Yubico Showcases Post-Quantum Cryptography & Digital Identity Innovation

23 October 2025 – Yubico, the leading provider of hardware authentication security keys, unveiled new Post-Quantum Cryptography (PQC) prototypes and expanded digital identity capabilities at the recent Authenticate conference, highlighting the company’s continued leadership in shaping the future of secure authentication.

Extending Passkeys Beyond Password Replacement

As passkeys continue to gain momentum globally, Yubico’s latest innovations demonstrate how the technology can go far beyond password replacement to secure digital identities and support encryption at scale.

On stage, Yubico previewed a new capability that extends passkeys beyond login to enable credential signing flows from a YubiKey inside a standards-based digital wallet. In simple terms, this means using the same root of trust relied upon for phishing-resistant login to also sign and authorise other sensitive actions.

Key benefits of this capability include:

• Ecosystem flexibility: Developers can build richer, high-assurance experiences without reinventing the authentication wheel.
• User simplicity: Same motion, same key, more secure, and no new habits to learn.
• Better privacy posture: Sensitive operations remain tied to a physical device under the user’s control.

Digital Identity Integration with wwWallet

Yubico’s co-founder, Stina Ehrensvärd, recently explored this concept further, explaining how passkeys and verifiable credentials reinforce each other rather than compete. This includes Yubico’s collaboration with Sunet, GUNet, SURF, and the non-profit SIROS Foundation to develop and enhance wwWallet, the first passkey-enabled digital identity wallet for the web.

Post-Quantum Cryptography Prototype Demonstration

Yubico also demonstrated an early prototype of post-quantum (PQ) signatures running on a hardware security key. While the experience for users remains simple, touch the device, produce a signature, and continue as usual, the underlying cryptography is designed to withstand potential future attacks from quantum computers.

During the demo, Yubico emphasised several key points:

• Standards progress is underway: FIDO, IETF, and other standards work is progressing, but there’s more to do beyond “make a signature” (think: PIN protocol, attestation, registration UX, and crypto-agile plumbing).
• Prototype ≠ product: The PQ demo shows feasibility and performance direction, not a shipment announcement.
• New hardware is required: PQ algorithms have bigger footprints; they don’t fit on today’s keys.

Real-World Applications for Enhanced Security

• High-assurance approvals: Approve sensitive or high-value actions such as pushing code, initiating a wire, rotating a KMS root, or approving a zero-trust policy change by simply tapping your YubiKey.
• Privacy-preserving design: Where decryption happens matters. Keep decryption local to user-controlled devices, not in opaque cloud environments.
• Digital Identity that complements passkeys: Verifiable credentials (VCs) and passkeys aren’t competitors. Passkeys prove you control your authenticator. VCs prove something about you (employment, citizenship, license) and can do so without oversharing. The magic is that a hardware key can cleanly support both strong authentication and selective disclosure in one familiar motion.

Industry Response and Future Outlook

“The industry’s ongoing commitment to crypto-agility is vital. Adopting PQC across protocols and products will take time, but that’s a strength, not a weakness. Rushing crypto transitions has never ended well in security history,” said Christopher Harrell, Chief Technology Officer at Yubico.

The response to Yubico’s Authenticate demonstrations was overwhelmingly positive, with attendees noting that seeing post-quantum authentication in action transformed abstract discussions into a tangible reality.

“Security is evolving from ‘prove you know a password’ to ‘prove possession and intent,’ and increasingly, ‘prove just enough about yourself with privacy intact.’ Hardware-backed credentials remain the most dependable way to achieve that balance at scale,” said Christopher Harrell. “Our mission is to make the strongest option the easiest option across login, approvals and identity-rich scenarios,” he concluded.

About Yubico

Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the internet safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication. We stop account takeovers and make secure login simple.

Since 2007, we’ve helped shape global authentication standards, co-created FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organisations in over 160 countries. It transforms how digital identity is protected from onboarding to account recovery.

Trusted by the world’s most security-conscious brands, governments, and institutions, YubiKeys work out of the box with hundreds of apps and services. They deliver fast, passwordless access without friction or compromise.

We believe strong security should never be out of reach. Through our philanthropic initiative, Secure it Forward, we donate YubiKeys to nonprofits supporting at-risk communities.

Dual-headquartered in Stockholm, Sweden, and Santa Clara, California, Yubico is proud to be recognised as one of TIME’s 100 Most Influential Companies. We’re also named one of Fast Company’s Most Innovative Companies. Learn more at www.yubico.com.

About Cyber News Live

Stay ahead of the cyber curve with Cyber News Live. We deliver real-time reporting, sharp threat intelligence, and educational content tailored for professionals, practitioners, and curious minds. From breaking breach alerts to deep dives on new attack vectors, our mission is simple. To make complex cyber topics clear and critical knowledge accessible to all.