Research shows that attackers can bypass fingerprint sensors on some devices with as high as an 80 percent success rate.
The Yubico Validation Server contains a pair of vulnerabilities, one of which allows the replay of one-time passwords.
A review of the SoloKey firmware found a serious downgrade attack flaw, which an attacker could use to install an older, vulnerable version. The bug has been fixed.
OpenSSH has added support for hardware security keys that implement the U2F standard.
A proposal that would standardize the format of SMS messages being used in two-factor authentication schemes has a simple goal: make users relying on those one-time passcodes less susceptible to phishing attacks.