

Yubico Brings NFC Passkey Authentication To Android Users
NFC passkey authentication has become more accessible for Android users following a major update from Google. Yubico has welcomed Google’s latest update to Google Play Services, which supports account authentication through NFC security keys using CTAP2 on Android 9 and later. The update gives Android users broader access to hardware-backed, phishing-resistant authentication through NFC-enabled FIDO2 security keys, including YubiKeys.
A New Tool For Seamless NFC Passkey Authentication
To support this shift, Yubico has released the YubiKey Passkey Enabler. This new Android Credential Provider makes passkey registration and authentication with YubiKeys more seamless across Android devices. Passkeys remove many weaknesses tied to passwords and legacy multi-factor authentication. However, enterprise adoption depends on employees using them easily across every device they own.
“Passkeys are one of the most important shifts in digital identity, but security only works when people can actually use them,” said Geoff Schomburgk, Vice President, Asia Pacific and Japan, Yubico. “Google’s expanded support for NFC-enabled FIDO2 security keys on Android is a major step forward for the ecosystem. With YubiKey Passkey Enabler, available from Google Play Services, organisations can now deliver a more intuitive Android passkey experience while raising the security bar with hardware-backed, phishing-resistant authentication.”
How YubiKey Passkey Enabler Delivers NFC Passkey Authentication
The YubiKey Passkey Enabler runs on the Android Credential Manager Provider API and Yubico’s YubiKit SDK. The app bridges the gap between strong hardware-backed security and everyday usability, and it helps users complete passkey registration and authentication with fewer barriers.
Enterprise IT teams can centrally deploy and configure the app using Mobile Device Management software. This lets them roll out a consistent, high-assurance authentication workflow across Android fleets without burdening end users with manual configuration.
Key Features Of The YubiKey Passkey Enabler
- Passkey configuration: The app guides users to the correct Android settings to enable passkey providers and update the preferred service to YubiKeys.
- Always ask for PIN: With this option enabled, users only tap the YubiKey once instead of twice, creating a smoother experience.
- Temporary PIN support: New YubiKey owners can change their PIN on first use, over either USB or NFC.
- PIN complexity: The app reads PIN complexity settings from the YubiKey firmware and guides the user accordingly.
- Antenna hints: Since NFC antenna placement varies by phone manufacturer, the app shows users exactly where to tap their YubiKey.
- MDM support: Corporate IT administrators can deploy correct configuration settings so end users simply use their YubiKeys.
Strengthening Protection Against Phishing
Passkeys resist phishing and adversary-in-the-middle attacks because each credential cryptographically binds to the website’s origin. A passkey, therefore, cannot be used on a lookalike or proxy site. The YubiKey Passkey Enabler reinforces this protection by verifying the authenticating user before any signing occurs.
For browser-based requests, the app only accepts requests from trusted browsers and checks that the website’s origin matches the relying party ID. For native Android apps, the provider uses Digital Asset Links to confirm the calling app is authorised by the relying party. If verification fails, the system rejects the request before any cryptographic operation takes place.
Availability
The YubiKey Passkey Enabler supports current YubiKeys, including the YubiKey 5 Series, Security Key Series, YubiKey 5C NFC Series, YubiKey 5 FIPS Series, and YubiKey Bio Series. It is available now for Android users and enterprise deployments.
Stay Informed With Cyber News Live
Cyber threats are constantly evolving, and staying informed is critical to protecting your organization. Follow Cyber News Live for the latest cybersecurity news, threat intelligence, expert analysis, and practical guidance to help strengthen your cyber defenses.
