In a single device, the YubiKey NEO has both contact (USB) and contactless (NFC, MIFARE) communications. It supports one-time password, smart card functionality, including OpenPGP and PIV, and the emerging FIDO Alliance Universal 2nd Factor (U2F) protocol.
If NFC is not required, or if the smaller Nano form factor is preferred, it would be recommend that you purchase the YubiKey 4 or YubiKey 4 Nano, the latest generation YubiKey, which includes stronger and faster crypto compared to the YubiKey NEO.
CORE YUBIKEY FEATURES
- Works instantly, no need to re-type passcodes from a device — replacing SMS texts, authenticator apps, legacy OTP tokens, and similar devices
- Identifies as a USB keyboard, smart card and smart card reader — no client software or drivers need to be installed, no batteries, no moving parts
- Crush-resistant and waterproof, YubiKey NEO is practically indestructible during normal use, weighs only 3g, and attaches to your keychain alongside your house and car keys
- Integration within minutes with free and open source server software
- Manufactured in USA and Sweden with high security and quality
SPECIAL YUBIKEY NEO FEATURES
- Works on Microsoft Windows, Mac OS X, Linux operating systems; major browsers; and Android NFC phones and tablets
- Supports multiple authentication protocols, including Yubico OTP, smart card, and FIDO U2F
- Mobile authentication through NFC contactless technology (NDEF type 4), works with Android and other devices (YubiKey NEO only)
- MIFARE Classic, for legacy physical access control systems
- Hardware secure elements guard your encryption keys
Is the YubiKey using biometrics?
No. The YubiKey uses a pressure sensor on the gold disc button located on the key itself. No biometrics is solved in both the authentication and the setup.
Which authentication methods does YubiKey support?
YubiKey supports OpenPGP, Smart Card (PIV), OATH-TOTP, OATH-HOTP, Yubico OTP, Challenge-Response and Static Credential.
How do I configure different authentication methods?
Download the YubiKey Personalization Tool and you will be able to configure there.
What’s the difference between a Yubico OTP and a normal OTP
YubiKey’s OTP consists of 44 characters. The first 12 characters is to identify the key, the next 32 is the unique passcode valid only one time.
Advantages of this protocol
No need to type the code, just the push of a button
No need to install drivers/software for the client, the key behaves like a USB Keyboard (HID)
Easy to implement, Code and libraries are open source if you need to implement your own validation service (for large enterprise implementations)
The simplest recovery method is if the site supports alternative authentication mechanisms, so that you can regain access to the account and can delete (de-associate) the lost YubiKey from your account. You can then associate another (or a new) YubiKey to your account.
In case if you are afraid that you would have to configure your key’s with the right secrets again. When configuring a key, you will be prompted to save the configuration file. Just load the configuration file right into the new key and you will be able to use it just like the first one.
Which browsers support U2F?
You must be running Google Chrome version 38 or later, or Opera version 40 or later. Both browsers include support for the U2F protocol.
At this time, these are the only browsers supported. However, Mozilla is currently building support for U2F (although there are open source solutions available) and Microsoft is working within the FIDO Alliance to eventually bring support to Windows 10.
How does the OTP get validated?
The YubiKey validates the OTP against Yubico’s YubiCloud service (validation server). You can however, build your own Yubico OTP validation service using open source components that they provide for free.
Secret Key is a mandatory cryptographic key needed to compute the OTP or the Response code for a given Challenge.