The YubiKey works directly out of the package. Most of the time there is no need for installation of software or drivers for the YubiKey to work, as it is entirely up to the service provider to implement support for the YubiKey.
Generally, you should set up your primary YubiKey and any spares at the same time. A spare YubiKey is as important as your house key, car key or other keys. Just like you wouldn’t want to lose those keys, you don’t want to lose your only YubiKey either. Because of this we strongly recommend you to get a spare key if you haven’t already.
Since it’s up to each service provider to implement both security key support and their respective set-up instructions, this process differs from service to service. In the step-by-step instructions below the basics are covered including registering your YubiKey with services that support the protocols Yubico OTP, U2F and WebAuthn/FIDO2.
Adding a YubiKey to a service
Setting up a YubiKey can often differ from service to service. To start, you should confirm which YubiKey you have if you are unsure, and then visit the Yubico start page for further instructions. You can also follow the steps written below for how the setup process usually looks when you want to directly add your YubiKey to a service.
-
Start with having your YubiKey(s) handy.
-
Login to the service (i.e. websites and apps) you want to protect with your YubiKey.
-
Make sure the service has support for security keys. If you’re unsure if the service you’re trying to register the YubiKey with has support for security keys, you can always checkthe Works with YubiKey catalog. If the service is not present in the catalog, reach out to the service's support team directly for confirmation on if they support security key authentication.
-
Make sure the service has support for security keys. If you’re unsure if the service you’re trying to register the YubiKey with has support for security keys, you can always checkthe Works with YubiKey catalog. If the service is not present in the catalog, reach out to the service's support team directly for confirmation on if they support security key authentication.
-
Find the account settings of the service and then look for security. From there you should be able to find an option for 2FA/MFA, or adding security keys. Many services that do not support security keys will instead support authenticator apps, in which case you can use Yubico Authenticator to add authenticator app credentials.
-
Once you’ve found the option to add a security key, follow the service provider's instructions.
-
Adding a spare key often has the same setup process as the primary YubiKey.
-
Adding a spare key often has the same setup process as the primary YubiKey.
-
You should now have registered your primary YubiKey and spare key.
As mentioned previously, the Works with YubiKey catalog is a great place to find tailored guides and setup instructions. In the catalog, you can search for the service you want to add an extra layer of protection to, select the service, and the service provider's page provides links to setup instructions.
Using a YubiKey with Yubico Authenticator
Yubico Authenticator allows you to store TOTP credentials on a YubiKey so that your secrets cannot be compromised. (This is different and more secure from most authenticators that usually store the credentials on the phone/computer itself).
Yubico Authenticator requires a YubiKey from the 5 Series to generate TOTPs (time-based one-time passwords). More information on Yubico Authenticator can be found here, and for information on how to use your YubiKey with authenticator codes, refer to this article.
If you haven’t already, you can download Yubico Authenticator here.
Using a YubiKey to log in to your computer (standalone / home user)
You can use a YubiKey 5 Series to securely log in to your computer. Refer to the guides below depending on your operating system:
Windows
Note: This option requires a YubiKey 5 Series. The Security Key Series is not supported.
macOS
Linux