The Yubico Authenticator adds a layer of security for your online accounts. It works by generating 2-step verification codes on either your mobile or desktop device through OATH-TOTP security protocol.
It's important to note that the Yubico Authenticator requires a YubiKey 5 Series to generate these OTP codes.
The Yubico Authenticator app works across Windows, macOS, Linux, iOS and Android.
There are many differences between the Yubico Authenticator app and other authenticators. In most of the other authenticators the secrets are stored on your phone or computer, which can be compromised or stolen. The Yubico Authenticator stores the credentials in the secure element of the YubiKey and cannot be extracted from the YubiKey.
That means that regardless of if you lost you phone, changed you phone, or have lost access to the Yubico Authenticator App, you will not be locked out of your accounts. This is because all the secrets (OTP's that are used to authenticate into your account) are stored on your YubiKey and not the app. All you will need to do is download the app on a desktop or mobile device, plug in your key, or scan your key, and you will have access to all the codes that were originally on it.
To learn more about how to use the Yubico Authenticator with the services you want to secure, please check out this article for more information.
You can also check out this short video which shows you generally how the Yubico Authenticator works across your different devices.
If you are planning on registering a spare key with your accounts, like we recommend, then it's important to save the QR code generated when initially setting up the service. You can read more about this in the OATH-TOTP protocol section of our spare key registration guide here.