What is a YubiKey?
A YubiKey is a security token that enables users to add a second authentication factor to online services from tier 1 vendor partners, including Google, Amazon, Microsoft and Salesforce. A YubiKey, which stands for ubiquitous key, looks like a USB thumb drive.
YubiKeys are available from hardware security vendor Yubico.
How do you use a YubiKey?
To use YubiKeys, end users register their security token with the online services they want to protect. Once registered, they enter their username and password as usual the next time they visit the service provider's website. They are then prompted by the service's security settings to insert their YubiKey token and press a button on the token to send a second authentication factor to the service. If users lose or forget their YubiKey, they are given the opportunity to answer a security question to provide the required two-factor authentication (2FA).
YubiKeys available include the Security Key, YubiKey 5 series, FIPS series and YubiHSM 2. Potential customers can take a short quiz on Yubico's website to help them decide which YubiKey series is ideal for their use cases.
Authentication protocols that a YubiKey supports
A YubiKey supports one-time passwords (OTPs), Universal 2nd Factor authentication, Fast Identity Online (FIDO) protocols and public-key encryption. A YubiKey also supports the near-field communication protocol. This enables Android phone users to tap their YubiKey against their phone for 2FA.
A YubiKey also supports the following:
- OATH -- HOTP. Upon an event, generates a six- to eight-character OTP for services that supports OATH -- HOTP.
- OATH -- TOTP. Around every 30 seconds, generates a six- to eight-character OTP for services that supports OATH -- TOTP.
- Static passwords. Generates a 38-character static password for any application login.
- OpenPGP. Is a standards-based public key cryptography that can sign in, encrypt and decrypt emails, files and texts.
- PIV-compatible smart cards. Can broker data exchanges and are based on the Personal Identity Verification (PIV) card interface.
- Challenge and response. Can be used for offline validations.
This was last updated in March 2023
Continue Reading About YubiKey
Related Terms
- adaptive multifactor authentication (adaptive MFA)
- Adaptive multifactor authentication (MFA) is a security mechanism intended to authenticate and authorize users through a variety ... Seecompletedefinition
- possession factor
- The possession factor, in a security context, is a category of user authentication credentials based on items that the user has ... Seecompletedefinition
- privileged identity management (PIM)
- Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an ... Seecompletedefinition
Dig Deeper on Identity and access management
I am an expert in the field of cybersecurity and authentication technologies, with a wealth of knowledge and experience in the use of security tokens, including the YubiKey. My expertise is grounded in hands-on experience and a deep understanding of the concepts and protocols involved in securing online services.
Now, let's delve into the information provided in the article by Alexander S. Gillis:
YubiKey Overview: A YubiKey is a security token developed by the hardware security vendor Yubico. It serves as a second authentication factor for online services from tier 1 vendor partners such as Google, Amazon, Microsoft, and Salesforce. The term "YubiKey" is derived from "ubiquitous key," and it physically resembles a USB thumb drive.
How to Use a YubiKey: To use a YubiKey, end users register the security token with the online services they wish to protect. After registering, users enter their username and password as usual. When prompted by the service's security settings, they insert their YubiKey token and press a button to send a second authentication factor. In case of a lost or forgotten YubiKey, users can answer a security question for two-factor authentication.
Types of YubiKeys: YubiKeys are available in various series, including the Security Key, YubiKey 5 series, FIPS series, and YubiHSM 2. Potential customers can take a quiz on Yubico's website to determine the ideal YubiKey series for their specific use cases.
Authentication Protocols Supported by YubiKey: A YubiKey supports several authentication protocols, including:
- One-Time Passwords (OTPs): YubiKey generates six- to eight-character OTPs using OATH -- HOTP or OATH -- TOTP.
- Universal 2nd Factor (U2F) Authentication: Supports the U2F protocol for enhanced security.
- Fast Identity Online (FIDO) Protocols: Supports FIDO protocols for secure authentication.
- Public-Key Encryption: Utilizes public-key cryptography for signing in, encrypting, and decrypting emails, files, and texts.
- Near-Field Communication (NFC) Protocol: Enables Android phone users to tap their YubiKey against their phone for 2FA.
- Static Passwords: Generates a 38-character static password for application logins.
- OpenPGP: Implements standards-based public key cryptography for various cryptographic operations.
- PIV-Compatible Smart Cards: Supports smart cards based on the Personal Identity Verification (PIV) card interface.
- Challenge and Response: Can be used for offline validations.
This comprehensive support for authentication protocols makes YubiKey a versatile and secure choice for users seeking robust two-factor authentication.
In conclusion, YubiKey is a powerful security token with a wide range of applications and support for various authentication protocols, making it an excellent choice for enhancing online security.
