Home » Two-Step Verification » How to use Yubico Authenticator?

How to use Yubico Authenticator?

Using the Yubico Authenticator application is as easy as using any other Authenticator app. Be prepared though to invest a bit of money. The Yubico Authenticator is free to use, but it won`t work without a compatible Yubikey which may cost between $40 and $70. That might sound like a waste of money, but we have to remember that the Yubikey has much more to offer than simply storing your Secret Keys used to generate the OTP codes with the help of Yubico Authenticator.

Disclosure: Some links may be affiliate links. We may get paid if you buy something or take an action after clicking one of these. Please read my Disclosure for more info.

Yubico Authenticator will not work without a Yubikey. A physical device that will store all the secret keys used to generate the OTPs on your phone, PC or Mac, and even Linux. There are many options to choose from, but I like my Yubikey 5C NFC for its small size, latest USB-C, and NFC option, which allows me to communicate with my phone.

  • Open the Yubico Authenticator on your device.
    • Adding credentials.
      • If using a phone.
        • Press plus sign.
        • Scan QR-code or select Manual Entry and type the Secret Key.
        • Rename the Account name if necessary.
        • Press Save.
        • Tap the NFC or insert your Yubikey to the USB port.
      • If using a PC.
        • Insert your Yubikey into the USB port.
        • Press ADD.
        • Scan QR-code or select Manual Entry and type the Secret Key.
        • Rename the Account name if necessary.
        • Press ADD.
    • Deleting Credentials
      • If using a phone
        • Press and hold the credential you would like to delete.
        • Press recycle bin icon.
        • Confirm deletion.
        • Tap the NFC or insert your Yubikey to the USB port.
      • If using Computer
        • Insert your Yubikey to the USB port.
        • Select the credential you would like to delete.
        • Press recycle bin icon.
        • Confirm deletion.

But that`s just a quick snapshot.

In this article, we will take a more in-depth look into the Yubico Authenticator configuration on both your phone and computer. I will explore how we can secure our credentials stored on the Yubikey with a password. I will also discuss the best practice when adding new credentials.

So let’s get started.

You may also like: Should I use Two-Factor Authentication?

How does Yubico Authenticator work?

The Yubico Authenticator allows you to generate the Time-Based OTPs or Counter-Based OTP codes. But unlike any other Authenticator app, the secret keys required to create the codes are stored on a physical device.

Small pen drive like device which holds the secret keys and connects to the computer or your phone via USB or NFC antenna. After establishing the connection, the user then touches the touch-sensitive chip on the Yubikey or swipes across the NFC antenna, and the Yubico Authenticator app generates codes based on the secret keys stored on the device.

How to backup your Yubikey?

Before I dive into the details of setting up and working with the application, it is crucial to understand and plan how to backup the secret keys on your Yubikey. You see, the Yubikey which is required for Yubico Authenticator to work, by design is a write-only device. That means that you cannot retrieve the secret keys stored on your device.

The solution is simple, although a bit expensive; you need two Yubikeys where one will act as a backup option.

A most convenient way is to set up both Yubikeys during the initial 2FA set up on the account you are trying to protect. You will also use this opportunity to copy the QR code or Secret Key for each account so you can always use them to edit or add an account on another device.

If you have already secured your accounts with 2FA using, for example, Google Authenticator app and did not keep the QR codes or Secret Keys, then you are out of luck. You will need to revisit each account and reset your 2FA settings to configure the Yubico Authenticator app.

You may also like: Yubico Authenticator vs Google Authenticator.

Install and open the Yubico Authenticator on your device.

Download the application by visiting the Yubico download page and selecting the device you want the software to be installed on.

Once installed, open the Yubico Authenticator. Notice that the application is now asking you to either tap the NFC or insert the Yubikey into a USB port. The requirement of having Yubikey connected to your device is what makes the Yubico Authenticator so unique.

You will not be able to add or even view your OTP codes without having your Yubikey connected to your device. That`s because Yubico Authenticator generates the codes based on secret keys stored on your Yubikey.

How to use Yubico Authenticator on your phone and PC?

After some experimentation, I have eventually found what I think are the optimal settings for the application. Below is my short guide on how to use Yubico Authenticator application on your phone and computer.

Identify your Yubikey.

For the rest of the tutorial, I will use my Yubikey 5C NFC, which I believe is the latest model supporting NFC and USB-C. If you are not sure which version you have, make sure to visit the Identifying your YubiKey page to find your Yubikey including the available options offered by the device.

Using Yubico Authenticator on your phone and PC.

Make sure both your phone and Yubikey has compatible USB ports or if supported use the NFC. You may need to refer to your phone manual and identify your Yubikey by visiting Identifying your YubiKey page before continuing.

