YubiKey Technical Manual — YubiKey Technical Manual documentation (2024)

FAQs

What is the best practice for YubiKey? ›

Best practice is to have multiple YubiKeys set up for your accounts. One on your keychain, or one in your wallet, or one in a safe place at home will help to make sure you've always got a backup YubiKey nearby.

A Yubico OTP (one-time password) is a unique 44-character string that is generated by the YubiKey when it is touched (while plugged into a host device over USB or Lightning) or scanned by an NFC reader.

Check to see if the YubiKey's LED is lit - if not, the YubiKey may not be receiving power. The issue may be as simple as the YubiKey is inserted upside down for USB-A connectors. Alternatively, the USB port may not be functioning correctly - if that is the case, try on a different USB port or computer.

To manually add the secret key, select Add account manually, then enter the credential name, and type the secret key that you previously saved as a backup. Step 7: On the web page, click Next. You have successfully configured your YubiKey for authenticator codes!

If it's your first time using a YubiKey and you're used to Touch ID, we suggest using the Nano key and leaving it plugged in. If you're working from home, you can leave it plugged in.

It is costly to design, mould, manufacture, sell and support a hardware product, even something as small as this. Since you don't want your 2FA company to go out of business there is good value in knowing they have a stable business model that can actually support a company rather than just burning capital.

A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites. Portability: I have a smartphone, a work laptop, a home laptop, and a home desktop. My Yubikey has USB and NFC, so it can trivially be used with all of them.

While YubiKey is designed to be secure, it is not immune to attacks. There have been instances where YubiKeys have been hacked or compromised. Common attack vectors on hardware keys include physical attacks, side-channel attacks, and firmware vulnerabilities.

Credentials and PIN Codes

The YubiHSM Auth application can store up to 32 YubiHSM Auth credentials in the YubiKey.

Does YubiKey work without Internet? ›

Can YubiKey work without internet? All the places/applications you'll be required to use your YubiKey will be unavailable without internet access, so you would already need internet access before needing your YubiKey.

A YubiKey supports an unlimited number of accounts with both WebAuthn and U2F protocols. If you're using your hardware key for TOTP, you can only hold 32 accounts.

General information. The default PIN code is 123456. The default PUK code is 12345678. The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708.

So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can't create a backup YubiKey, you can always contact Yubico to get a replacement key.

Insert YubiKey & tap

On a computer, insert the YubiKey into a USB-port and touch the YubiKey to verify you are human and not a remote hacker.

The YubiKey 5 FIPS certified security keys meet the highest level of assurance (AAL3) of the new NIST SP800-63B guidelines.

The Yubico YubiKey 5 NFC is an exceptional two-factor authentication device that provides an additional layer of security to protect your digital identity. This compact and versatile key has become an integral part of my online security strategy, and I am thoroughly impressed with its performance and reliability.

Where to store your spares. When your spares arrive, make sure to keep them somewhere safe but accessible – like in a wallet, file cabinet, or personal safe. If you choose to stay with one YubiKey, that's fine, but be careful not to lose or misplace it. If you do, you may be without access to your accounts for a while.