Yubikey Bio FIDO Edition
Yubico’s fingerprint security key, FIDO only. No NFC.
Yubikey Bio FIDO Edition
Biometric Authentication
Allows or requires biometric authentication
CTAP 2.1
Supports CTAP 2.1, including features like enforced PIN complexity, credBlob, largeBlob, and alwaysUv
More Info
Management Application
Vendor provides applications that extend or configure the device
Android management application
Management application runs on Android smartphones with appropriate hardware (NFC, BLE, etc)
MacOS management application
Management application runs on MacOS
Windows management application
Management application runs on Windows
Resident Cryptographic Keys
Supports WebAuthn discoverable resident credentials, the building block of passkeys
More Info
Resident ECDSA keys
Supports ECDSA discoverable keys
Resident ED25519 keys
Supports ED25519 discoverable keys
Windows Hello
Supports logging in using Windows Hello
The Yubikey Bio FIDO Edition is Yubico’s fingerprint capacitive sensor token. It supports only FIDO2 and U2F, with no NFC, no YubiOTP, no PIV, no OpenPGP, and no static password slots. Fingerprint enrolment and management is handled through the Yubico Authenticator application.
If you need biometrics with the rest of the Yubikey 5 protocol stack, see the newer Yubikey Bio Multi-protocol Edition, which adds PIV smart card on top of FIDO2 and biometrics.
Fingerprint behaviour
The on key fingerprint sensor unlocks the device for FIDO2 user verification. If the sensor fails three times in a row, you can fall back to the device PIN. Up to five fingerprints can be enrolled per key.
EUCLEAK
The Bio FIDO Edition uses the same NXP A700x secure element family as the Yubikey 5, and so was originally in scope for the EUCLEAK disclosure. Yubikeys shipping on firmware 5.7 or higher contain the fix. See the Yubikey 5 entry for the full background.