How Many Passkeys Can a YubiKey Hold?
Learn how many passkeys a YubiKey can hold, including details on YubiKey storage capabilities, WebAuthn, and optimal usage for secure passkey management.
Vincent
Created: August 22, 2024
Updated: December 19, 2025
How Many Passkeys Can a YubiKey Hold?#
A YubiKey 5 Series with firmware 5.7+ can hold up to 100 discoverable credentials (AKA hardware-bound passkeys). Other YubiKey models and configurations might store fewer passkeys (many older models supported around 25 resident credentials). These passkeys are used for secure passwordless authentication via WebAuthn.
- The latest generation of YubiKeys (models with firmware 5.7+) can store up to 100 passkeys (discoverable credentials).
- Storage capacity depends on the YubiKey model and configuration.
- Proper management of YubiKey passkeys ensures optimal security.
Understanding YubiKey Passkey Storage#
YubiKeys are hardware security keys used to authenticate users securely via protocols like WebAuthn. They are increasingly popular as part of a move towards passwordless authentication, providing a secure, phishing-resistant alternative to traditional passwords.
Discoverable Credentials (Passkeys)#
Discoverable credentials (previously resident keys), commonly referred to as passkeys, are stored directly on the YubiKey. These credentials are vital for passwordless authentication, allowing the user to authenticate without needing to input a password. Instead, they use the stored passkey in conjunction with their YubiKey.
-
Storage Capacity: YubiKey models with firmware 5.7+ can store up to 100 discoverable credentials. This limit is largely due to the YubiKey's internal memory and security architecture, which prioritizes security over storage capacity. Once the limit is reached, you cannot store additional passkeys without deleting existing ones.
-
YubiKey Models: The storage capacity can vary depending on the YubiKey model and the firmware it runs. Many older models and firmware versions documented support for around 25 resident/discoverable credentials; FIPS and other specialized variants may have different limits.
-
Usage Considerations: For most users, 100 passkeys are more than sufficient, as they typically correspond to 100 different services or accounts. However, if a user manages more than 100 accounts requiring passkey authentication, they may need to use multiple YubiKeys or selectively choose which accounts to secure with a passkey. We expect the need for larger YubiKeys to grow pretty quick once more and more services roll out passkeys.
Best Practices for Managing Passkeys on YubiKeys#
Proper management of your passkeys on YubiKeys ensures that you maximize the device's utility while maintaining security:
- Device lifecycle: YubiKey firmware is not user-upgradable; firmware is set at manufacturing. If you need features that require newer firmware, obtain a YubiKey manufactured with that firmware or a newer model.
- Multiple YubiKeys: Consider using multiple YubiKeys if you manage a large number of accounts requiring passkeys. This approach provides redundancy and additional storage capacity.
Share this article
