YubiKey: Difference between revisions
		
		
		
		Jump to navigation
		Jump to search
		
| Line 13: | Line 13: | ||
| Applications: | Applications: | ||
| * '''OTP''' - One-Time Password <ref>https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html</ref> | * '''OTP''' - One-Time Password <ref>https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html</ref> | ||
| ** Short Touch (Slot 1) | |||
| ** Long Touch (Slot 2) | |||
| ** Options: | |||
| *** Yubico OTP (Default) | |||
| *** Challenge-response | |||
| *** Static password | |||
| *** OATH-HOTP (Good option for 2nd slot) | |||
| * '''FIDO2''' - Fast IDentity Online version 2 <ref>https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html</ref> | * '''FIDO2''' - Fast IDentity Online version 2 <ref>https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html</ref> | ||
| ** FIDO2 PIN | |||
| * '''PIV''' - Personal Identity Verification (PIV) <ref>https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html</ref> | * '''PIV''' - Personal Identity Verification (PIV) <ref>https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html</ref> | ||
| ** PIN, PUK, Management Key | |||
| ** Certificates | |||
| Interfaces: (USB and NFC) | Interfaces: (USB and NFC) | ||
Latest revision as of 16:33, 14 March 2025
YubiKey Manager
https://www.yubico.com/support/download/yubikey-manager
Use the YubiKey Manager to configure FIDO2, OTP and PIV functionality on your YubiKey on Windows, macOS, and Linux operating systems. The tool works with any currently supported YubiKey. You can also use the tool to check the type and firmware of a YubiKey. In addition, you can use the extended settings to specify other features, such as to configure 3-second long touch.
HOTP
Interfaces
USB and NFC
Applications:
- OTP - One-Time Password [1]
- Short Touch (Slot 1)
- Long Touch (Slot 2)
- Options:
- Yubico OTP (Default)
- Challenge-response
- Static password
- OATH-HOTP (Good option for 2nd slot)
 
 
- FIDO2 - Fast IDentity Online version 2 [2]
- FIDO2 PIN
 
- PIV - Personal Identity Verification (PIV) [3]
- PIN, PUK, Management Key
- Certificates
 
Interfaces: (USB and NFC)
- OTP - One-Time Password [4]
- FIDO U2F - Fast IDentity Online / Universal 2nd Factor [5]
- Version 1 of FIDO
 
- FIDO2 - Fast IDentity Online version 2 [6]
- Version 2 of FIDO
 
- PIV - Personal Identity Verification (PIV) [7]
- OpenPGP - [8] [9]
- OATH - Open Authentication [10]
Remote Desktop
FIDO2 Passthrough requires Windows version 1903 or Higher.
"WebAuthN requires Windows 10 version 1903 or higher"
Ref:
FIDO2 security key sign-in to Windows - Microsoft Entra ID | Microsoft Learn https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key-windows
SSO
OTP/TOTP mode vs PIN+FIDO2 mode
The benefit of FIDO2 is that it verifies the physical USB connection end-to-end, but this also requires end-to-end FIDO2 support.
Compared to traditional MFA methods like SMS codes or TOTP (Time-based One-Time Password), FIDO2 offers higher security by resisting phishing and man-in-the-middle attacks. Methods such as SMS-based codes can be intercepted, and TOTP is susceptible to phishing.
macOS
The "Micorosft Remote Desktop" client for macOS does not support FIDO2 WebAuthn, but there is a client available that does called Thincast
Thincast Client
A free Remote Desktop Client for Linux, macOS and Windows. https://thincast.com/en/products/client
Web Authentication (WebAuthn) Use biometric devices or security keys (like Yubico and FIDO2) for authenticating your users in remote desktop sessions.
Web Authentication (WebAuthN) Securely authenticate your users. Thincast Client has built-in support for the WebAuthN virtual channel. It enables secure authentication for users accessing remote desktops and leverages the Web Authentication (WebAuthN) API to provide strong authentication using either biometric data, security keys, or other methods.
keywords
- ↑ https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html
- ↑ https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html
- ↑ https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html
- ↑ https://docs.yubico.com/yesdk/users-manual/application-otp/otp-overview.html
- ↑ https://docs.yubico.com/yesdk/users-manual/application-u2f/fido-u2f-overview.html
- ↑ https://docs.yubico.com/yesdk/users-manual/application-fido2/fido2-overview.html
- ↑ https://docs.yubico.com/yesdk/users-manual/application-piv/piv-overview.html
- ↑ https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
- ↑ https://developers.yubico.com/PGP/
- ↑ https://docs.yubico.com/yesdk/users-manual/application-oath/oath-overview.html