You can find information about this here .

You can find information about this here .

The YubiKey is a form of two-factor authentication (2FA) that provides an additional layer of security for your online accounts. With a YubiKey, you simply register it with your account. Then, when you log in, you'll need to enter your credentials (username and password) and use your YubiKey (insert it into the USB port or scan it via NFC). Both the credentials and the YubiKey are required when logging in. This physical layer of protection prevents many account takeovers that can be performed virtually.

2FA is a method of verifying a user's claimed online identity through a combination of two different factors. Factors used for 2FA include something you know (such as a password or PIN), something you have (such as a security key or phone), or something you are (such as facial recognition). To learn more about strong two-factor authentication, please click here .

A single YubiKey has multiple functions to secure your login to email, online services, apps, computers, and even physical spaces. You can use any or all of the YubiKey's features. The versatile YubiKey requires no software installation or battery, so it's ready to use right out of the box. Simply log in to the service you want to add additional security to and register the key with your account.

You can find information about this here .

You can find information about this here .

You can find information about this here .

You can manage your YubiKeys using various tools and methods:

1. YubiKey Manager:
   The YubiKey Manager tool lets you configure, manage, and personalize your YubiKeys. With this tool, you can:
   - Enable or disable various functions of the YubiKey.
   - Adjust settings for FIDO2, OTP and other protocols.
   - Manage PINs for FIDO2 and PIV (smart card).
   - View the firmware version and serial number of your YubiKey.
   
   You can download the tool here: YubiKey Manager Download .
2. Yubico Authenticator:
   If you use your YubiKey for two-factor authentication (2FA), you can use the Yubico Authenticator app to generate OTP codes and manage your accounts.
   You can find further information and the download here: Yubico Authenticator Download .
3. My Account Management:
   In some cases, you can manage YubiKeys directly through the management interfaces of services and applications in which you use the YubiKey for authentication. Be sure to regularly review your stored YubiKeys and remove any that are no longer needed.
4. Pointsharp YubiKey Management for Enterprises:
   If you want to centrally manage multiple YubiKeys within your organization, Pointsharp offers a comprehensive solution for managing and integrating YubiKeys into your IT infrastructure. With Pointsharp, you can:
   - Register and manage YubiKeys centrally.
   - Efficiently manage access controls and permissions for users.
   - Ensure seamless integration of YubiKeys into existing enterprise applications and services.
   - Use audit and reporting features to monitor the security and usage of YubiKeys within the company.
   For more information about Pointsharp and how you can use it for your business, see Pointsharp YubiKey Management .
5. Safety tips:
   - Use a secure PIN for your YubiKey to further secure access.
   - Keep a backup YubiKey in case your primary key is lost or damaged.

When choosing a key, you have several options, such as the Security Key Series or the YubiKey 5 Series . Below are some key differences and factors to consider when deciding if the Security Key Series is right for you.

Scenarios where the Security Key Series is right for you:

• Ideal for those looking for professional, strong authentication at an affordable price
• The Security Key Series supports the FIDO U2F or FIDO2/WebAuthn protocols. Some common websites that use these protocols include:
  - Gmail, YouTube, Dropbox, Twitter, Coinbase, Microsoft accounts (like Office 365, Xbox Live, etc.)
  - It also works with hundreds of other websites, services, and applications, and a growing list of password managers like 1Password, Dashlane, and crypto exchanges like Gemini, Binance, and others that use the FIDO2/WebAuthn and FIDO U2F authentication standards
• Securing an account with NFC for tap-and-go authentication
• Authentication via desktop and mobile

However, if you need more comprehensive security protocols, then our YubiKey 5 Series could be the right choice for you, which includes

• Support a wider range of applications and services with a range of protocols such as OTP, OATH and Smartcard/PIV
• Wider range of form factors (connection types), including Lightning or Nano form factors
  Securing legacy and modern environments and a bridge to passwordless use of non-FIDO protocols
• Securing apps and services with the Yubico Authenticator app
• Windows Home users secure the logon to the local computer
  (with Yubico Login for Windows)
• Mac users secure login to their local computer
• Enterprises securing users in a variety of business scenarios, such as secure remote/hybrid workforces, shared workspaces, mobile restricted environments, privileged users, third-party access, end customers, and more
• Strong authentication across desktop and mobile devices

The main difference between the YubiKey 5 FIPS and the YubiKey Security Key is the certification and the supported security standards:

