FAQs
Unlike SMS codes and mobile push authentication, YubiKeys do not require a cellular connection to operate. In fact, they don't even require batteries or have any other external dependency. Simply plug the key into a USB port on your device and touch to authenticate.
Can YubiKey work without internet? ›
All the places/applications you'll be required to use your YubiKey will be unavailable without internet access, so you would already need internet access before needing your YubiKey.
What is the challenge response mode of YubiKey? ›
The YubiKey supports two methods for Challenge-Response: HMAC-SHA1 and Yubico OTP. HMAC-SHA1 takes a string as a challenge and returns a response created by hashing the string with a stored secret. Yubico OTP takes a challenge and returns a Yubico OTP code based on it encrypted with a stored AES key.
Why do I have to touch my YubiKey? ›
The Yubikey 4 introduces a new touch feature1that enables a second layer of protection when using a private key stored on the device. The access will be conditioned by a user physically triggering the touch sensor, which detracts malware issuing command on the Yubikey without user knowledge.
How do I know if my YubiKey is working? ›
Testing the Credential
- Insert the YubiKey into the computer.
- Click the Yubico OTP button. The following screen, "Test your YubiKey with Yubico OTP" shows the cursor blinking in the Yubico OTP field.
- Tap the metal button or contact on the YubiKey. The OTP appears in the Yubico OTP field. ...
- Click Validate.
The versatile YubiKey requires no software installation or battery so just plug it into a USB port and touch the button, or tap-n-go using NFC for secure authentication.
How long will a YubiKey last? ›
A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites.
Can you use a YubiKey with a cell phone? ›
However, as the YubiKey does need to be plugged into a mobile device to function, it adds more friction to the user flow - but this can be a positive when using a feature which requires a longer session, such as a PIV smart card. Pros: Supported on all mobile platforms. Ideal for longer authentication sessions.
Should I keep my YubiKey plugged in? ›
Do I need to keep my yubikey plugged in all the time? A. No, you only need to insert your yubikey when you are prompted to do so during login. Leaving it plugged in could result in the yubikey being lost or damaged.
Does YubiKey prevent phishing? ›
So, in short: yes, YubiKey FIDO2 is phishing resistant. Check out this blog on how FIDO2 prevents phishing for an even deeper dive into the topic.
Check to see if the YubiKey's LED is lit - if not, the YubiKey may not be receiving power. The issue may be as simple as the YubiKey is inserted upside down for USB-A connectors. Alternatively, the USB port may not be functioning correctly - if that is the case, try on a different USB port or computer.
What is the vulnerability of YubiKey? ›
The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-sized device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday.
What happens if someone steals your YubiKey? ›
So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can't create a backup YubiKey, you can always contact Yubico to get a replacement key.
Do I have to use YubiKey every time? ›
YubiKeys and Security Keys:
Eliminate the need to reach for your phone to open an app, or memorizing and typing in a code—simply touch the YubiKey to verify and you're in. Are trusted—You don't need to use the YubiKey every time you log in. Once an app or service is verified, it can stay verified.
Should I set a PIN on my YubiKey? ›
Many services suggest or require the use of a PIN. It is recommended that you set up a PIN before you add services to your YubiKey.
How does YubiKey work technically? ›
The YubiKey implements the HMAC-based one-time password algorithm (HOTP) and the time-based one-time password algorithm (TOTP), and identifies itself as a keyboard that delivers the one-time password over the USB HID protocol.
How does offline authentication work? ›
Offline authentication allows users to securely login to Windows and RDP services with MFA, even if their computer is not connected to the internet. This means that second-factor credentials can always be provided to ensure that logins are properly authenticated, without needing to rely on a steady internet connection.
Does a YubiKey need to be plugged in all the time? ›
No, you only need to insert your yubikey when you are prompted to do so during login.
What happens if YubiKey is lost? ›
If you lose your Yubikey, you can still use your phone authenticator app, but you cannot create a backup Yubikey. However, Yubikey also provides methods to recover your account, so you can get a replacement. An advantage to Yubikey is that it comes on a USB that cannot be identified.
