YubiKey GudangMovies21 Rebahinxxi LK21

The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.
The YubiKey implements the HMAC-based one-time password algorithm (HOTP) and the time-based one-time password algorithm (TOTP), and identifies itself as a keyboard that delivers the one-time password over the USB HID protocol. A YubiKey can also present itself as an OpenPGP card using 1024, 2048, 3072 and 4096-bit RSA (for key sizes over 2048 bits, GnuPG version 2.0 or higher is required) and elliptic curve cryptography (ECC) p256, p384 and more, depending on version, allowing users to sign, encrypt and decrypt messages without exposing the private keys to the outside world. Also supported is the PKCS#11 standard to emulate a PIV smart card. This feature allows code signing of Docker images as well as certificate-based authentication for Microsoft Active Directory and SSH.
Founded in 2007 by former CEO now Chief Evangelist Stina Ehrensvärd, Yubico is a Public company with offices in Santa Clara, CA, Bellevue, WA, and Stockholm, Sweden. Yubico CTO, Jakob Ehrensvärd, is the lead author of the original strong authentication specification that became known as Universal 2nd Factor (U2F).
YubiKey released the YubiKey 5 series in 2018, which adds support for FIDO2.




History


Yubico was founded in 2007 and began offering a Pilot Box for developers in November of that year. The original YubiKey product was shown at the annual RSA Conference in April 2008, and a more robust YubiKey II model was launched in 2009. Yubico's explanation of the name "YubiKey" is that it derives from the phrase "your ubiquitous key", and that "yubi" is the Japanese word for finger.
YubiKey II and later models have two "slots" available, for storing two distinct configurations with separate AES secrets and other settings. When authenticating the first slot is used by only briefly pressing the button on the device, while the second slot gets used when holding the button for 2 to 5 seconds.
In 2010, Yubico began offering the YubiKey OATH and YubiKey RFID models. The YubiKey OATH added the ability to generate 6- and 8-character one-time passwords using protocols from the Initiative for Open Authentication (OATH), in addition to the 32-character passwords used by Yubico's own OTP authentication scheme. The YubiKey RFID model included the OATH capability plus also included a MIFARE Classic 1k radio-frequency identification chip, though that was a separate device within the package that could not be configured with the normal Yubico software over a USB connection.
Yubico announced the YubiKey Nano in February 2012, a miniaturized version of the standard YubiKey which was designed so it would fit almost entirely inside a USB port and only expose a small touch pad for the button. Most later models of the YubiKey have also been available in both standard and "nano" sizes.
2012 also saw the introduction of the YubiKey Neo, which improved upon the previous YubiKey RFID product by implementing near-field communication (NFC) technology and integrating it with the USB side of the device. The YubiKey Neo (and Neo-n, a "nano" version of the device) are able to transmit one-time passwords to NFC readers as part of a configurable URL contained in a NFC Data Exchange Format (NDEF) message. The Neo is also able to communicate using the CCID smart-card protocol in addition to USB HID (human interface device) keyboard emulation. The CCID mode is used for PIV smart card and OpenPGP support, while USB HID is used for the one-time password authentication schemes.
In 2014, the YubiKey Neo was updated with FIDO Universal 2nd Factor (U2F) support. Later that year, Yubico released the FIDO U2F Security Key, which specifically included U2F support but none of the other one-time password, static password, smart card, or NFC features of previous YubiKeys. At launch, it was correspondingly sold at a lower price point of just $18, compared to $25 for the YubiKey Standard ($40 for the Nano version), and $50 for the YubiKey Neo ($60 for Neo-n). Some of the pre-release devices issued by Google during FIDO/U2F development reported themselves as "Yubico WinUSB Gnubby (gnubby1)".
In April 2015, the company launched the YubiKey Edge in both standard and nano form factors. This slotted in between the Neo and FIDO U2F products feature-wise, as it was designed to handle OTP and U2F authentication, but did not include smart card or NFC support.
The YubiKey 4 family of devices was first launched in November 2015, with USB-A models in both standard and nano sizes. The YubiKey 4 includes most features of the YubiKey Neo, including increasing the allowed OpenPGP key size to 4096 bits (vs. the previous 2048), but dropped the NFC capability of the Neo.
At CES 2017, Yubico announced an expansion of the YubiKey 4 series to support a new USB-C design. The YubiKey 4C was released on February 13, 2017. On Android OS over the USB-C connection, only the one-time password feature is supported by the Android OS and YubiKey, with other features not currently supported including Universal 2nd Factor (U2F). A 4C Nano version became available in September 2017.
In April 2018, the company brought out the Security Key by Yubico, their first device to implement the new FIDO2 authentication protocols, WebAuthn (which reached W3C Candidate Recommendation status in March) and Client to Authenticator Protocol (CTAP). At launch, the device is only available in the "standard" form factor with a USB-A connector. Like the previous FIDO U2F Security Key, it is blue in color and uses a key icon on its button. It is distinguished by a number "2" etched into the plastic between the button and the keyring hole. It is also less expensive than the YubiKey Neo and YubiKey 4 models, costing $20 per unit at launch because it lacks the OTP and smart card features of those previous devices, though it retains FIDO U2F capability.




