The YubiKey -- HOW IT WORKS

A single YubiKey has multiple functions for protecting access to your email, your apps and your physical spaces. Use one or more Yubikey features, or use them all. The versatile YubiKey does not require software installation or a battery; just plug it into a USB port, and touch the button for secure and strong authentication. A Yubikey is something you have that provides security protection beyond something you know (like a username/password). Even if someone steals your username and password (which is happening in bunches lately) they can’t get into your account without your physical key.

Let’s take a look at the options a Yubikey provides:

YUBICO ONE-TIME PASSWORD (OTP)

The YubiKey generates an encrypted password that can only be used once. Hackers require physical access of your YubiKey to generate the OTP. This feature is available on every YubiKey except the U2F Security Key.

OATH – HOTP (EVENT)

The Yubikey generates a six or eight character one-time password (OTP) for logging into any service that supports OATH-HOTP, a strong open authentication standard. The action is event-based, meaning a new one-time password is generated for each event. The OATH-HOTP feature is available on every version of Yubikey except the U2F Security Key.

OATH – TOTP (TIME)

The Yubikey generates a six or eight character time-based one-time password (OTP) (in conjunction with a helper application) for logging into any service (such as Microsoft Cloud accounts, Google Apps, Dropbox, EverNote) that supports OATH-TOTP, a strong authentication standard. A new password is generated at a set time interval, typically every 30 seconds. The OATH-TOTP feature is available on every version of Yubikey except the U2F Security Key.

CHALLENGE AND RESPONSE (HMAC-SHA1, YUBICO OTP)

The Challenge-Response method is best suited for offline validations. Use for Windows, Mac, and Linux computer login. The CR feature is available on every version of Yubikey except the U2F Security Key.

PIV-COMPLIANT SMART CARD

Smart Cards contain a computer chip that brokers data exchanges. These same features are contained in the Yubikey NEO, based on the industry standard Personal Identity and Verification Card (PIV) interface over the CCID protocol, which supports PIV on a USB interface.

OPENPGP

In the physical world, documents and data are often validated with a signature. In the virtual world, OpenPGP is a standards-based public key cryptography for signing, encrypting, and decrypting texts, e-mails, files, etc. The Yubikey NEO can securely hold the PGP key.

FIDO U2F

An emerging standard from the FIDO Alliance for applying two-factor authentication to any number of web-based applications, such as Gmail. Works via the browser, Chrome today, Firefox under development) and does not require any drivers. Does not require any client software or drivers. Read more about FIDO U2F.  U2F is available on every version of Yubikey except the YubiKey Standard and YubiKey Nano.

STATIC PASSWORDS

A basic Yubikey feature that generates a 38-character static password compatible with any application log-in. It is most-often used with legacy systems that cannot be retrofitted to enable other 2nd factor authentication schemes, such as pre-boot login.  Static password is available on every version of Yubikey except the U2F Security Key.

 

View all YubiKeys on a chart showing which features they each support. Specific applications and step-by-step instructions are on our Applications page.

posted @   IAmAProgrammer  阅读(817)  评论(0编辑  收藏  举报
(评论功能已被禁用)
编辑推荐:
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
阅读排行:
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
点击右上角即可分享
微信分享提示