.. ykauth-register-spare-key.rst
.. _ykauth-register-spare-key-label:
==========================
Register a Spare YubiKey
==========================
We at Yubico always recommend having more than one YubiKey. This way, one key can be used as a primary key, and the other can be used as a spare. There are a few ways to register a spare key, and the process is different depending on if the service supports Yubico OTP and FIDO security protocols, or OATH-TOTP protocol.
.. Important:: Keys are not linked together in any way. Rather, both keys nare registered separately to the account. That way either can be used for authentication.
Identify your service security protocols
=========================================
Identify the security protocols the services you use support. Check our `Works with YubiKey Catalog `_.
Generate the QR code for the YubiKey
=====================================
* If the service uses **Yubico OTP or FIDO security protocols**, register the second key exactly as you registered the first. Follow the same setup instructions listed in our `Works with YubiKey Catalog `_.
* If the service uses **OATH-TOTP protocol**, meaning you use the `Yubico Authenticator app `_ to generate codes to login, then the process is a bit different.
.. Important:: Save this generated QR code!
Saving the QR code essential to creating a spare key for this particular account in the future. We recommend taking a picture of the QR code and storing it someplace safe.
Locate the QR code for your primary YubiKey
============================================
When registering your first YubiKey, you are given a secret from the service in the form of a QR code.
**If you did not save the QR code generated the first time,**
:Step 1: Delete your primary key from the account.
:Step 2: Restart the registration process again.
:Step 3: Be sure to save the QR code generated!
See, :ref:`ykauth-with-auth-codes-label`. This article describes how to use your YubiKey with authenticator codes.
Link the primary YubiKey QR code with the spare YubiKey
=========================================================
:Step 1: Use the Yubico Authenticator app, to scan the QR code from the first time you registered a YubiKey to this account.
:Step 2: Scan your primary YubiKey.
This links the primary YubiKey QR code and the primary YubiKey to the account.
Create a spare key for this account
====================================
:Step 1: Scan the same QR code generated from the initial registration (when you registered the primary YubiKey).
:Step 2: Scan your spare YubiKey.
Now either key can be used to authenticate.
Challenge-Response services backup process
===========================================
For services that use Challenge-Response, the backup process is similar to OATH-TOTP.
:Step 1: Locate a backup of the secret that was programmed into your primary YubiKey.
This is required to program the same credential into your spare YubiKeys.
:Step 2: If you do not have the Challenge-Response secret:
* Re-set up your primary YubiKey with the service(s) that use Challenge-Response.
* Save a copy of the secret key in the process.
:Step 3: Program the same credential into your backup YubiKeys. For most configurations, you should be able to use the **Applications > OTP** menu in `YubiKey Manager `_ to accomplish this.
Static password function backup process
========================================
If you use the YubiKey's static password function, the backup process is similar to OATH-TOTP.
For static passwords, you likely do not need a backup of the original credential, but can use the YubiKey's output (the static password it "types") to program your backup key(s).
If you programmed a static password that is greater than 38 characters using the **Static Password > Advanced** menu in the `YubiKey Personalization Tool `_, in order to program it into another key you need:
* A copy of the parameters of your static password credential (public ID, private ID and secret key).
* To use the Personalization Tool.
**If you do not have these parameters:**
:Step 1: Reconfigure your primary YubiKey and the services you use its static password with.
:Step 2: **Save a copy of the new parameters** -- if your **new** static password also exceeds 38 characters and was programmed using the **Static Password > Advanced** menu.
-------------------------------------
To file a support ticket with Yubico, click `Support `_.