Yubico Unveils Post-Quantum Crypto & Digital ID Breakthroughs

At the recent Authenticate conference, Yubico showcased groundbreaking prototypes for Post-Quantum Cryptography (PQC) and introduced expanded capabilities for digital identity management. These developments highlight the company’s ongoing commitment to advancing secure authentication technologies. As passkeys become more widely adopted, Yubico’s new features demonstrate how this technology can do much more than simply replace passwords, offering robust protection for digital identities and enabling large-scale encryption.

A significant new feature allows passkeys to be used for more than just logging in. This innovation enables credential signing processes directly from a YubiKey within a standards-based digital wallet. Essentially, users can leverage the same trusted security foundation that provides phishing-resistant logins to also authorize and sign other sensitive transactions.

The advantages of this new functionality are substantial. Developers gain the flexibility to create richer, high-assurance user experiences without needing to build new authentication systems from the ground up. For the end-user, the process remains wonderfully simple, the same familiar action with the same physical key provides enhanced security without requiring them to learn new behaviors. This approach also improves privacy by ensuring that sensitive operations are tied directly to a physical device that remains under the user’s personal control.

Stina Ehrensvärd, Yubico’s co-founder, recently elaborated on how passkeys and verifiable credentials can work together synergistically rather than competing with one another. This vision is being realized through Yubico’s partnership with Sunet, GUNet, SURF, and the non-profit SIROS Foundation to develop and enhance wwWallet, which represents the first passkey-enabled digital identity wallet designed specifically for web use.

The company also presented an early prototype demonstrating post-quantum signatures operating on a hardware security key. While the user experience remains straightforward, touch the device, generate a signature, and continue with your task, the underlying cryptographic technology is engineered to resist potential future attacks from quantum computers.

During the demonstration, Yubico emphasized several crucial points about the current state of post-quantum cryptography. Standards development within organizations like FIDO and IETF is progressing steadily, though significant work remains beyond simply creating signatures, including improvements to PIN protocols, attestation methods, registration user experiences, and creating crypto-agile infrastructure. The prototype serves as a proof of concept showing technical feasibility and performance direction rather than representing an imminent product release. Importantly, new hardware will be necessary since post-quantum algorithms require substantially more memory than what is available on current security keys.

These technological advances open the door to numerous practical applications. High-assurance approvals for sensitive operations, such as code deployments, financial transactions, key management system rotations, or zero-trust policy changes, can be authorized with a simple tap of a YubiKey. The privacy-preserving architecture ensures that decryption occurs locally on user-controlled devices rather than in opaque cloud environments. Additionally, the combination of verifiable credentials with passkeys creates a powerful synergy, while passkeys confirm control of an authenticator, verifiable credentials can prove specific attributes about an individual (like employment status or citizenship) without revealing unnecessary personal information. The elegance lies in having a single hardware key that supports both strong authentication and selective disclosure through the same simple action.

Christopher Harrell, Yubico’s Chief Technology Officer, commented on the importance of measured progress in cryptographic transitions. “The industry’s ongoing commitment to crypto-agility is absolutely vital. Implementing Post-Quantum Cryptography across protocols and products will understandably take time, but this deliberate approach represents a strength rather than a weakness. History has repeatedly shown that rushing cryptographic transitions rarely ends well in security contexts.”

The demonstrations at the Authenticate conference received enthusiastic feedback from attendees, many of whom noted that seeing post-quantum authentication in practice transformed theoretical discussions into something concrete and tangible.

Harrell further elaborated on the evolution of security paradigms. “We’re witnessing a fundamental shift from simply proving knowledge of a password to demonstrating possession and intent, and increasingly to proving just enough about oneself while maintaining privacy. Hardware-backed credentials continue to represent the most reliable method for achieving this delicate balance at scale. Our fundamental mission remains making the strongest security option simultaneously the easiest option across login processes, approval workflows, and identity-rich scenarios.”

Yubico continues to drive innovation in cybersecurity with its hardware authentication solutions, helping to create a safer internet experience for users worldwide.

(Source: ITWire Australia)