Trust Panda has opened a New Zealand operation in Auckland and will hold local YubiKey stock for companies and government buyers.
The move gives the identity security specialist a local New Zealand entity after building its YubiKey business in Australia, the United States and Europe. Until now, many New Zealand customers have been importing the hardware security keys or buying them through general IT distributors.
The Auckland operation will stock the full Yubico range, including the YubiKey 5 Series, YubiKey Bio Series, YubiKey Security Key Series and YubiHSM 2. Trust Panda will sell to individual buyers, small and medium-sized businesses, and larger enterprises and public sector customers, with support for larger rollouts.
The company focuses on identity and cybersecurity rather than broad IT distribution. It says that specialisation helps customers with product selection, deployment planning and integration with identity systems such as Microsoft Entra ID, Okta and Google Workspace.
Trust Panda is a Yubico Gold and Ecommerce Partner and operates local entities in New Zealand, Australia, the United States and Europe. It also holds ISO 27001 certification.
Group managing director and chief executive Allan Dall said the New Zealand launch follows repeated demand from local customers for a specialist supplier with stock in the country.
"We've spent years building our YubiKey practice across Australia, the US, and Europe, and we kept hearing the same thing from New Zealand customers - they wanted a dedicated local supplier who actually knew the product," Dall said.
"Trust Panda New Zealand changes that. We have stock on the ground in Auckland, a local entity buyers can transact with, and the same depth of YubiKey expertise we've built across our other markets."
Local Demand
The launch comes as organisations in New Zealand face closer scrutiny of authentication controls and growing concern over phishing attacks. Hardware-based security keys are drawing increasing attention as businesses and agencies seek stronger forms of multi-factor authentication than text messages or app prompts.
New Zealand's Information Security Manual, published by the National Cyber Security Centre under the Government Communications Security Bureau, requires multi-factor authentication for privileged account access and calls for controls that match system risk profiles. That has added pressure on agencies and suppliers to review how staff and administrators log in to critical services.
At the same time, security specialists warn that phishing techniques are becoming harder for staff to spot, particularly when criminals use automation and artificial intelligence tools to create convincing messages and fake login pages. That has increased interest in phishing-resistant methods that tie authentication to a legitimate domain rather than to a code that can be stolen or approved by mistake.
Trust Panda says YubiKeys are designed to address that problem through cryptographic authentication. The YubiKey 5 Series supports protocols including FIDO2, WebAuthn, Smart Card (PIV) and OTP, while the YubiKey Bio Series adds fingerprint-based login for organisations moving towards passwordless access.
"YubiKey is not a commodity product - choosing the right key for your device mix and identity platform, and deploying it correctly, makes a real difference to both security outcomes and user experience," Dall said.
"We've done this across hundreds of deployments in multiple countries. That experience is what we're bringing to New Zealand customers, whether they're a sole trader securing a handful of accounts or a government agency rolling out across a large team."
Market Gap
For Trust Panda, the New Zealand operation is also a bet that there is room for a more specialist route to market in identity security. Larger IT distributors can provide broad product access, but buyers often need advice on compatibility with laptops, mobile devices and identity software before ordering hardware keys at scale.
Local inventory also matters, particularly for organisations replacing weaker forms of authentication under time pressure or incorporating security keys into broader access management projects. Holding stock in Auckland should shorten delivery times for domestic buyers and reduce some of the complications that come with cross-border purchasing.
Dall said the shift in the threat landscape is forcing organisations to rethink what counts as adequate authentication.
"The threat environment has changed fundamentally. AI has made phishing attacks faster, cheaper, and more convincing than ever before, and the traditional SMS or app-based MFA that most organisations rely on simply wasn't designed to withstand that level of sophistication."
"A YubiKey stops phishing attacks cold - it doesn't matter how good the fake login page looks, because the key's cryptographic response is bound to the legitimate domain. That's the standard New Zealand organisations should be moving toward, and we're here to help them get there."