Product features



A list of the primary features and capabilities of the YubiKey products.




ModHex


When being used for one-time passwords and stored static passwords, the YubiKey emits characters using a modified hexadecimal alphabet which is intended to be as independent of system keyboard settings as possible. This alphabet is referred to as ModHex and consists of the characters "cbdefghijklnrtuv", corresponding to the hexadecimal digits "0123456789abcdef".
Since YubiKeys use raw keyboard scan codes in USB HID mode, there can be problems when using the devices on computers that are set up with different keyboard layouts, such as Dvorak. ModHex was created to avoid conflicts between different keyboard layouts. It only uses characters that are located in the same place on most Latin alphabet keyboards, but is still 16 characters, allowing it to be used in place of hexadecimal. Alternatively, this issue can be addressed by using operating system features to temporarily switch to a standard US keyboard layout (or similar) when using one-time passwords. However, YubiKey Neo and later devices can be configured with alternate scan codes to match layouts that aren't compatible with the ModHex character set.
This problem only applies to YubiKey products in HID mode, where it must emulate keyboard input. U2F authentication in YubiKey products bypasses this problem by using the alternate U2FHID protocol, which sends and receives raw binary messages instead of keyboard scan codes. CCID mode acts as a smart card reader, which does not use HID protocols at all.




Security issues






= YubiKey 4 closed-sourcing concerns

=
Most of the code that runs on a YubiKey is closed source. While Yubico has released some code for industry standard functionality like PGP and HOTP it was disclosed that as of the 4th generation of the product this is not the same code that the new units ship with. Because new units are permanently firmware locked at the factory it is not possible to compile the open source code and load it on the device manually, a user must trust that the code on a new key is authentic and secure.
Code for other functionality such as U2F, PIV and Modhex is entirely closed source.
On May 16, 2016, Yubico CTO Jakob Ehrensvärd responded to the open-source community's concerns with a blog post saying that "we, as a product company, have taken a clear stand against implementations based on off-the-shelf components and further believe that something like a commercial-grade AVR or ARM controller is unfit to be used in a security product."
Techdirt founder Mike Masnick strongly criticized this decision, saying "Encryption is tricky. There are almost always vulnerabilities and bugs -- a point we've been making a lot lately. But the best way to fix those tends to be getting as many knowledgeable eyes on the code as possible. And that's not possible when it's closed source."




= ROCA vulnerability in certain YubiKey 4, 4C, and 4 Nano devices

=
In October 2017, security researchers found a vulnerability (known as ROCA) in the implementation of RSA keypair generation in a cryptographic library used by a large number of Infineon security chips, as used in a wide range of security keys and security token products (including YubiKey). The vulnerability allows an attacker to reconstruct the private key by using the public key. All YubiKey 4, YubiKey 4C, and YubiKey 4 Nano devices within the revisions 4.2.6 to 4.3.4 were affected by this vulnerability. Yubico remedied this issue in all shipping YubiKey 4 devices by switching to a different key generation function and offered free replacements for any affected keys until March 31, 2019. In some cases, the issue can be bypassed by generating new keys outside of the YubiKey and importing them onto the device.




= OTP password protection on YubiKey NEO

=
In January 2018, Yubico disclosed a moderate vulnerability where password protection for the OTP functionality on the YubiKey NEO could be bypassed under certain conditions. The issue was corrected as of firmware version 3.5.0, and Yubico offered free replacement keys to any user claiming to be affected until April 1, 2019.




= Reduced initial randomness on certain FIPS series devices

=
In June 2019, Yubico released a security advisory reporting reduced randomness in FIPS-certified devices with firmware version 4.4.2 and 4.4.4 (there is no version 4.4.3), shortly after power-up. Security keys with reduced randomness may leave keys more easily discovered and compromised than expected. The issue affected the FIPS series only, and then only certain scenarios, although FIPS ECDSA usage was "at higher risk". The company offered free replacements for any affected keys.




= Infineon ECDSA Private Key Recovery

=
In September 2024, security researchers from NinjaLab discovered a cryptographic flaw in Infineon chips that would allow a person to clone a Yubikey if an attacker gained physical access to it. The security vulnerability permanently affects all Yubikeys prior to firmware update 5.7. Yubico rated the issue as "moderate" citing the need for an attacker to have physical access to the key, expensive equipment, and advanced cryptographic and technical knowledge.




Social activism


In 2018, Yubico gave away free YubiKeys with laser engraved logos to new WIRED and ArsTechnica subscribers.
Yubico provided 500 YubiKeys to protesters during the 2019–2020 Hong Kong protests. The company states the decision was based on their mission to protect vulnerable Internet users and work with free speech supporters.




