There have been a few support mails lately showing concerns over static password emitted by the YubiKey having the key logger vulnerability. Here is some discussion about this topic.
Yubikey acts as a USB keyboard and will therefore be affected by a key-logger program when running in static mode. However, most online services with Yubikey support is running in OTP mode and are therefore not sensitive to key loggers.
Furthermore, in situations where Yubico will be used in static PW mode, it will likely be used for a service that is somewhat local to the user; either used locally on the user's computer itself to login to the computer or locally in the user's network thus making it less sensitive from key-logger attacks launched over the Internet.
FAQs
It is costly to design, mould, manufacture, sell and support a hardware product, even something as small as this. Since you don't want your 2FA company to go out of business there is good value in knowing they have a stable business model that can actually support a company rather than just burning capital.
Can a YubiKey be reused? ›
If a user finds a lost YubiKey, don't reuse it. Discard it and configure a new YubiKey for the user. For auditing purposes, you can't delete a YubiKey once assigned to a user. Even if you revoke or reassign it, it still appears in the YubiKey Report.
Why is my YubiKey not working? ›
Check to see if the YubiKey's LED is lit - if not, the YubiKey may not be receiving power. The issue may be as simple as the YubiKey is inserted upside down for USB-A connectors. Alternatively, the USB port may not be functioning correctly - if that is the case, try on a different USB port or computer.
Who owns Yubico? ›
Founded in 2007 by CEO Stina Ehrensvärd, Yubico is a private company with offices in Palo Alto, Seattle, and Stockholm. Yubico CTO, Jakob Ehrensvärd, is the lead author of the original strong authentication specification that became known as Universal 2nd Factor (U2F).
Should I leave my YubiKey plugged in all the time? ›
If it's your first time using a YubiKey and you're used to Touch ID, we suggest using the Nano key and leaving it plugged in. If you're working from home, you can leave it plugged in.
What is the lifespan of a YubiKey? ›
However, considering a YubiKey being used five times a day, 365 days per year, it will take 18 years for the counter to get stuck. Furthermore, as this counter only increment the first time after power up / reset, the practical lifetime is even longer.
What happens if someone steals your YubiKey? ›
So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can't create a backup YubiKey, you can always contact Yubico to get a replacement key.
Is YubiKey considered MFA? ›
You can configure a YubiKey as a security token that can be used for multi-factor authentication. You may have up to 10 keys registered with your account.
Can two people share YubiKey? ›
With WebAuthn, you can use the same YubiKey for unlimited sites and accounts. Just make sure to keep your YubiKey in a safe place and don't share it with anyone else.
Do I need to eject my YubiKey? ›
How can I safely remove my YubiKey? The YubiKey identifies as a USB keyboard to your PC, and does not need to be ejected when removed – you can just pull it out!
All the places/applications you'll be required to use your YubiKey will be unavailable without internet access, so you would already need internet access before needing your YubiKey.
Does YubiKey run out of battery? ›
The versatile YubiKey requires no software installation or battery so just plug it into a USB port and touch the button, or tap-n-go using NFC for secure authentication.
Is Yubico a Chinese company? ›
Yubico is founded in Stockholm, Sweden making secure login easy and available to everyone, and enabling one single authentication key to work across any number of services.
Is YubiKey made in China? ›
Made in Sweden & USA.
Do Google employees use YubiKey? ›
Protecting employees and customers with strong 2FA
Today, Google not only protects employees with the YubiKey but has also integrated support for the YubiKey and FIDO U2F security keys into the available security protections for all Google users.
Is buying a YubiKey worth it? ›
Premium features, premium price
The Yubico YubiKey 5C NFC supports many authentication protocols, so it works anywhere security keys are accepted. If you can make the most of its advanced features, such as signing and encrypting with OpenPGP, it's well worth the price.
Is the YubiKey expensive? ›
The TL;DR here is that the cost of a YubiKey is anywhere between $25 for the Security Series and $95 for the YubiKey FIPS series.
Is it safe to buy YubiKey from third party? ›
Yubico highly recommends not purchasing keys from un-approved sources. Only keys purchased from our web-store or authorized resellers are valid for warranty service. Keys purchased from resellers are subject to that reseller's warranty and return policies.
What is special about YubiKey? ›
The YubiKey supports one-time passcodes (OTP)
The YubiKey communicates via the HID keyboard interface, sending output as a series of keystrokes. This means OTP protocols can work across all OSs and environments that support USB keyboards, as well as with any app that can accept keyboard input.
