IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Yubico launches Android passkey enabler for YubiKeys

Yubico launches Android passkey enabler for YubiKeys

Tue, 7th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Yubico has launched YubiKey Passkey Enabler for Android devices, following a Google Play Services update that adds support for NFC security keys using CTAP2 on Android 9 and later.

The new Android Credential Provider is designed to simplify passkey registration and authentication with YubiKeys across mobile devices. The software is available for individual Android users and for corporate deployments managed by IT teams.

The release comes as companies push to replace passwords and older forms of multi-factor authentication with passkeys, which use cryptographic credentials tied to a specific website or application. Hardware-backed passkeys are seen as one way to reduce phishing risks, particularly when staff access services on mobile devices.

Google's update expands Android support for NFC-enabled FIDO2 security keys, including YubiKeys. Users can authenticate accounts with a tap-based security key on compatible Android handsets, rather than relying only on passwords, codes, or app-based prompts.

Yubico's new app is built on the Android Credential Manager Provider API and the company's YubiKit SDK. It supports passkey registration and authentication over USB and NFC, aiming to make it easier for users to set up and use a hardware security key on Android.

The app includes guidance on changing Android settings to enable passkey providers and select YubiKeys as the preferred service. It also offers an "Always ask for PIN" option intended to reduce the number of taps required during sign-in, temporary PIN support for new key ownership, PIN complexity guidance based on device firmware, and antenna location hints for different Android phone models.

For business customers, the software can be deployed and configured through mobile device management tools. That allows IT administrators to apply settings centrally so employees can use the keys without carrying out their own configuration.

Enterprise use

The app supports current YubiKey models, including the YubiKey 5 Series, Security Key Series, YubiKey 5C NFC Series, YubiKey 5 FIPS Series, and YubiKey Bio Series. It also enforces FIDO2 and CTAP2 standards and prioritises discoverable credentials and user verification.

Yubico is addressing a common challenge in passkey rollouts: making the experience consistent across devices used by staff. While passkeys have been promoted as a safer alternative to passwords, uptake in larger organisations has often depended on how easily employees can register, recover, and use credentials across laptops and phones.

Geoff Schomburgk, Vice President, Asia Pacific and Japan, Yubico, said the expanded Android support could help widen adoption.

"Passkeys are one of the most important shifts in digital identity, but security only works when people can actually use them," said Geoff Schomburgk, Vice President, Asia Pacific and Japan, Yubico. "Google's expanded support for NFC-enabled FIDO2 security keys on Android is a major step forward for the ecosystem. With YubiKey Passkey Enabler, available from Google Play Services, organisations can now deliver a more intuitive Android passkey experience while raising the security bar with hardware-backed, phishing-resistant authentication."

Verification checks

The software also adds checks on where authentication requests originate. For browser-based requests, the app accepts requests only from trusted browsers and verifies that the website origin matches the relying party ID.

For native Android applications, the provider uses Digital Asset Links to confirm that the calling app is authorised by the relying party. If verification fails, the request is rejected before any cryptographic signing takes place.

That matters because passkeys are intended to resist phishing and adversary-in-the-middle attacks. By binding each credential to a website's origin, a passkey should not work on a lookalike domain or a proxy site set up to harvest credentials.

The app is intended to preserve that protection by verifying the authenticating user before any signing occurs. In practice, Yubico is trying to remove some of the friction around Android setup while keeping the checks that determine whether a request is legitimate.

The release adds to broader efforts by platform providers and security vendors to make passkeys usable across different operating systems, browsers, and devices. On Android, support for NFC security keys could be particularly relevant for organisations that want staff to carry a separate authentication device rather than rely solely on credentials stored on a phone.

YubiKey Passkey Enabler is available now for Android users and enterprise deployments.