100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Yubikey

By Yubico

BeginnerTool10.4K learners

Yubikey is a hardware security key made by Yubico that provides strong, phishing-resistant authentication by requiring a physical device to be touched or inserted to prove a user's identity.

Definition

Yubikey is a hardware security key made by Yubico that provides strong, phishing-resistant authentication by requiring a physical device to be touched or inserted to prove a user's identity.

Overview

A Yubikey is a small USB (and often NFC-enabled) device that plugs into a computer or taps against a phone to authenticate a user. Rather than relying solely on something the user knows (a password) or something sent to them (an SMS code), it relies on something the user physically has, which makes it substantially harder for remote attackers to bypass. Yubikeys support several open authentication standards, most notably FIDO2/WebAuthn and the older FIDO U2F protocol, alongside legacy options like one-time passwords (OTP) and smart-card (PIV) authentication. FIDO2/WebAuthn is the most security-relevant of these: it uses public-key cryptography so that no shared secret is ever transmitted to or stored by the website, which eliminates common attack vectors like credential phishing and password reuse. This is a stronger form of Multi-Factor Authentication (MFA) than app-based codes, because the cryptographic challenge is bound to the specific website domain, preventing fake look-alike login pages from tricking the key into authenticating. Yubikeys are widely supported by major identity providers and platforms, including Okta, Google, Microsoft, GitHub, and password managers such as Bitwarden, and are commonly issued to employees at organizations with high security requirements — technology companies, financial institutions, and government agencies among them. Because the private key material never leaves the physical device, a Yubikey remains one of the most effective defenses against phishing and account-takeover attacks, and is frequently recommended as the strongest practical MFA option for individuals and enterprises alike.

Key Features

  • Hardware-backed FIDO2/WebAuthn and FIDO U2F support for phishing-resistant login
  • USB-A, USB-C, and NFC form factors for computers and mobile devices
  • Domain-bound cryptographic challenges that block fake login pages
  • Support for one-time passwords (OTP) and smart-card (PIV) authentication
  • No batteries, network connection, or app required to function
  • Broad compatibility with identity providers, password managers, and operating systems
  • Durable, tamper-resistant hardware designed for years of daily use

Use Cases

Securing employee logins to email, SSO portals, and internal systems
Protecting high-value accounts such as cloud administrator or source-code repository access
Serving as a second factor alongside a password for consumer accounts like Google or GitHub
Unlocking password managers such as Bitwarden with a physical key
Meeting regulatory or organizational requirements for phishing-resistant MFA
Providing offline-capable authentication that doesn't rely on cellular signal or an authenticator app

Frequently Asked Questions