What is a YubiKey?

A YubiKey is a security token that enables users to add a second authentication factor to online services from tier 1 vendor partners, including Google, Amazon, Microsoft and Salesforce. A YubiKey, which stands for ubiquitous key, looks like a USB thumb drive.

YubiKeys are available from hardware security vendor Yubico.

How do you use a YubiKey?

To use YubiKeys, end users register their security token with the online services they want to protect. Once registered, they enter their username and password as usual the next time they visit the service provider's website. They are then prompted by the service's security settings to insert their YubiKey token and press a button on the token to send a second authentication factor to the service. If users lose or forget their YubiKey, they are given the opportunity to answer a security question to provide the required two-factor authentication (2FA).

YubiKeys available include the Security Key, YubiKey 5 series, FIPS series and YubiHSM 2. Potential customers can take a short quiz on Yubico's website to help them decide which YubiKey series is ideal for their use cases.

Authentication protocols that a YubiKey supports

A YubiKey supports one-time passwords (OTPs), Universal 2nd Factor authentication, Fast Identity Online (FIDO) protocols and public-key encryption. A YubiKey also supports the near-field communication protocol. This enables Android phone users to tap their YubiKey against their phone for 2FA.

A YubiKey also supports the following:

  • OATH -- HOTP. Upon an event, generates a six- to eight-character OTP for services that supports OATH -- HOTP.
  • OATH -- TOTP. Around every 30 seconds, generates a six- to eight-character OTP for services that supports OATH -- TOTP.
  • Static passwords. Generates a 38-character static password for any application login.
  • OpenPGP. Is a standards-based public key cryptography that can sign in, encrypt and decrypt emails, files and texts.
  • PIV-compatible smart cards. Can broker data exchanges and are based on the Personal Identity Verification (PIV) card interface.
  • Challenge and response. Can be used for offline validations.
This was last updated in March 2023

Continue Reading About YubiKey

Dig Deeper on Identity and access management

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing