Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

YubiKey Bio security key adds fingerprint recognition to older Macs

Yubico has expanded its line of security keys with a biometric option, with YubiKey Bio adding fingerprint authentication to the hardware-based security device.

The YubiKey is a handly line of hardware security keys for protecting online accounts and services, as a form of multi-factor authentication that doesn't rely on 2FA codes. With YubiKey Bio, the company extends the concept into biometrics.

The first YubiKey to support fingerprint recognition, the key is able to perform passwordless second-factor logins to accounts. Intended for desktops, the device can be handy for Mac users wanting the benefits of biometric authentication on devices without it built in, such as the Mac mini or older Mac models without Touch ID, as well as for added security in general.

Taking the form of a thumb drive, the security key is available in USB-A and USB-C form factors, enabling it to be used on most desktop Macs and other computers. The battery-less device doesn't require drivers or specific software to be installed onto the host computer for it to work, with it said to integrate with existing management features in current operating systems.

In a similar way to how Apple uses the Secure Enclave to store biometric data, the YubiKey Bio uses a three-chip architecture to keep its fingerprint data stored on a separate secure element, for further protection from physical attacks. It also means the same biometric credentials can be used across multiple devices.

The key supports modern FIDO2/WebAuthn and U2F protocols, and works with Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory, Microsoft 365, Okta, and Ping Identity. It will also work with macOS, Windows, and ChromeOS operating systems, as well as Chrome, Edge, and Linux.

Available from Yubico directly, the YubiKey Bio costs $80 for the USB-A version, $85 for USB-C.



2 Comments

Monstieur 6 Years · 8 comments

This is not a full YubiKey 5 series. This "FIDO Edition" security key is limited to U2F and FIDO2. You still need a Yubikey 5 series if you need the other protocols like storing a static password (I use it to backup my 1Password account key) or certificates.
It also does not work with Windows Hello, unlike the TrustKey G310H / G320H which supports fingerprint authentication for U2F, FIDO2, and Windows Hello. The TrustKey models also cheaper ($55 vs 80) and is FIDO Level 2 certified.

Seviant 3 Years · 1 comment

Monstieur said:
This is not a full YubiKey 5 series. This "FIDO Edition" security key is limited to U2F and FIDO2. You still need a Yubikey 5 series if you need the other protocols like storing a static password (I use it to backup my 1Password account key) or certificates.

It also does not work with Windows Hello, unlike the TrustKey G310H / G320H which supports fingerprint authentication for U2F, FIDO2, and Windows Hello. The TrustKey models also cheaper ($55 vs 80) and is FIDO Level 2 certified.

Would this mean that on older Mac's, it doesn't fulfill Apple's Secure Enclave functionality for services that require it? Such as 1Password's "Unlock with Apple Watch" requirement that the device have Secure Enclave. 



Is there any other way of adding a T1, T2, etc. chip to older Macs to enable these types of features on other applications?

Strictly speaking from a consumers standpoint, it's unbelievable that Apple's "new" Touch ID Enabled Magic Keyboard contains all that's necessary to add this functionality to older Mac's, such as the ones that can run Big Sur or Monterey, but there was no effort in developing an inclusive device for older Mac's. At least create an ecosystem so developers can utilize, Unlock with Touch or Face ID, utilizing the users locally present iPad or iPhone.