Yubico Accelerates Passwordless Future with New Enrollment Services

SAN FRANCISCO, CA – March 23, 2026 – Yubico, the creator of the ubiquitous YubiKey, has announced a significant expansion of its enterprise services aimed at dismantling one of the final barriers to widespread adoption of phishing-resistant security: deployment complexity. At the RSA Conference, the company unveiled new enrollment services for its YubiKey as a Service platform, specifically designed to streamline how large organizations provision and manage hardware security keys, with a focus on Microsoft and PingID environments.

The move introduces a suite of tools, including a new mobile app and a software development kit (SDK), that directly addresses the long-standing logistical challenges that have often slowed the rollout of hardware-based multi-factor authentication (MFA). By simplifying the process for IT and even non-technical staff like HR, Yubico is making a strategic push to accelerate the enterprise transition away from vulnerable passwords and toward a more secure, passwordless future.

“As cyber attacks become more sophisticated, organizations are increasingly seeking faster ways to eliminate passwords and protect users from phishing-based credential theft,” said Albert Biketi, chief product and technology officer at Yubico. “The expansion of YubiKey as a Service – with these new Enrollment service options – makes it easier for IT or business line managers to easily enroll and recover YubiKeys for their users. It also gives organizations the flexibility to integrate YubiKey deployment directly into their existing workflows – fast-tracking passwordless adoption and strengthening security across the enterprise.”

From Logistical Hurdle to Streamlined Workflow

For years, Chief Information Security Officers (CISOs) and IT administrators have faced a difficult trade-off. While hardware security keys like the YubiKey are widely regarded as the gold standard for preventing account takeovers, deploying them across an organization of thousands—often globally distributed—has been a daunting operational task. The process often involved manual configuration, complex shipping logistics, and extensive IT support for end-users, creating a significant barrier to adoption.

Yubico’s new offerings are designed to methodically break down these barriers. The expanded YubiKey as a Service now presents a flexible, three-tiered approach to enrollment:

• FIDO Pre-reg: A fully managed, turnkey service where YubiKeys are factory-programmed for specific users and shipped directly to them. This "white glove" service, now in Early Access for Microsoft customers and generally available for Ping Identity, Okta, and Versasec, means employees can receive a key that works out of the box for passwordless login from day one, drastically reducing IT intervention.
• YubiKey as a Service - Enroll App and SDK: This is the centerpiece of the new announcement. The new 'Enroll' app, currently in limited early access for Android, empowers IT staff, help desks, or even HR teams during onboarding to quickly and securely program YubiKeys for users on-site. The accompanying SDK is even more powerful, allowing enterprises to embed the enrollment and key management functionality directly into their own internal applications and portals, creating a seamless, branded experience.
• YubiEnroll: For scenarios requiring rapid, ad-hoc enrollment, Yubico offers a free command-line tool. This allows technically proficient teams to program keys on demand, providing a crucial option for regions where logistics services are challenging or for immediate deployment needs.

This multi-faceted strategy effectively transforms YubiKey deployment from a centralized, often cumbersome IT project into a distributed, flexible workflow. By empowering different teams to handle enrollment, the company aims to reduce the total cost of ownership and accelerate the return on investment by cutting down on help desk tickets related to password resets and phishing incidents.

A Decisive Strike in the War on Phishing

The timing of this announcement is critical. Phishing attacks continue to grow in sophistication, bypassing traditional MFA methods like one-time codes sent via SMS or push notifications. This has led to a broad industry consensus, supported by government bodies and cybersecurity frameworks like NIST, that phishing-resistant MFA—primarily through hardware-backed standards like FIDO2—is the most effective defense.

While competitors like Okta, with its FastPass, and Cisco Duo promote their own forms of phishing-resistant authentication, Yubico’s advantage has always been its dedicated hardware. The challenge was never the effectiveness of the key itself, but making it easy for enterprises to get it into the hands of every employee. This expansion directly addresses that challenge. By simplifying deployment, Yubico is not just selling a product; it is enabling a fundamental security posture shift at an enterprise scale.

The new services ensure end-to-end encrypted enrollment, protecting key configuration data from interception. Furthermore, the platform provides full visibility and auditing capabilities, allowing organizations to track enrollment and activation events for compliance and security oversight. This combination of ironclad hardware security with simplified, auditable management workflows presents a compelling case for organizations looking to close the door on phishing-based credential theft for good.

Weaving a Tighter Web of Identity Security

Perhaps the most strategic aspect of this launch is the deep integration with major Identity and Access Management (IAM) platforms, specifically Microsoft Entra ID and PingOne PingID. These platforms form the backbone of identity for millions of enterprise users. By tailoring its enrollment services for these ecosystems, Yubico is positioning the YubiKey not as a peripheral security gadget, but as a foundational component of modern enterprise identity architecture.

The introduction of an SDK is particularly noteworthy. It signals a move beyond a one-size-fits-all approach, inviting enterprises to weave YubiKey functionality directly into the fabric of their operations. An organization could, for example, build a YubiKey provisioning step directly into its HR onboarding software or integrate key recovery into its existing IT self-service portal. This level of customization and integration is crucial for large enterprises that have already invested heavily in their own internal systems and workflows.

This ecosystem-centric approach ensures that Yubico remains a vital partner even as IAM giants like Microsoft and Okta build out their own passwordless solutions. Instead of competing directly on the platform level, Yubico is reinforcing its position as the provider of the most secure authentication factor that can plug into any major platform. As enterprises move towards a hybrid, multi-cloud world, this interoperability and ease of integration become paramount, ensuring that strong, hardware-backed security can be consistently applied across all applications and services. The ability to securely reset and reassign keys also addresses the full lifecycle of an employee, making the entire system more sustainable and manageable in the long term.

This strategic enhancement to its service portfolio demonstrates a keen understanding of the enterprise market, where security efficacy must be balanced with operational reality. By solving the deployment puzzle, Yubico is making its gold-standard security more accessible than ever, pushing the entire industry closer to a truly passwordless and phishing-resistant state.