How Many Passkeys Can a YubiKey Hold?
Learn how many passkeys a YubiKey can hold, including details on YubiKey storage capabilities, WebAuthn, and optimal usage for secure passkey management.
How Many Passkeys Can a YubiKey Hold?#
A YubiKey 5 Series with firmware 5.7+ can hold up to 100 discoverable credentials (AKA hardware-bound passkeys). Other YubiKey models and configurations might store fewer passkeys (many older models supported around 25 resident credentials). These passkeys are used for secure passwordless authentication via WebAuthn.
Understanding YubiKey Passkey Storage#
YubiKeys are hardware security keys used to authenticate users securely via protocols like WebAuthn. They are increasingly popular as part of a move towards passwordless authentication, providing a secure, phishing-resistant alternative to traditional passwords.
Discoverable Credentials (Passkeys)#
Discoverable credentials (previously resident keys), commonly referred to as passkeys, are stored directly on the YubiKey. These credentials are vital for passwordless authentication, allowing the user to authenticate without needing to input a password. Instead, they use the stored passkey in conjunction with their YubiKey.
-
Storage Capacity: YubiKey models with firmware 5.7+ can store up to 100 discoverable credentials. This limit is largely due to the YubiKey's internal memory and security architecture, which prioritizes security over storage capacity. Once the limit is reached, you cannot store additional passkeys without deleting existing ones.
-
YubiKey Models: The storage capacity can vary depending on the YubiKey model and the firmware it runs. Many older models and firmware versions documented support for around 25 resident/discoverable credentials; FIPS and other specialized variants may have different limits.
-
Usage Considerations: For most users, 100 passkeys are more than sufficient, as they typically correspond to 100 different services or accounts. However, if a user manages more than 100 accounts requiring passkey authentication, they may need to use multiple YubiKeys or selectively choose which accounts to secure with a passkey. We expect the need for larger YubiKeys to grow pretty quick once more and more services roll out passkeys.
Best Practices for Managing Passkeys on YubiKeys#
Proper management of your passkeys on YubiKeys ensures that you maximize the device's utility while maintaining security:
- Device lifecycle: YubiKey firmware is not user-upgradable; firmware is set at manufacturing. If you need features that require newer firmware, obtain a YubiKey manufactured with that firmware or a newer model.
- Multiple YubiKeys: Consider using multiple YubiKeys if you manage a large number of accounts requiring passkeys. This approach provides redundancy and additional storage capacity.
About Corbado
Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →
Share this article
Table of Contents
Related Terms
Related Articles