In my case both my phone and Yubikey has USB-C and NFC so I can use either option to connect to my phone.

  • Enable the NFC on your phone.
    • Pull down the menu and select the NFC option.
  • Open the Yubico Authenticator.
  • Swipe your Yubikey at the back of your phone.

If this is the first time that you are using Yubico Authenticator, you may have noticed that not much has happened. That’s because you haven’t registered any accounts yet, and on the next step, we will do just that.

How to add an account to Yubico Authenticator?

I will show you how to configure your Google Account, but the same principle applies to other accounts.

  • Login to your Google Account on your computer.
    • Select the Security tab.
      • Scroll down and find Signing in to Google option.
        • Select 2-Step Verification.
        • Confirm your password.

Follow the instruction below if you are setting up the Authenticator App for the first time. Make sure to copy the QR code and/or save the Secret Key as a backup. Press Can`t Scan it below the QR code to view your Secret Key.

You can then use the QR code or a Secret Key to recreate your credentials in case your phone was lost or stolen, and you had Authenticator app on it.

Remember also to repeat the steps with your backup Yubikey.

  • SET UP THE AUTHENTICATOR APP FOR THE FIRST TIME.
    • Scroll down, and press SET UP Authenticator App.
      • Select your device and press next.
        • Open Yubico Authenticator app on your phone or PC, if using PC you need to insert the Yubkey.
          • Scan the QR code or type the Secret Key.
          • Change the issuer name if necessary.
          • To obfuscate your OTP codes, select Require Touch checkbox.
          • Press Save or Add on PC.
            • Touch the NFC or insert you Yubikey into your phone.
          • You have now saved your secret key for your Google Account on your Yubikey.
          • Repeat the above steps with your backup Yubikey.
          • Remember to save the QR code and/or Secret Key.
      • Press Next and confirm the code to finish the process.

Follow the instruction below if you have already set up other Authenticator App on your account. You don`t need to follow the steps below if you have saved the QR code or a Secret Keys. Use them to set up the Yubico Authenticator without affecting your current set up.

If you don`t have the QR code or a Secret Key, then you have to go through the process again. Remember though, that this will make your existing setup and codes obsolete.

  • CHANGE EXISTING CONFIGURATION USING CHANGE PHONE OPTION.
    • Press Change PhoneWARNING – this will make your existing Authenticator app codes obsolete.
      • Select your device and press next.
        • Open Yubico Authenticator app on your phone or PC, if using PC you need to insert the Yubkey.
          • Scan the QR code or type the Secret Key.
          • Change the issuer name if necessary.
          • To obfuscate your OTP codes, select Require Touch checkbox.
          • Press Save or Add on PC.
            • Touch the NFC or insert you Yubikey into your phone.
          • You have now saved your secret key for your Google Account on your Yubikey.
          • Repeat the above steps with your backup Yubikey.
          • Save the QR code and/or Secret Key.
      • Press Next and confirm the code to finish the process.

How to delete account from Yubico Authenticator?

Deleting credentials from the app is easy, but it might be a bit confusing when you do this first time. Deleting the account from the app is not enough; you have to either tap the NFC or connect your Yubikey to your device to finish the process.

As you may remember, the Secret Keys used to generate the OTP codes are stored on your Yubikey, not the Authenticator app. When you delete the account in the app, you just flagged that record for removal next time the Yubikey is connected to your device.

  • Deleting Credentials.
    • If using a phone.
      • Press and hold the credential you would like to delete.
      • Press bin icon.
      • Confirm deletion.
      • Tap the NFC or insert your Yubikey to the USB port.
    • If using a PC.
      • Insert your Yubikey to the USB port.
      • Select the credential you would like to delete.
      • Press bin icon.
      • Confirm deletion.

What if I lose my phone with Yubico Authenticator on it?

Absolutely nothing.

Remember that your Yubico Authenticator requires Secret Keys in order to generate the OTP codes, and the Secret Keys are stored on your Yubikey. Whoever will find your phone will not be able to view your codes without your Yubikey. This is a definitelly a great advantage in compare to other Authenticator apps.

However, there is a catch.

What if I lose my Yubikey?

You can read about it in my other article where I`m comparing Yubico Authenticator to Google Authenticator.

As you can see Yubico Authenticator is as easy to use as any other Authenticator app. The only difference is the dependency on a physical device, your Yubikey.

Just make sure to have a backup Yubikey hidden somewhere in case you will lose your original one.

Disclosure: This post may contain affiliate links, meaning I get a commission if you decide to make a purchase through my links, at no cost to you. Please read my Disclosure for more info.