Secure YubiKey enrollment and recovery.

Yubico’s hardware security keys are widely regarded as one of the world’s most secure authentication factors. But if you don't know who, exactly, is activating or recovering an authentication credential, you can only assign so much trust to that credential.

Yubico and Nametag are partnering to close the ultimate security gap in phishing-resistant MFA. Yubico’s integration will leverage Nametag identity verification to verify that the person receiving, activating, or resetting a YubiKey or passkey is really who they claim to be.

Example Employee Onboarding Flow with Yubico + Nametag

1. During pre-onboarding, an automated IT workflow pre-registers a YubiKey linked to the new user’s account in the organization’s identity provider (IdP). The workflow then sends the employee a link to verify their identity before authorizing shipment of their YubiKey.
2. The user scans their government-issued ID and takes a selfie. Nametag verifies that they’re both a real person and the right person. The whole process takes under 30 seconds. Once verified, the automated IT workflow authorizes shipment of their YubiKey.
3. By the time the YubiKey arrives, it’s already tied to the employee’s verified identity. A quick selfie re-verification confirms the match, ensuring that each YubiKey is activated by the right person and ready to provide secure, trusted access from Day 1.

By combining Yubico’s hardware-based security keys and hardware-backed passkeys with Nametag’s workforce identity verification (IDV) engine, Deepfake Defense™, enterprises will be able to safely issue YubiKeys and passkeys remotely at scale, improving security while reducing manual work for IT and eliminating onboarding friction for new employees.

Learn more about Yubico's identity verification program and express your interest here.