What is Yubico OTP?

Yubico OTP is a simple yet strong authentication mechanism that is supported by all YubiKeys out of the box. Yubico OTP can be used as the second factor in a 2-factor authentication scheme or on its own, providing 1-factor authentication.

The most common pattern is to use Yubico OTP in combination with a username and password:

otp_login_form.png

YubiCloud

YubiCloud is the name of Yubico’s web service for verifying OTPs. Before using YubiCloud, you need to get an API key from here — it’s quick, free and helps us preventing misuse of YubiCloud.

If you prefer to not use YubiCloud, you can instead host a verification server yourself.

Advantages

Apart from the general advantages of 2-factor authentication, Yubico OTP has the following characteristics:

  • No client software needed. The OTP is just a string. If you can send a password, you can send an OTP.

  • YubiKey ID embedded in OTP. This allows for self-provisioning, as well as authenticating without a username.

  • Easy to implement. Using YubiCloud, supporting Yubico OTP is not much harder than supporting regular passwords.

Implementing

We provide two alternatives:

Understanding

While not required, it can be interesting and useful to know how a Yubico OTP is generated. This is explained in OTPs explained.