HYPR and Yubico Deepen Partnership to Secure and Scale Passkey Deployment Through Automated Identity Verification

For years, HYPR and Yubico have stood shoulder to shoulder in the mission to eliminate passwords and improve identity security. Yubico’s early and sustained push for FIDO-certified hardware authenticators and HYPR’s leadership as part of the FIDO Alliance mission to reduce the world’s reliance on passwords have brought employees and customers alike into the era of modern authentication.

Today, that partnership continues to expand. As enterprise adoption of YubiKeys continues to accelerate worldwide, HYPR and Yubico are proud to announce innovations that help enterprises to further validate that the employees receiving or using their YubiKeys are assured to the highest levels of identity verification. 

HYPR Affirm, a leading identity verification orchestration product, now integrates directly with Yubico’s provisioning capabilities, enabling organizations to securely verify, provision, and deploy YubiKeys to their distributed workforce with full confidence that each key is used by the right, verified individual.

Secure YubiKey Provisioning for Hybrid Teams

Security leaders routinely purchase YubiKeys by the hundreds or thousands, only to confront a stubborn challenge: securely provisioning those keys to a remote or hybrid workforce quickly and verifiably.

Manual processes, from shipment tracking to recipient activation, are no longer adequate for modern security. The current setup, while seemingly robust, lacks the critical identity assurance needed to withstand today's threats. Even the most advanced hardware security key is compromised if it's issued or activated by an unverified individual. What’s needed is not just faster fulfillment, but a secure, automated bridge that links verified identity directly with hardware credentialing.

What YubiKey Provisioning with HYPR Affirm Delivers

Enterprises can now link a verified human identity to a hardware-backed, phishing-resistant credential before a device is shipped. Yubico provisions a pre-registered FIDO credential to the YubiKey, binds it to the organization’s identity provider (IdP), and ships the key directly to the end user - no IT or security team intermediation required. The user receives a key that’s ready to activate in minutes - no shared secrets over insecure communications, no guesswork, zero gaps of trust. This joint approach streamlines operations while preserving Yubico’s gold-standard hardware security and user experience.

How It Works: Pre-Register → Verify → Activate

The flow is seamless. To activate a YubiKey, HYPR Affirm verifies that the intended user is, in fact, the right individual through high-assurance identity verification that incorporates orchestration capabilities that include options such as government ID scanning, facial biometrics with liveness detection, location data, and can even include live video verification with peer-based attestation. Policy settings can be easily grouped by role & responsibility.
Once verified, the user is issued a PIN to activate the pre-registered, phishing-resistant credential on the YubiKey, linked to the organization’s identity provider. When the user receives their key, activation is simple, secure, and immediate.

The result is an end-to-end, verifiable trust chain that gives IT, security, and compliance teams the assurance that:

• The YubiKey was issued to a verified user.
• The credential was provisioned securely and cannot be intercepted.
• An auditable record ties the verified identity to the hardware-backed credential.

Scalable Remote Distribution and Faster Rollouts

This is built for the real world: companies that buy 100, 1,000, or 10,000 keys and need to deploy them across regions, time zones, and employment types. By anchoring every key to a verified user before it ships, organizations reduce failed enrollments, eliminate back-and-forth helpdesk tickets, and accelerate time-to-protection for global teams. 

Beyond Day One: Resets, Re-issues, and Role Changes

Implementing automated identity verification checks into the YubiKey provisioning process streamlines initial deployment, but the same model applies after initial rollout. When a new employee is being onboarded, or a key is lost, damaged, or reassigned, HYPR Affirm can re-verify identity at the moment of risk, and Yubico can provision a replacement credential with the same tight linkage between proofing and issuance. This reduces social-engineering exposure during high-risk helpdesk moments and keeps lifecycle events as deterministic as day one.

Building a Future of Trusted, Effortless Authentication

Yubico set the global benchmark for hardware-backed, phishing-resistant authentication. HYPR is extending that foundation to unlock identity assurance at scale - ensuring every YubiKey is ready to protect access from day one.

Together, we’re transforming what has traditionally been a manual, trust-based process into a verifiable, automated, and user-friendly standard for enterprise security.

From my perspective, this partnership represents something bigger than integration. It’s a proof point that security and simplicity can coexist at scale - and that’s what excites me most. We’re helping organizations move faster toward a passwordless future where verified identity and hardware-backed trust work seamlessly, everywhere.

Learn more about how HYPR and Yubico are redefining workforce identity and authentication for the modern era: Explore the Integration.

HYPR and Yubico FAQ

Q: What changes with this new HYPR and Yubico partnership?

A: Identity verification and YubiKey provisioning are now tightly connected, so each key is pre-registered to a user before shipment and is activated through identity verification upon arrival.

Q: How does this improve remote rollouts?

A: Enterprises can ship keys globally with proof that intended recipients are the ones who activate the device, reducing logistics friction and failed enrollments.

Q:  What compliance benefits does this provide?

A: The verified identity event is linked to the cryptographic credential, producing a clear audit trail and aligning with NIST 800-63-3’s assurance model (IAL for proofing, AAL for authentication) while enabling AAL3 from first use.

Q: Does this help with loss, replacement, or re-enrollment?

A: Yes. HYPR Affirm can trigger re-verification for high-risk events (like replacement or role change) before provisioning, reducing social-engineering risk and maintaining assurance over time. Yubico Enterprise Delivery allows organizations to seamlessly replace lost authenticators in a secure and simple workflow.

Q: What is the end-user experience like?

A: Receive a pre-registered YubiKey and activate with a simple identity verification. They log in with phishing-resistant passkeys - no passwords or complex setup.