How to add a spare YubiKey security key and why to do it

How to add a spare YubiKey security key and why to do it

 


YubiKey hardware security key very reliable – it is resistant to wear and tear and does not lose its properties when exposed to water. But it has a small size, so it can get lost by accident. Also, criminals can try to steal it if you often work in crowded places.

Of course, after losing the security key, almost all access to accounts can be restored, but correspondence with service administrations can take a lot of time. In order not to lose it, we, as the official distributors of the YubiKey manufacturer in Ukraine, always recommend buying a pair security keys, one of which will be kept in a safe place, such as a safe.

The second YubiKey hardware key, does not necessarily have to be the same form factor or belong to the same series as the main one. But it is important that the keys support the same protocols. These can be OTP passwords, FIDO2, FIDO U2F or the OATH-TOTP protocol.

Importantly. Having a spare key will help in emergency situations and save precious time.

Registration of the YubiKey security key with OTP or FIDO protocols

 


To find out which services support the security key protocols of your choice, go to the “Services Compatible with YubiKey Security Keys”.

If your security key supports OTP1 або FIDO2protocols, the second key will need to be registered3 just like the first one. But keep in mind that the keys are not related to each other in any way, because they are created in such a way that the information contained on them cannot be transferred or copied. Therefore, each key must be registered separately so that any of them can be used for authentication in the future.

1 OTP (One Time Password) is a password that is valid only for one authentication session.

2 FIDO (Fast Identity Online) is a protocol for passwordless or two-factor authentication.

3 To register the security key, you can use the instructions in the catalog.

Registration of YubiKey security key with OATH-TOTP protocol

 


If your chosen service or service uses the OATH-TOTP4protocol, then you need to register the second security key differently.

4 OATH-TOTP (Time-based One-Time Password Algorithm) is a secure authentication algorithm using a one-time password.

When you register the first key, you will receive a secret in the form of a QR code. You will need to scan it and save it in a safe place. This code will be needed when registering the second key.

To do this, you will first need to use the Yubico Authenticator app to scan the QR code that was issued to the first security key by the service. Then get the QR code for the second security key. Scan it with the same app and link them that way. After that, you can use any of these keys for authentication.

Please note: If you did not save the QR code that was provided to you by the service or service the first time, you must first delete the key from your account and start registering security keys again.

Registration of YubiKey security key with Challenge-Response protocol

 


For services that use Challenge-Response (or “request-response”) protocols or a static password function, the second key registration instructions will be similar to the previous one. Only for the Challenge-Response protocol, instead of the QR code, you will need a backup copy of the secret encrypted in the first key of the YubiKey. With its help, you will encrypt your data in a spare key.

 

To perform these actions, you will need the YubiKey-manager application, which can be downloaded from the links:

In the application, go to the menu program -> OTP and make settings


You will not need a copy of your credentials to register a spare key with the static password feature enabled. But only if your password does not exceed 38 characters. Otherwise, you will need to use a copy of the parameters stored in the credentials: public ID, private ID, and secret key.

You will need the YubiKey Personalization Tool to set it up. It works with all keys (except the Security Key series). You can download them from the links below.

Download YubiKey Personalization Tool v3.1.25:


Download YubiKey Personalization Tool v1.19.0:

In the application menu, find sections Static password > Additionally and make the necessary settings. As in the previous cases, if you have not previously saved your public ID, private ID and secret key, you will need to delete the first key from your account and register again.


If you have not yet purchased a second key, you can choose it in our online store.

OTP passwords on YubiKey — how it works

OTP passwords are one-time passwords (the origin of OTP is from English one time password) that are used for one authentication session. Their effect is usually limited by time. You may have received such codes by phone or mail when trying to access online banking or...

How to protect yourself from phishing with YubiKey on Binance

Binance is one of the largest and most popular cryptocurrency exchanges in the world. With its help, you can monitor the movements of the cryptocurrency market, invest in digital assets and conduct trading operations in real time. Of course, in order to use the...

Yubico Authenticator – User Guide

This guide is designed to help you set up your YubiKeys on any services that offer two-factor authentication connections using authenticator programs that generate codes.

How to set up a YubiKey in Linux using call-response

YubiKey hardware security keys make your system more secure. And the procedure of logging into accounts is faster and more convenient. Follow the instructions below to easily add the required settings on your Linux system.Setting up the YubiKey in Linux is quite...

5 ways to install Yubico software on Linux

To use YubiKeys on a Linux system, you will need to install the appropriate Yubico software: Yubico authenticator; YubiKey Manager; Built-in repositories; Yubico PPA packages; Compilation from the source code. Installing the Yubico Authenticator There are several ways...

How to add a spare YubiKey security key and why to do it

How to add a spare YubiKey security key and why to do it How to add a spare YubiKey security key and why to do it   YubiKey hardware security key very reliable – it is resistant to wear and tear and does not lose its properties when exposed to water. But it has a...

How to configure YubiKey on Linux using U2F function

With the help of YubiKey hardware security keys, your system receives an increased level of protection, and the process of logging into accounts becomes faster and more convenient. To easily configure the necessary parameters on a Linux system, you should follow the...

Using YubiKey with Google Accounts

How to set up YubiKey with Google AccountHow to set up a YubiKey to protect Google Accounts? With hardware security keys, you can get the additional protection of two-factor authentication to make your login procedure secure. Follow these step-by-step instructions to...

How to set up a YubiKey with a Dropbox account

How to set up a YubiKey with a Dropbox accountHow to set up a YubiKey with a Dropbox account? With hardware security keys, you can get the additional protection of two-factor authentication to make your login procedure secure. Follow these step-by-step instructions to...

Using your YubiKey with Facebook

Using your YubiKey with FacebookWith hardware security keys, you can get the additional protection of two-factor authentication to make your login procedure secure. Follow these step-by-step instructions to easily set up a U2F security key to work with your Facebook...