1. YubiKey 5 FIPS :
   The YubiKey 5 FIPS is certified according to the FIPS (Federal Information Processing Standards) standard, specifically FIPS 140-2 Level 2 or 3. This certification means that the YubiKey 5 FIPS meets the strict security requirements of the US government and is suitable for use in environments where FIPS-compliant security is required.
   The YubiKey 5 FIPS supports a wide range of security protocols, including FIDO2, U2F, OTP (One-Time Password), PIV (Smart Card), OpenPGP, and more.
   It also has different connectivity options, depending on the model, such as USB-A, USB-C or NFC, to support different devices.
2. YubiKey Security Key :
   The YubiKey Security Key is a security key manufactured by Yubico, but it does not have FIPS certification.
   It also supports a number of security protocols, including FIDO2 and U2F, making it ideal for two-factor authentication.
   Compared to the YubiKey 5 FIPS, the YubiKey Security Key is more aimed at general use and is not specifically designed for FIPS-compliant environments.

In summary, the key difference between the YubiKey 5 FIPS and the YubiKey Security Key lies in their certification. The YubiKey 5 FIPS has FIPS validation, while the YubiKey Security Key does not. The YubiKey 5 FIPS is suitable for security-critical environments, while the YubiKey Security Key is more intended for general-purpose use.

Are you new to cybersecurity? We know there's a lot of terminology to understand, and we hope this article can help point you in the right direction! If you haven't already, we recommend checking out the personal page here . There, you'll learn what a YubiKey is, why you should use it, and how it works.

Passwords are highly vulnerable because they are easy to create and steal. Stolen passwords allow malicious actors to impersonate compromised users, but they can also be used to obtain additional passwords and information. The bar is simply too low for passwords. Even traditional MFA methods like SMS or mobile authentication have proven highly vulnerable to phishing. Phishing-resistant MFA, based on FIDO/WebAuthn authentication protocols like the YubiKey, is the modern and effective approach to protecting your hard work, your brand image, and your business.

Further information

If you want to learn more about security protocols, terminology, and modern authentication, check out the resources below.

• Cybersecurity Glossary - Keywords, acronyms and technical terms of the security industry
• Authentication Standards - Learn more about authentication standards and 2FA/MFA
• Security protocols explained simply

Please use the Works with YubiKey catalog to search for a service and see if it offers support for YubiKeys. Please note, however, that the catalog may not list all services compatible with our products. If the service is not found in the catalog, it may still support YubiKeys. Please contact the support of the unlisted service to verify whether or not it supports YubiKeys.

Yes, Yubico always recommends having more than one YubiKey. This way, one can be used as the primary key and the other as a backup key. The importance of a backup key is well known. We have them for our most valuable assets in life—our homes, our cars, our safe deposit boxes, etc. No wonder we also need backup keys for our digital devices! A backup key gives you peace of mind that if you lose your master key, you won't be left without access to important accounts when you need them most. In other words, with a backup key, you don't have to worry about being locked out of an account, and you don't have to go through a lengthy recovery and identity verification process to regain access to each account.

There are several ways to register a backup key. The process varies depending on whether the service supports the Yubico OTP and FIDO security protocol or the OATH-TOTP protocol.

To find out which security protocols the services you use support, you can consult our Works with YubiKey catalog . For all services that use the Yubico OTP or FIDO security protocol, you'll need to register the second key the same way you registered the first. You can follow the same instructions listed in the Works with YubiKey catalog.

It's important to note that the keys aren't linked. Instead, both keys must be registered separately for the account, and then either can be used for authentication.

If the service uses the OATH-TOTP protocol, meaning you're using the Yubico Authenticator app to generate codes for logging in, the process is slightly different. You can find our guide on setting up this security protocol here .

Please note that the form factor of the replacement key doesn't need to be identical to the one you originally purchased. Just make sure it supports the security protocols you need. Please use our Works with YubiKey catalog to check which services support the protocols and our comparison chart .

Any YubiKey is suitable for this purpose. Each YubiKey functions independently and contains individual, separately lockable key material—they are not copies, but independent keys. Many customers choose a YubiKey from the Security Key series as their backup key.

You can find information about this here .

Yubico offers the free Yubico Authenticator for both platforms (iOS and Android). This allows you to use most services that normally work with apps like Microsoft/Google Authenticator. Additionally, the Yubico Authenticator enables contactless communication via NFC on both platforms.

• iOS : Fully supports passkeys (FIDO2), including those stored on the YubiKey. This native support enables use by plugging in or contactless NFC connection, without the need for an additional app. This requires the service provider to support passkeys or FIDO. A list of apps and services that already support the YubiKey is available at workswithyubikey.com .
• Android: Currently supports FIDO U2F as part of Google Services. Full support for passkeys (FIDO2) is currently in beta and is expected in the coming months. A list of applications and services that already support the YubiKey is also available at workswithyubikey.com .

