YubiKey is a security token that allows users to add a second authentication factor to online services from tier 1 vendor partners, including Google, Amazon, Microsoft and Salesforce. YubiKey, which stands for ubiquitous key, looks similar to a USB thumb drive

To use YubiKey, the end user must first register their security token with the online services they want to protect. Once registered, they will enter their user name and password as usual the next time they visit the service provider's website. They will then be prompted by the service's security settings to insert their YubiKey token and press a button on the token to send a second authentication factor to the service. Should the user lose or forget their YubiKey, they will be given the opportunity to answer a security question to provide the required two-factor authentication (2FA) factor. 

Available YubiKeys include the Security Key, YubiKey 5 and FIPS series. Potential customers can take a short quiz on Yubico’s website, which can help them decide which series of Yubikey series will. Potential customers can also visit Yubico’s website to compare YubiKey products.

Authentication protocols that YubiKey supports

YubiKey supports one-time passwords, Universal 2nd Factor (U2F) authentication, Fast Identity Online (FIDO) protocols and public-key encryption. YubiKey also supports the near-field communication (NFC) protocol. This allows for Android phone users to tap their YubiKey against their phone for two-factor authentication.  YubiKey also supports:

  • OATH – HOTP - Which, upon an event, generates a six-eight character one-time password for services that supports OATH-HOTP.
  • OATH – TOTP - Which, around every 30 seconds, will generate a six-eight character one-time password for services that supports OATH-TOTP.
  • Static Passwords - Which generates a 38-character static password for any application log-in.
  • OpenPGP - Which is a standards-based public key cryptography that can sign in, encrypt and decrypt e-mails, files and texts.
  • PIV-Compatible Smart Card - Which can broker data exchanges and is based on the Personal Identity and Verification Card (PIV) interface.
  • Challenge and Response - Which can be used for offline validations.

How YubiKey works

Stina Ehrensvärd explains how YubiKey's decentralized approach to storing private keys with the service provider protects the end user and their data. 

This was last updated in May 2019

Continue Reading About YubiKey

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing