When you keep your Nano YubiKey (any YubiKey model with “Nano” or “-n” in the name) inserted in the USB port as intended by the design, you may find that you can trigger OTP codes without meaning to simply by brushing against the YubiKey. There are a few options for resolving this issue.
Changing the YubiKey Configuration to Delay the OTP
There are two ways you can delay the OTP from being sent.
Swap the OTP Credential to Slot 2 (Recommended)
When you move the OTP credential to the second slot, it requires a long 3 second touch to activate so it is much harder to trigger accidentally. See the Swapping Yubico OTP from Slot 1 to Slot 2 article for more information. Note: If you are using the other slot this can impact functionality of tools such as the Windows Logon Tool which requires the challenge-response credential to be in slot 2.
Disable the Fast OTP Setting
By default, YubiKeys arrive with the fast OTP setting enabled so it will instantly start typing the OTP as soon as you touch the metal contact. This can be delayed by disabling the fast OTP setting. Note: The amount of the delay can vary depending on the firmware version on the YubiKey.
Download the command line (CLI) version of the YubiKey Personalization Tool.
Extract the file that is downloaded.
Open Command Prompt (Windows) or Terminal (macOS and Linux).
Use the cd command to browse to the bin folder inside of the extracted folder.
Windows Example: cd Downloads\ykpers-1.19.0-win\bin
macOS Example: cd Downloads/ykpers-1.19.0-mac/bin
Run: ykpersonalize -u -1 -o -fast-trig
Note: macOS and Linux users need to preface the command with ./ so it reads ./ykpersonalize.
Press Y and then Enter to confirm.
Remove and reinsert your YubiKey.
Using Software to Disable the YubiKey After Inactivity
macOS users can use the YubiSwitch application to turn off the YubiKey after a period of inactivity. YubiSwitch is not developed or maintained by Yubico.