Back to Glossary

Glossary Term

Yubikey

A hardware security key that performs cryptographic challenges to deliver phishing-resistant multi-factor authentication.

1 min read

Share this definition

Post it to your feed or send it to teammates.

What it is

A Yubikey is a small USB or NFC device developed by Yubico that enables strong, hardware-based authentication. It supports standards such as FIDO2, U2F, and smart card protocols. When used for login, the key performs a cryptographic challenge�response sequence, verifying the user�s identity without transmitting reusable secrets like passwords.

Yubikeys can also store credentials for SSH, GPG, and password managers, ensuring that private keys never leave the device. Since authentication requires physical presence, remote attackers cannot log in even if they possess stolen credentials.

Why it matters

Hardware tokens like Yubikeys dramatically reduce phishing, credential theft, and account takeover risks. They provide a stronger defense than SMS or app-based MFA, which can be intercepted or spoofed.

How to reduce risk

  • Issue hardware tokens to all privileged and administrative users.
  • Enforce phishing-resistant MFA using FIDO2 or WebAuthn.
  • Register backup keys for redundancy.
  • Keep firmware updated and disable unused protocols.
  • Educate users on safely managing and storing their keys.