Connecting via USB
All of the models in the YubiKey 5 Series provide a USB 2.0 interface, regardless of the form factor of the USB connector. The YubiKey will present itself as a USB composite device in addition to each individual USB interface. An organization that chooses to implement YubiKeys may need to augment their USB device restriction policies, should there be restrictions in place, to allow the YubiKey to be explicitly supported. Each USB device has a Vendor ID and a Product ID that can be used to identify the device. To enable YubiKeys the administrator must allow list the specific VID (0x1050) and multiple PIDs (See Product ID Table) that are used by the YubiKey. Listing VID and PID gives administrators more granular control of how the USB restriction policies are implemented, ultimately allowing a successful YubiKey deployment.
The USB PID and iProduct string will change depending on which of the USB interfaces enabled and are described in the table below. The OTP interface is enabled when the OTP application is enabled over USB. The FIDO interface is enabled when the U2F or FIDO2 applications are enabled over USB. The CCID interface is enabled when the PIV, OATH or OpenPGP applications are enabled over USB. For all YubiKeys, Yubico’s USB vendor ID (VID) is 0x1050.
YubiKey Series | USB Interfaces | PID | iProduct String |
YubiKey Gen 1 | OTP | 0x0010 | N/A |
YubiKey Gen 2 | OTP | 0x0010 | N/A |
YubiKey NEO | OTP | 0x0110 | YubiKey OTP |
YubiKey NEO | FIDO | 0x0111 | YubiKey FIDO |
YubiKey NEO | CCID | 0x0112 | YubiKey CCID |
YubiKey NEO | OTP, FIDO | 0x0113 | YubiKey OTP+FIDO |
YubiKey NEO | OTP, CCID | 0x0114 | YubiKey OTP+CCID |
YubiKey NEO | FIDO, CCID | 0x0115 | YubiKey FIDO+CCID |
YubiKey NEO | OTP, FIDO, CCID | 0x0116 | YubiKey OTP+FIDO+CCID |
YubiKey 4 | OTP | 0x0401 | YubiKey OTP |
YubiKey 4 | FIDO | 0x0402 | YubiKey FIDO |
YubiKey 4 | CCID | 0x0404 | YubiKey CCID |
YubiKey 4 | OTP, FIDO | 0x0403 | YubiKey OTP+FIDO |
YubiKey 4 | OTP, CCID | 0x0405 | YubiKey OTP+CCID |
YubiKey 4 | FIDO, CCID | 0x0406 | YubiKey FIDO+CCID |
YubiKey 4 | OTP, FIDO, CCID | 0x0407 | YubiKey OTP+FIDO+CCID |
YubiKey FIPS (4 Series) * | OTP, FIDO, CCID | 0x0407 | YubiKey OTP+FIDO+CCID |
YubiKey 5 | OTP | 0x0401 | YubiKey OTP |
YubiKey 5 | FIDO | 0x0402 | YubiKey FIDO |
YubiKey 5 | CCID | 0x0404 | YubiKey CCID |
YubiKey 5 | OTP, FIDO | 0x0403 | YubiKey OTP+FIDO |
YubiKey 5 | OTP, CCID | 0x0405 | YubiKey OTP+CCID |
YubiKey 5 | FIDO, CCID | 0x0406 | YubiKey FIDO+CCID |
YubiKey 5 | OTP, FIDO, CCID | 0x0407 | YubiKey OTP+FIDO+CCID |
YubiKey 5 FIPS Series * | OTP, FIDO, CCID | 0x0407 | YubiKey OTP+FIDO+CCID |
Security Key Series (firmware <5.2.7) | FIDO | 0x0120 | Security Key by Yubico |
Security Key Series (firmware 5.2.7+) | FIDO | 0x0402 | YubiKey FIDO |
YubiKey Bio Series | FIDO | 0x0402 | YubiKey FIDO |
*The YubiKey FIPS (4 Series) and YubiKey 5 FIPS Series devices, when deployed in a FIPS-approved mode, will have all USB interfaces enabled. Should an exemption be obtained to deploy these devices with some interfaces disabled, the PID and iProduct values will be identical to the YubiKey 4/5 Series.
Connecting via Lightning®
The YubiKey 5Ci and YubiKey 5Ci FIPS are unique among the YubiKey products in that they can connect via the Apple Lightning® port as well. When connecting via a Lighting® port, the following PID/iProduct values are used:
Lightning Interfaces | PID | iProduct String |
All | 0x0420 | YubiKey 5Ci |
All | 0x0420 | YubiKey 5Ci FIPS |