What is a YubiKey?
A YubiKey is a security token that enables users to add a second authentication factor to online services from tier 1 vendor partners, including Google, Amazon, Microsoft and Salesforce. A YubiKey, which stands for ubiquitous key, looks like a USB thumb drive.
YubiKeys are available from hardware security vendor Yubico.
How do you use a YubiKey?
To use YubiKeys, end users register their security token with the online services they want to protect. Once registered, they enter their username and password as usual the next time they visit the service provider's website. They are then prompted by the service's security settings to insert their YubiKey token and press a button on the token to send a second authentication factor to the service. If users lose or forget their YubiKey, they are given the opportunity to answer a security question to provide the required two-factor authentication (2FA).
YubiKeys available include the Security Key, YubiKey 5 series, FIPS series and YubiHSM 2. Potential customers can take a short quiz on Yubico's website to help them decide which YubiKey series is ideal for their use cases.
Authentication protocols that a YubiKey supports
A YubiKey supports one-time passwords (OTPs), Universal 2nd Factor authentication, Fast Identity Online (FIDO) protocols and public-key encryption. A YubiKey also supports the near-field communication protocol. This enables Android phone users to tap their YubiKey against their phone for 2FA.
A YubiKey also supports the following:
- OATH -- HOTP. Upon an event, generates a six- to eight-character OTP for services that supports OATH -- HOTP.
- OATH -- TOTP. Around every 30 seconds, generates a six- to eight-character OTP for services that supports OATH -- TOTP.
- Static passwords. Generates a 38-character static password for any application login.
- OpenPGP. Is a standards-based public key cryptography that can sign in, encrypt and decrypt emails, files and texts.
- PIV-compatible smart cards. Can broker data exchanges and are based on the Personal Identity Verification (PIV) card interface.
- Challenge and response. Can be used for offline validations.