Yubico Authenticator adds a layer of security for your online accounts. It works by generating 2-step verification codes on either your mobile or desktop device through the OATH-TOTP security protocol. It's important to note that Yubico Authenticator requires a YubiKey 5 Series to generate these OTP codes.
The Yubico Authenticator app works across Windows, macOS, Linux, iOS and Android.
You can download Yubico Authenticator here.
There are many differences between Yubico Authenticator and other authenticators. In most authenticator applications, the secrets are stored on your phone or computer, which can be compromised or stolen. Yubico Authenticator stores the credentials in the secure element of the YubiKey and cannot be extracted from the YubiKey.
That means that regardless of if you lost your phone, changed your phone, or have lost access to Yubico Authenticator, you will not be locked out of your accounts. This is because all the secrets (OTPs that are used to authenticate into your account) are stored on your YubiKey and not the application. All you will need to do is download the app on a desktop or mobile device, plug in your key, or scan your key, and you will have access to all the authenticator credentials stored on the YubiKey.
To learn more about how to use Yubico Authenticator with the services you want to secure, refer to this article for more information.
You can also check out this short video which shows you generally how Yubico Authenticator works across your different devices.
If you are planning on registering a spare key with your accounts, like we recommend, then it's important to save the QR code generated when initially setting up the service. You can read more about this in the OATH-TOTP protocol section of our spare key registration guide here.