Latest YubiKey Firmware Update: YubiKey 5.7 Released
Yubico, the leading manufacturer of hardware security keys, has rolled out updates for its YubiKey 5.7 and Security Key Series. The updates aim to enhance security, comply with upcoming NIST requirements, and meet corporate mandates.
The new YubiKey 5.7 supports enhanced cryptographic operations, thanks to Yubico's migration to its own cryptographic library. This move strengthens the underlying security mechanisms of the device.
The YubiKey 5.7 also introduces support for Ed25519 and X25519 key types, as well as larger RSA keys (RSA-3072 and RSA-4096). This expansion in key types and sizes bolsters the device's versatility and security.
In terms of authentication needs, the YubiKey 5.7 offers expanded passkey and passwordless storage. This upgrade allows users to store more credentials securely, enhancing their online security.
The enterprise attestation capability is another significant feature of the updated YubiKeys. This feature enables the retrieval of unique identifiers during FIDO2 registration, facilitating streamlined asset tracking and account recovery.
The updates also extend the storage for FIDO2 discoverable credentials (passkeys), OATH one-time passwords, PIV certificates, and OTP seeds. Users can now store up to 100 passkeys, 24 PIV certificates, 64 OATH seeds, and 2 OTP seeds.
Yubico has also enhanced PIN complexity across all YubiKey applications. This change blocks simple patterns and common PINs, adding an extra layer of security.
The YubiKey 5.7 implements FIDO Client-to-Authenticator Protocol (CTAP) 2.1, embracing the latest FIDO2 protocol features. The Security Key Series, on the other hand, implements CTAP 2.2, an upgrade from the previous version.
Additionally, Yubico has expanded and enhanced public key algorithms for PIV applications to align with DoD memo requirements. This move ensures that the YubiKey 5.7 meets the highest security standards.
Lastly, the updates include enterprise attestation for organizations to enforce the usage of purchased YubiKeys. This feature ensures that only genuine YubiKeys are used, further enhancing security.
With these updates, Yubico continues to lead the way in hardware security key technology, providing users with secure, reliable, and compliant solutions for their authentication needs.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
- Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.