You can find information about this here .

The YubiKeys 5 Series support six different two-factor authentication protocols, each with its own limit on the number of accounts it can be connected to. Which protocol is used for a particular account varies from service to service (website, app, etc.).

You can find setup instructions and the protocols used by a specific service on the service's listing in the Works With YubiKey Catalog (e.g., Google Accounts). The limits for each protocol are summarized below and also available here.

OTP - This application can store two credentials. However, Yubico OTP, one of the most popular credential types for this app, can be registered with an unlimited number of services.

FIDO U2F - similar to Yubico OTP, the U2F application can be registered with an unlimited number of services.

FIDO2 - the YubiKey 5 can store up to 25 resident keys in its FIDO2 application.

OATH (Yubico Authenticator) - The YubiKey 5's OATH application can store up to 32 OATH TOTP credentials (AKA Authenticator app codes).

*PIV - the PIV application (chip card) of the YubiKey 5 has 24 slots, each of which can hold a certificate and the associated private key

*OpenPGP - The YubiKey 5's OpenPGP application can store up to three private OpenPGP keys, one for encryption, one for signing, and one for authentication.

*(OpenPGP and PIV are less commonly used than OTP, U2F, FIDO2 and OATH)

The Yubico Authenticator adds an additional layer of security to your online accounts. It generates two-step verification codes on your mobile or desktop device using the OATH-TOTP security protocol.

It's important to note that the Yubico Authenticator requires a YubiKey 5 series to generate these OTP codes. The Yubico Authenticator app works on Windows, macOS, Linux, iOS, and Android.
You can download the Yubico Authenticator app here .

There are many differences between the Yubico Authenticator app and other authenticators. Most other authenticators store private keys on your phone or computer, which can be compromised or stolen. The Yubico Authenticator stores credentials in the secure element of the YubiKey and cannot be extracted from the YubiKey.

This means you won't be locked out of your accounts even if you lose your phone, change your phone, or no longer have access to the Yubico Authenticator app. This is because all private keys (OTPs used to authenticate your account) are stored on your YubiKey, not in the app. Simply download the app on a desktop or mobile device, insert or scan your key, and you'll have access to all the codes originally stored on the key.

If you'd like to learn more about how to use Yubico Authenticator with the services you want to secure, check out this article for more information.

You can also watch this short video that shows you how the Yubico Authenticator works on your different devices.

If you plan to register a backup key with your accounts, as we recommend, it's important to save the QR code generated during the initial service setup. You can learn more about this in the OATH-TOTP protocol section of our backup key registration guide here .

Yubico Authenticator

The Yubico Authenticator app lets you store your credentials on a YubiKey rather than on your phone, preventing your private keys from being compromised. The Yubico Authenticator app requires a YubiKey 5 Series to generate OTP codes. Learn more about the Yubico Authenticator app here , and learn how to use your YubiKey with authenticator codes here .
You can download the Yubico Authenticator here .

YubiKey Manager

With the YubiKey Manager, you can configure your YubiKey's FIDO2, OTP, and PIV features on Windows, macOS, and Linux operating systems. The tool works with all currently supported YubiKeys. You can also use the tool to check the type and firmware of a YubiKey. You can also use the advanced settings to configure other features, such as the 3-second long touch.
You can download the YubiKey Manager here .

You can use a YubiKey to protect data by securely accessing computers. Yubico offers a range of computer logins for organizations and individuals. Please follow this link and select your preferred computer login tool for detailed setup instructions.

• Yubico Login for Windows
• YubiKey Smart Card Deployment Guide

Below are the basics of YubiKey PINs. If you'd like to learn more about YubiKeys and PINs, please read this article .

• A YubiKey can have up to three PINs - one for its FIDO2 function, one for PIV (smart card), and one for OpenPGP.
• The PIV and OpenPGP PINs are set to 123456 by default, but there is no factory-set FIDO2 PIN.
• If you are asked to enter a PIN (including during setup) and you are unsure of what it is, it is most likely your YubiKey's FIDO2 PIN.
• If you use a blue security key, FIDO2 is the only PIN you will be asked for, as blue security keys do not support PIV and OpenPGP.
• Instructions on how to create a PIN for Windows operating systems can be found here .

