Regtech HYPR and Yubico have been focused on the mission to eliminate passwords and enhance identity security. Yubico’s push for FIDO-certified hardware authenticators and HYPR’s role as part of the FIDO Alliance mission to reduce the reliance on passwords have brought workers and clients into the so-called era of modern authentication.
As enterprise adoption of YubiKeys continues, HYPR and Yubico are pleased to announce updates that aim to help enterprises to validate that the employees receiving or using their YubiKeys are “assured to the highest levels of identity verification.”
HYPR Affirm, an identity verification orchestration product, now integrates directly with Yubico’s provisioning capabilities, “enabling organizations to verify, provision, and deploy YubiKeys to their distributed workforce with confidence that each key is used by the right, verified individual.”
Security professionals tend to routinely purchase YubiKeys by the hundreds or thousands, only to confront a challenge: securely provisioning “those keys to a remote or hybrid workforce quickly and verifiably.”
Manual processes, from shipment tracking to “recipient activation, are no longer adequate for modern security.”
The current setup reportedly lacks the vital identity assurance needed “to withstand today’s threats.”
Even advanced hardware security keys are “compromised if it’s issued or activated by an unverified individual.”
What’s needed is not just faster fulfillment, but “a secure, automated bridge that links verified identity directly with hardware credentialing.”
Enterprises can now link a verified human identity “to a hardware-backed, phishing-resistant credential before a device is shipped.”
Yubico provisions a pre-registered FIDO credential “to the YubiKey, binds it to the organization’s identity provider (IdP), and ships the key directly to the end user – no IT or security team intermediation required.”
The user receives a key that’s ready to activate in minutes – “no shared secrets over insecure communications, no guesswork, zero gaps of trust.”
This approach streamlines operations while maintaining Yubico’s standard hardware security and user experience.
To activate a YubiKey, HYPR Affirm verifies that the “intended user is, in fact, the right individual through high-assurance identity verification that incorporates orchestration capabilities that include options such as government ID scanning, facial biometrics with liveness detection, location data, and can even include live video verification with peer-based attestation.”
Policy settings can be “grouped by role & responsibility.”
Once verified, the user is issued a PIN to activate “the pre-registered, phishing-resistant credential on the YubiKey, linked to the organization’s identity provider.”
When the user receives their key, “activation is simple and immediate.”
The result is an end-to-end, verifiable trust chain that gives IT, security, compliance teams the assurance:
- The YubiKey was issued to a verified user.
- The credential was provisioned securely and cannot be intercepted.
- An auditable record ties the verified identity to the hardware-backed credential.
This is said to be built and suited for the real world.
Companies that acquire 100, 1,000, or 10,000 keys then need to “deploy them across regions, time zones, and employment types.”
By anchoring every key to a verified user before it actually ships, organizations are able to significantly “reduce failed enrollments, eliminate back-and-forth helpdesk tickets, and accelerate time-to-protection for global teams.”
Implementing automated identity verification checks into the YubiKey provisioning process “streamlines initial deployment, but the same model applies after initial rollout.”
When a new employee is being onboarded, or a key is lost, damaged, or reassigned, HYPR Affirm is able to “re-verify identity at the moment of risk, and Yubico can provision a replacement credential with the same tight linkage between proofing and issuance.”
This reduces social-engineering exposure “during high-risk helpdesk moments and keeps lifecycle events as deterministic as day one.”
Yubico has now reportedly set the benchmark for hardware-backed, phishing-resistant authentication.
HYPR is extending that foundation to unlock identity assurance “at scale – ensuring every YubiKey is ready to protect access from day one.”
Together, they are trying to transform what has been a manual, trust-based process into a “verifiable, automated, and user-friendly standard for enterprise security.”