See also


FIDO Alliance
Nitrokey
OpenPGP card




References






External links


Official website

Kata Kunci Pencarian:

• KeePassXC
• Bitwarden
• Proton Mail
• YubiKey
• Stina Ehrensvärd
• Fastmail
• KeePassXC
• CCID (protocol)
• Comparison of OTP applications
• Password manager
• Proxmox Virtual Environment
• ROCA vulnerability
• FIDO Alliance

What Is YubiKey? | Webopedia

Yubikey - NetKnights: IT-Security ~ Two Factor Authentication ~ Encryption

YubiKey for gaming - Yubico

Yubikey - Business Technology Group Ltd

Yubikey - New Computer Setup

yubikey-cover - HostRound Blog

YubiKey - pwSafe

Congrats to our Yubikey winners! – Quic Broadband

YubiKey 5 Nano 2 Factor Authentication Security Key - Spy Goodies

What YubiKey Do You Have? | Yubico

Yubikey Review: Useful Way of Protecting Your Passwords - Privacy Australia

What is Yubikey?

yubikey

Daftar Isi

• Pros and cons of using Yubikeys? : r/yubikey - Reddit
• YubiKey - The authentication token from Yubico - Reddit
• Using a Yubikey through an RDP Session. SOLVED : r/yubikey
• Is Yubikey FIPS more secure than a regular one? : r/yubikey
• It's 2023 should I still buy a Yubikey? : r/yubikey - Reddit
• Yubikey vs Passkey : r/1Password - Reddit
• Help Needed: Understanding the advantages of a Yubikey versus …
• Do I really NEED a Yubikey or is it just a nice to have?
• (PIV) PUK key blocked : r/yubikey - Reddit
• Security Key NFC vs. Yubikey 5 NFC : r/yubikey - Reddit

Pros and cons of using Yubikeys? : r/yubikey - Reddit

I used it to login via Yubikey Authenicator app. Hidden shortcomings is that Yubikey 5 has lot of features and a learning curve. The other is that I plan to buy a second key as a backup because security is only as strong as your weakest link. If you still choose sms as your backup login method, people can bypass your Yubikey to login.

YubiKey - The authentication token from Yubico - Reddit

r/yubikey: YubiKeys are physical authentication devices from Yubico! Unofficial subreddit to discuss all things YubiKeys. <<Multi-factor all the…

Using a Yubikey through an RDP Session. SOLVED : r/yubikey

Mar 6, 2020 · My Yubikey hardware was not being seen on my VM connected over RDP. There as an older post about this, but it is now locked so I am creating a new one to share my findings. First, you need to make sure your RDS Server settings are …

Is Yubikey FIPS more secure than a regular one? : r/yubikey

Jul 25, 2021 · First, there is no $650 YubiKey. That is the YubiHSM. It is designed to store cryptographic secrets on servers, a Certificate Authority for example. It is not an authentication device. The YubiKey 5 Series keys (both FIPS and non-FIPS) are the latest YubiKey authentication devices.

It's 2023 should I still buy a Yubikey? : r/yubikey - Reddit

Jul 12, 2023 · The "Passkey" naming is a well intended rebrand of what we used to call "FIDO2 Discoverable Credential" or "FIDO2 Resident Credential".YubiKeys have had passkey support for years at this point. 😅The underlying tech isn't new, but your options for where the passkey credential can be stored are new.If you're reading through this thread and you ...

Yubikey vs Passkey : r/1Password - Reddit

Jun 10, 2023 · The Yubikey also supports UAF over CTAP2, but are more difficult to manage. I've been planning a security model around a tiered logins, and this is very helpful. I was planning on keeping my primary / recovery email addresses on the Yubkiey, I just wasn't sure what the best way to do that was.

Help Needed: Understanding the advantages of a Yubikey versus …

Jul 23, 2020 · The Yubikey will still have a bit of an advantage in that it will probably be cheaper and require less space etc. to have backup Yubikeys than backup smartphones built for security; and people are probably less likely to accidentally lose their Yubikey on a keychain then they are to leave a phone behind.

Do I really NEED a Yubikey or is it just a nice to have?

Jan 13, 2021 · Yubikey does not replace password managers. It replaces single point authentication gateway. For example: windows login, remote ssh login. Some sites also implemented OTP, but mainly as a second step authentication. Yubikey is just a "keyboard" with 1 button which identifies as YOU.

(PIV) PUK key blocked : r/yubikey - Reddit

Aug 28, 2021 · This mode is no longer offered by recent versions of YubiKey Manager and Yubico Authenticator, since it allows this bypass of the brute force protection. In the second case, the configuration software generates a random management key and stores it on the YubiKey, in one of the protected PIV data storage slots.

Security Key NFC vs. Yubikey 5 NFC : r/yubikey - Reddit

Dec 4, 2020 · YubiKey 5 NFC ($45) supports all the functions of the Security Key NFC ($27) and a bit more. The Security Key is a stripped down, cheaper version of it, essentially. Security Key NFC can be used to log into Gmail and Google.