Yubico’s 4th generation YubiKey is built on high-performance secure elements. It includes the same range of one-time password and public key authentication protocols as in the YubiKey NEO, excluding NFC, but with stronger public/private keys, faster crypto operations and the world’s first touch-to-sign feature.
CORE YUBIKEY FEATURES
- Works instantly, no need to re-type passcodes from a device — replacing SMS texts, authenticator apps, legacy OTP tokens, and similar devices
- Identifies as a USB keyboard, smart card and smart card reader — no client software or drivers need to be installed, no batteries, no moving parts — and works over USB
- Crush-resistant and waterproof; YubiKey 4 is practically indestructible during normal use
- The keychain size weighs only 3g, and attaches to your keychain alongside your house and car keys
- Integration within minutes with free and open source server software
- Manufactured in USA and Sweden with high security and quality
SPECIAL YUBIKEY 4 FEATURES
- Works on Microsoft Windows, Mac OS X, Linux operating systems, and on major browsers
- Supports multiple authentication protocols, including Yubico OTP, smart card (PIV), and FIDO U2F
- Hardware secure elements guard your encryption keys
- RSA 4096 for OpenPGP
- Support for PKCS#11
Is the YubiKey using biometrics?
No. The YubiKey uses a pressure sensor on the gold disc button located on the key itself. No biometrics is solved in both the authentication and the setup.
Which authentication methods does YubiKey support?
YubiKey supports OpenPGP, Smart Card (PIV), OATH-TOTP, OATH-HOTP, Yubico OTP, Challenge-Response and Static Credential.
How do I configure different authentication methods?
Download the YubiKey Personalization Tool and you will be able to configure there.
What’s the difference between a Yubico OTP and a normal OTP
YubiKey’s OTP consists of 44 characters. The first 12 characters is to identify the key, the next 32 is the unique passcode valid only one time.
Advantages of this protocol
No need to type the code, just the push of a button
No need to install drivers/software for the client, the key behaves like a USB Keyboard (HID)
Easy to implement, Code and libraries are open source if you need to implement your own validation service (for large enterprise implementations)
The simplest recovery method is if the site supports alternative authentication mechanisms, so that you can regain access to the account and can delete (de-associate) the lost YubiKey from your account. You can then associate another (or a new) YubiKey to your account.
In case if you are afraid that you would have to configure your key’s with the right secrets again. When configuring a key, you will be prompted to save the configuration file. Just load the configuration file right into the new key and you will be able to use it just like the first one.
Which browsers support U2F?
You must be running Google Chrome version 38 or later, or Opera version 40 or later. Both browsers include support for the U2F protocol.
At this time, these are the only browsers supported. However, Mozilla is currently building support for U2F (although there are open source solutions available) and Microsoft is working within the FIDO Alliance to eventually bring support to Windows 10.
How does the OTP get validated?
The YubiKey validates the OTP against Yubico’s YubiCloud service (validation server). You can however, build your own Yubico OTP validation service using open source components that they provide for free.
Secret Key is a mandatory cryptographic key needed to compute the OTP or the Response code for a given Challenge.