IMSS
/
Services
/
Information Security
/
Duo MFA
/
Authentication Methods
/
YubiKey security key vs passcode
YubiKey Security Key vs YubiKey Passcode
A YubiKey is a hardware device that can be used as a second-factor option with Duo. Different models exist and offer a variety of capabilities. Some YubiKey devices can function only as a security key, while others can function as a passcode generator or as a security key. Below is a summary of the two modes that YubiKey devices can operate in.
YubiKey Security Key
- Available on most modern YubiKey devices, including multi-protocol devices such as "YubiKey 5 Series", as well as FIDO-only devices such as "YubiKey Security Key Series" devices.
- Does not require Help Desk to set up. Can be done using the Duo Device Management Portal.
- Only supports browser-based applications.
YubiKey passcode
- Requires a YubiKey device that supports OTP protocols (often described as multi-protocol devices), such as the "YubiKey 5 Series" devices.
- Must be set up by IMSS Help Desk. Generally requires bringing the YubiKey device into the Help Desk in-person.
- Works as a second-factor option for a broad range of Duo-protected applications including browser-based applications as well as command-line and Windows login.
I'm planning to purchase a YubiKey. Which one should I choose?
- The YubiKey 5 Series supports both passcode and security key modes. If you're not certain what you need, these devices will offer the most flexibility.
- The YubiKey Security Key devices are more budget-friendly, but can only be used in security key mode and only with browser-based applications. Be sure that you are okay with these limitations before purchasing one of these devices.
More information
Please refer to these links on the Yubico website for more information:
- Compare YubiKey products
- YubiKey 5 Series (multi-protocol, works as passcode generator or security key)
- YubiKey Security Key Series (FIDO-only, works as security key but NOT as passcode generator)