Mobile devices have unique challenges which have prevented solutions designed for desktops and laptops from being easily applied. However, mobile devices, from smartphones to tablets, represent a significant and growing percentage of endpoints which need to be secured.
To address and secure mobile services and environments, Yubico has developed a range of solutions for Android and iOS, to enable the same high level of security enjoyed on desktops and servers on mobile platforms, without imposing additional user friction. These offerings include both hardware compatible with iOS and Android devices, such as the YubiKey 5C, the YubiKey 5Ci, and the YubiKey 5 NFC as well as SDKs for both iOS and Android to make it straightforward to enable advanced authentication on mobile apps. With these SDKs and customers with YubiKeys, all of the authentication protocols available on a desktop can be applied in the mobile space, from One-Time Passwords (OTP) to WebAuthn.
When adding support for any authentication protocol, selecting the best YubiKey user experience is key to keep in mind. There are two methods for a user to authenticate to a mobile devices with a YubiKey using the native browsers and/or platform SDKs provided by Yubico:
Wirelessly (NFC) - Using NFC, users can have a “tap to Authenticate” flow with a YubiKey 5 NFC, essentially touching their NFC enabled YubiKey devices to their mobile platform when prompted. The user friction is minimized, but the drawbacks include limitations to the number of devices supporting NFC, as the iPad line and other tablets do not support it. Further, iOS support for WebAuthn is limited over NFC, preventing an identical user experience.
Pros:
Quick and easy user experience
User’s tap doubles as an expression of intent to authenticate
Cons:
Not supported on iPads
Poor NFC antennas can impact user experience
WebAuthn support on iOS is in development (more)
Ideal for:
OTP
OATH-TOTP
FIDO U2F
Direct Connect (USB-C or Lightning) - Using a YubiKey 5C or YubiKey 5Ci plugged in directly to a mobile device to authenticate. Using a direct connection, the YubiKey can be used in the same manners as with a desktop or laptop, including support for a user touch to verify an authentication event. However, as the YubiKey does need to be plugged into a mobile device to function, it adds more friction to the user flow - but this can be a positive when using a feature which requires a longer session, such as a PIV smart card.
Pros:
Supported on all mobile platforms
Ideal for longer authentication sessions
Cons:
Can be cumbersome experience
Requires a YubiKey with correct connector
Ideal for:
PIV
OpenPGP
WebAuthn