For security reasons, the YubiKey firmware does not allow reading stored private keys, meaning it is not possible to "clone" a YubiKey. Generally, the backup key must be manually registered with all services where the first key is registered. However, there are some types of credentials that, if backed up at the time of programming, can be programmed into a second key at a later time (using the backup/stored copy of the credentials). For more information, see this article on backup keys.

• To use the YubiKey for Apple IDs, you'll need at least two FIDO Certified security keys that work with the Apple devices you regularly use. Learn more here .
• Protect your Apple iCloud with YubiKeys: Apple supports YubiKeys to provide the strongest phishing-resistant protection for your iCloud account using the FIDO protocol. By registering YubiKeys with your iCloud account, you significantly increase your protection, even if your iCloud account password is stolen. This article covers setting up and using your YubiKey with iCloud. To ensure you have a backup, you'll need at least two YubiKeys/security keys to start. Once you've set up security keys for your iCloud account, you'll need to use a security key to log in from untrusted devices.
• YubiKeys can be registered from an iPhone/iPad or a Mac. This article provides step-by-step instructions for both options.

You can find information about this here .

Yubico offers the free Yubico Authenticator for both platforms. This allows access to most services that normally work with apps like Microsoft/Google Authenticator. Additionally, the Yubico Authenticator enables contactless communication via NFC on both platforms.

• iOS : Fully supports passkeys (FIDO2), including those stored on the YubiKey. This native support enables use by plugging in or contactless NFC connection, without the need for an additional app. This requires the service provider to support passkeys or FIDO. A list of apps and services that already support the YubiKey is available at workswithyubikey.com .
• Android: Currently supports FIDO U2F as part of Google Services. Full support for passkeys (FIDO2) is currently in beta and is expected in the coming months. A list of applications and services that already support the YubiKey is also available at workswithyubikey.com .

• YubiKey 5 FIPS Series
• YubiKey Bio Series
• Security Key Series
• YubiKey 5 Series

You can use iPhones 7 and newer with YubiKeys that have a Lightning connector and NFC. Please note that only iPhones 7 and newer support NFC to the extent required for use with YubiKeys. The NFC on older iPhone models only works with Apple Pay. To work with a YubiKey, NFC must have read and write capabilities . Therefore, iPhones older than the iPhone 7 are only compatible with our YubiKey 5Ci (lightning). Please note that you cannot secure your iPhone login with a YubiKey.

Do YubiKeys work with iPads (with Lightning connector)?

For iPads with a Lightning connector, the YubiKey 5Ci works with everything the iPhone can do. The YubiKey 5Ci works with the Yubico Authenticator app .

Please note that you cannot use a Lightning adapter, as the Lightning connector is MFI (made for iPhone) and may therefore not work. Adapters should work with OTP and Fido U2F, but we do not recommend them.

You should be able to use your YubiKey on an iPad over USB-C with any service that supports Yubico OTP.

If you have an iPad Pro, please note that YubiKeys are not compatible with the Yubico Authenticator because the iPad Pro does not have Lightning or NFC capabilities. Currently, only Lightning connectors are compatible with iPads due to Apple's MFI program. Please note that version 1.7.0 of the Yubico Authenticator added USB-C support for iPads running iPadOS 16.1.

In summary, you should be able to use your key with any service that uses Yubico OTP on an iPad over USB-C. For services that use WebAuthn, FIDO U2F, and FIDO2, the capability is present in iPadOS if you use the Safari browser (this leverages iPadOS's native support for WebAuthn), but note that some services may simply not allow you to use a YubiKey if they detect you're logging in from an iPad (this is outside of Yubico's control).

For services that support our products through authenticator apps, you should still be able to use Yubico Authenticator with a YubiKey to generate the one-time passwords. However, you can generate the OTPs on another device and then manually copy them to your iPad. Please note that you cannot secure your iPad's login with a YubiKey.

You can find information about this here .

This article provides some initial troubleshooting steps to help you determine what's wrong with your YubiKey. This may not be the solution to your problem, but it's worth trying the following steps before submitting a ticket to our support team for further troubleshooting. Before you begin troubleshooting, please remove any USB hubs, extensions, etc. and insert the key directly into your device.

