Use OATH with the YubiKey

OATH is an organization that specifies two open authentication standards: TOTP and HOTP.

When using OATH with a YubiKey on desktops or mobile devices, the shared secrets are stored and processed in the YubiKey’s secure element. This has two advantages over storing secrets on a phone:

  • Security

The secrets always stay within the YubiKey. A phone can get stolen, sold, infected by malware, have its storage read by a connected computer, etc.

  • Accessibility

You can display OATH codes on more than one phone or computer. If your phone runs out of battery, you can get a code using a friend’s phone or your computer.

A YubiKey can emit a HOTP code when its button is pressed. This is configured using Yubikey Personalization GUI. For TOTP you need an application that can read OATH codes from YubiKeys, since YubiKeys does not have an internal clock.

_images/yubikey-oath.png

To file a support ticket with Yubico, click Support.