YubiKey facts for kids
 |
|
| Public | |
| Industry | Hardware |
| Founded | 2007 |
| Headquarters | Santa Clara, California, United States |
|
Key people
|
Stina Ehrensvärd (Chief Evangelist and founder) Jakob Ehrensvärd (CTO) Mattias Danielsson (CEO) |
A YubiKey is a small device that helps keep your online accounts safe. It's made by a company called Yubico. Think of it like a special key for your digital life. It helps you log in securely to computers, networks, and online services.
YubiKeys use different ways to protect your accounts. They can create special one-time passwords (OTP) that change every time you log in. They also use advanced security methods like public-key cryptography. This is like having a secret code that only your YubiKey knows, making it very hard for others to get into your accounts.
Many big companies like Google, Amazon, Microsoft, Twitter, and Facebook use YubiKeys. They use them to protect their employees' accounts and even their customers' accounts. Yubico also makes a simpler, less expensive device called the Security Key. It focuses on the most common security features.
YubiKeys can act like a keyboard. They type in the one-time password for you when you plug them into a USB port. They can also work as a special card for signing and encrypting messages. This means you can send secret messages without anyone else being able to read them.
Yubico was started in 2007 by Stina Ehrensvärd. She is now the Chief Evangelist for the company. Yubico has offices in places like Santa Clara, California, and Stockholm, Sweden. Jakob Ehrensvärd, the company's Chief Technology Officer, helped create the main security idea behind the YubiKey. In 2018, YubiKey released its YubiKey 5 series, which added even more security features.
Contents
How YubiKey Started
Yubico was founded in 2007. They first offered a special kit for developers in November of that year. The very first YubiKey was shown to the public in April 2008. A stronger version, the YubiKey II, came out in 2009. The name "YubiKey" comes from "your ubiquitous key," meaning a key that's everywhere. "Yubi" is also the Japanese word for finger.
YubiKey II and newer models have two "slots" for different settings. You can use the first slot by pressing the button quickly. The second slot is used by holding the button for a few seconds. This lets you have two different ways to log in with one device.
New Features Over Time
In 2010, Yubico introduced the YubiKey OATH and YubiKey RFID models. The OATH model could create shorter one-time passwords. The RFID model also had a special chip that could be used for radio-frequency identification, like some access cards.
In 2012, Yubico launched the YubiKey Nano. This was a tiny version of the YubiKey that almost completely fit inside a USB port. Most YubiKey models since then have also been available in this small "nano" size.
Also in 2012, the YubiKey Neo came out. This model added near-field communication (NFC) technology. NFC lets you tap your YubiKey to a compatible device, like a smartphone, to log in. The Neo could also work as a smart card, which is useful for more advanced security tasks.
In 2014, the YubiKey Neo was updated to support Universal 2nd Factor (U2F). This is a very secure way to log in that uses a special public/private key pair. Later that year, Yubico released the FIDO U2F Security Key. This was a simpler, cheaper YubiKey that only focused on U2F security.
The YubiKey 4 series was launched in 2015. These keys could handle even larger encryption keys, making them more secure. In 2017, Yubico added YubiKeys with the newer USB-C connection.
In 2018, the company released the Security Key by Yubico. This was their first device to use the new FIDO2 security standards. FIDO2 is an even more advanced way to log in securely without passwords. This key was also less expensive because it focused only on FIDO security.
How YubiKeys Work
YubiKeys use a special way of typing characters called ModHex. This alphabet uses only certain letters that are in the same spot on most keyboards around the world. This helps the YubiKey work correctly no matter what keyboard layout your computer uses.
For example, if your keyboard is set up differently, the YubiKey might type the wrong characters. ModHex helps avoid this problem. However, newer YubiKeys can be set up to work with different keyboard layouts if needed.
When a YubiKey uses U2F security, it sends special digital messages instead of typing. This avoids any keyboard layout problems completely.
Keeping YubiKeys Safe
Like any technology, YubiKeys have had some security discussions.
Open Source Concerns
Most of the software inside a YubiKey is kept secret by Yubico. Some people in the security community believe that all security software should be "open source." This means anyone can look at the code to make sure it's safe and doesn't have any hidden problems. Yubico has explained that they use special parts in their keys that are very secure, and they don't want to share all the details of how they work.
Past Security Issues
- ROCA Vulnerability (2017): In 2017, a problem was found in a chip used in some YubiKey 4 models. This problem could allow someone to figure out a secret key if they knew the public key. Yubico fixed this issue quickly and offered free replacements for affected keys.
- OTP Password Protection (2018): In 2018, a small issue was found in some YubiKey NEO devices. It meant that in rare cases, the password protection for one-time passwords could be bypassed. This was fixed with a software update, and Yubico offered replacements.
- Reduced Randomness (2019): In 2019, Yubico reported that some of their FIPS-certified keys had a small issue with randomness right after they were turned on. Randomness is important for creating strong, unpredictable keys. This issue was fixed, and replacements were offered.
- Infineon ECDSA Private Key Recovery (2024): In September 2024, researchers found a way to copy a YubiKey if someone had physical access to it and special equipment. This affects YubiKeys made before a certain software update (version 5.7). Yubico said this was a moderate risk because it requires physical access and advanced skills.
Yubico's Community Work
Yubico has also been involved in helping people. In 2018, they gave away free YubiKeys to new subscribers of some technology magazines.
In 2019, Yubico provided 500 YubiKeys to protesters during the Hong Kong protests. The company said they did this to help protect people who are speaking out and using the internet.
More to Explore
- FIDO Alliance
- Nitrokey
- OpenPGP card
