5. FIDO U2F

5.1. Feature summary

The YubiKey 5 Series supports FIDO Universal 2nd Factor (U2F), which is defined in [RD7]. On a high level, the FIDO U2F protocol comprises both the registration and the authentication process but is only used as a second factor in the authentication process.

For more information on the YubiKey application FIDO U2F see Yubico’s website.

5.2. CSPN Approved mode

To operate the YubiKey 5 in a CSPN approved mode, the user must first be identified with a first factor authentication scheme (e.g. username/password) according to the FIDO U2F standard [RD7]. The details for such a first factor authentication scheme go beyond the scope of this document however.

As part of the registration process, the user must touch the YubiKey 5 sensor when the browser or application prompts for it. Furthermore, the user must also touch the YubiKey 5 when the browser or application requests for it during the authentication process.

5.3. Technical configuration

No additional configuration is needed to achieve a CSPN approved mode, assuming the YubiKey 5 has been correctly enrolled against a U2F compatible relying party.


To get in touch with Yubico Support, click here.