Yubico introduced its newest and most expensive hardware security key this week

The YubiKey Bio is available in USB-A ($80) and USB-C ($85) for optimal compatibility with your preferred port configuration It supports the open FIDO U2F and FIDO2/WebAuthn standards, both of which are widely used [Hardware security keys provide the best "second factor" in two-factor authentication (2FA) The most common second factor, a one-time code sent via text message, is convenient and easy to implement, but can be hacked in a variety of ways

Hardware security keys, by contrast, are something you physically have and are not used for any other purpose Google requires this for employee accounts and has had no successful account hijacking since implementing this

Yubico said that YubiKey Bio is primarily targeted at corporate desktop users who need biometric security Perhaps because of this, the price is quite high, about $20 more than rival biometric keys made by Chinese security key maker Feitian Despite this, Yubico said that its current inventory of the USB-C model YubiKey Bio has already sold out

However, the Bio's utility is a bit limited compared to the YubiKey 5 series; the YubiKey Bio does not support many of the 5 series' features, including some one-time password and smart card formats; Instagram, LastPass, Twitch, and many other services that require YubiKey 5 will not work with YubiKey Bio

According to a Yubico representative, this is because FIDO and FIDO2 support biometric authentication, while other formats do not

Smartphones also do not work with YubiKey Bio, despite having a USB-C option; neither Android nor iOS support the FIDO Client to Authenticator Protocol (CTAP) version 21 that the key uses Neither Android nor iOS support the FIDO Client to Authenticator Protocol (CTAP) version 21 used by the key The YubiKey Bio also does not have an NFC chip for wireless interaction with cell phones [Functionally, it is similar to Yubico's $25 Security Key, a basic USB-A plug security key that supports only FIDO U2F and FIDO2/WebAuthn, but also includes NFC

We had no problems setting up both the USB-A and USB-C models on a Windows 10 PC and registering each with a Google account

According to Yubico, YubiKey Bio works with Microsoft (Office) 365 and other Microsoft accounts, Coinbase, eBay, Electronic Arts, Facebook, GitHub, Twitter, Yahoo, It also works with YouTube Like other hardware security keys, YubiKey Bio can replace passwords for Microsoft accounts

In the password manager area of consumer security, which is the area with the most support for two-factor authentication, YubiKey Bio is supported by Bitwarden, Dashlane, Keeper, and 1Password (paid version only) Browsers that support Bio include Brave, Chrome, Edge, Opera, and Safari

I was a little surprised to find that I had to go through the Windows setup process to enroll my fingerprint before starting the Yubico process

If I had read the press release a little more carefully, it would have said that "the new security key is integrated with native biometric enrollment and management capabilities supported on modern platforms and operating systems"

On Mac, Linux, and Chrome OS, YubiKey Bio can be set up using Chrome or a Chromium-based browser like Brave or Microsoft Edge (Once set up in Chrome, it can be used to log into your account in Safari)

YubiKey Bio can also be set up to work with the desktop versions of Yubico Authenticator software on Windows, Mac, and Linux

Officially, YubiKey Bio supports Windows 10 (build 1903 or later) or 11, macOS 1015 Catalina and 11 Big Sur, Ubuntu Linux 1804 or later, and Chrome OS 93 or later

Up to five fingerprints can be registered to each YubiKey Bio key, and it is possible to factory reset the key and start over

As Yubico recommends (and as they recommend for all hardware security keys), you want to have one or two backup keys in case you lose your primary key They do not all need to be fingerprint readable We only need a couple of Yubico Security Keys at $25 each