.. ykauth-with-oath.rst

.. _ykauth-with-oath-label:

=========================
Use OATH with the YubiKey
=========================

OATH is an organization that specifies two open authentication standards: TOTP and HOTP.

When using OATH with a YubiKey on desktops or mobile devices, the shared secrets are stored and processed in the YubiKey’s secure element. This has two advantages over storing secrets on a phone:

 * *Security*

 The secrets always stay within the YubiKey. A phone can get stolen, sold, infected by malware, have its storage read by a connected computer, etc.

 * *Accessibility*

 You can display OATH codes on more than one phone or computer. If your phone runs out of battery, you can get a code using a friend’s phone or your computer.

A YubiKey can emit a HOTP code when its button is pressed. This is configured using `Yubikey Personalization GUI <https://developers.yubico.com/yubikey-personalization-gui/>`_. For TOTP you need an `application that can read OATH codes from YubiKeys <https://developers.yubico.com/OATH/YubiKey_OATH_software.html>`_, since YubiKeys does not have an internal clock.

.. image:: /images/yubikey-oath.png
    :align: center


-------------------------------------

To file a support ticket with Yubico, click `Support <https://www.yubico.com/products/yubienterprise/contact-support/>`_.