new keys support the latest FIDO2/WebAuthn and U2Fopen authentication standards to which Yubico contributes.

The keys target desktop PCs, which are typically stationary, making it easy to leave the key in a USB Type-A or USB-C port, depending on the model you pick. Each key has a built-in fingerprint reader, so you can log in with the tap of a finger instead of having to remember your password. The key could also serve as a form of two-factor authentication. 

The Bio Series follows last month’s announcement that you can now go password-less with Microsoft accounts. In May, Google shared its plans to eradicate passwords, too, and said today that it will make two-factor authentication mandatory on 150 million more accounts this year. 

The Bio Series keys have a three-chip architecture, where the fingerprint is stored separately and securely, which Yubico claims helps further protect against physical attacks. 

YubiKey’s new keys can represent a single root of trust via secure hardware across various browsers, applications, desktops, and even operating systems, Yubico says. The keys work with OSes supporting WebAuthn, including Windows, macOS, Linux, and ChromeOS, and browsers based on Chromium, including Google Chrome and Microsoft Edge. Yubico also promises the keys will work out of the box with various enterprise-facing platforms, including Microsoft 365, Microsoft Azure Directory, Citrix Workspace, Okta, and Duo. But note that these keys don’t support near-field communication for logging in by tapping the key to a device. For that, you’d have to turn to YubiKey’s 5 Series. 

A loop on top of each YubiKey Bio makes it a keychain, so you never have to leave home without it. Additionally, the injection-molded frame is supposed to be “crush resistant” and “water resistant.” 

These keys don’t have any drivers, batteries, or software, but you can add or delete fingerprints to the hardware via an app Yubico made for Windows, macOS, and Linux. 

The USB-C version of YubiKey Bio is currently available for $85, while the USB-A version is $80. 

Listing image by Yubico

https://arstechnica.com/?p=1801126