1. Is the YubiKey physically turned on?
   Insert the key and check if the LED lights up. If it doesn't, try turning the key over and reinserting it; some USB ports are backwards. Here's a visual example of what the YubiKey 5 Nano looks like when properly inserted into a USB port.
2. Is the YubiKey recognized by your operating system?
   Please check if YubiKey OTP+FIDO+CCID or similar appears in one of the following locations when the key is inserted. The YubiKey Bio appears here as YubiKey FIDO, and our security keys are displayed as "Security Key by Yubico."
   - Windows users select Settings > Devices > Bluetooth & other devices.
   - macOS users check (Apple menu) > About This Mac > System Report and look under Hardware > USB.
   - Linux users check lsusb -v in the terminal.
3. Is your YubiKey's touch sensor working?
   Test WebAuthn by following the steps here . Successful completion of the WebAuthn demo confirms that the YubiKey's touch sensor is working properly.
   - YubiKeys use capacitive touch sensors. If your skin is dry, it will be harder to detect a touch. Lotion can help, and you can also try applying more pressure to ensure your finger covers more of the sensor.
   - The touch sensor is the golden part of your YubiKey (or the round black circle on the YubiKey BIO).
4. Has an interface on your YubiKey been disabled?
   Instructions on how to reactivate them can be found in the article Enabling or disabling USB interfaces .
5. Does your Yubico OTP work? (YubiKey 5 series only)
   Test your Yubico OTP by following the steps here .
   - If the Yubico OTP isn't working, here are instructions on how to reset it.
6. Have you registered a fingerprint? (YubiKey BIO series only)
   For the YubiKey BIO series, make sure you have registered at least one fingerprint - see this page for instructions on how to set it up for the first time.
7. Have you followed the troubleshooting instructions for the service/app that isn't working properly with your YubiKey?
   You can find security setup instructions for many services in our Works with YubiKey catalog or directly in the service's help center.
8. Is the problem localized?
   Try your key on another device, follow the steps above, and check if the key works. If it works, the problem may be with your device and/or its USB ports.

If the issue persists, please open a support ticket with Yubico.
If the above steps do not resolve your issue, you can open a support ticket here for further assistance.
When submitting a ticket, please provide as many of the following information as possible:

1. What you want to achieve overall, a link to the steps you are following, if applicable, and an explanation of what is going wrong.
2. Try the key on the YubiKey demo page and send the result.
3. A screenshot of the YubiKey Manager home screen and interfaces tab.
   - Note that on Windows 10 or earlier, you must run the YubiKey Manager as an administrator.
4. Which operating system and browser you use, including versions.
5. The order number or invoice for your YubiKey purchase.
6. If possible, please test on multiple computers to see if the problem occurs on both.

You can find information about this here .

If you use your YubiKey with a service or application, how you handle lost or stolen YubiKeys depends on the service/application and its account recovery procedures.
If you've added a backup key to your account or enabled a different authentication method, you should be able to regain access to your account using either method without any issues. If you've logged in to the affected account(s), make sure you remove the lost YubiKey as an alternative authentication method. We recommend registering a new YubiKey immediately.
If you would like to know more about replacement keys, please read the article above.

Please note that Yubico does not implement security key support for various services/applications. Authentication options and how they are configured in each environment are determined by the service/application. Therefore, if you wish to recover your account, you will need to contact the service directly for assistance.

To identify some common issues with YubiKeys, you can follow the instructions below.

1. Plug in the YubiKey and check if the LED is lit. If not, try flipping it over, as some USB ports are upside down.
2. Check how your YubiKey is identified.
   Windows users check devices and printers in the Control Panel.
   MacOS users check Apple Menu > About This Mac > System Report and look under Hardware > USB.
   Linux users check dmesg in the terminal
3. If you are missing one of the USB interfaces (OTP, U2F/FIDO or CCID), you can enable it using the article Enable or disable USB interfaces.
4. Test U2F by following the Test U2F instructions.
   Test OTP by following the Testing Yubico OTP guide.

Please note that the YubiKeys use capacitive touch sensors. If your skin is dry, it will be harder to detect a touch. Lotion can help, and you can also try applying more pressure to ensure your finger covers more of the sensor.

Submitting a support ticket
If your key is not working properly and you would like to submit a support ticket, please include information on the steps listed below:

1. Test your YubiKey here to see if it can authenticate with our demo site.
2. Screenshots of the Home and Interfaces tabs from the YubiKey Manager.
3. Your running operating system, your browser and their versions.
4. Try your key on another device (PC/MAC) and check if it works there (if possible).
5. Please provide this additional information depending on the device:
   Mac: > About This Mac > System Report > Hardware > USB with your YubiKey plugged in.
   (Whether you see YubiKey OTP+FIDO+CCID in this window shows you whether your Mac's operating system recognizes and correctly identifies your YubiKey).
   Linux: An output of the command sudo lsusb -v in Terminal.
   Windows: A screenshot of the Settings -> Bluetooth & other devices section in Windows.

You can find information about this here .

You can find Yubico support here .