What is a YubiKey?

A YubiKey is a physical security key developed by Yubico, used for two-factor or multi-factor authentication (2FA/MFA). It adds an extra layer of protection during login, verifying that it is truly you — not someone who has stolen your password — trying to access the system. 

Think of a YubiKey as a digital key: without it, you can’t get in, even if someone knows the “lock code” (your password). When you connect it to your computer or mobile device and press the key, it securely and cryptographically verifies your identity. 

How does YubiKey work?

YubiKey uses standards such as FIDO2, U2F (Universal 2nd Factor), and Smart Card (PIV) to authenticate users without storing sensitive data locally. It works across multiple services — from Microsoft 365, Google Workspace, and GitHub to various VPN and IAM systems. 

A YubiKey functions both online and offline and supports several connection types (USB-A, USB-C, NFC, and Lightning). This makes it ideal for both private and professional users seeking strong authentication without relying on SMS or apps. 

Sicra and YubiKey

At Sicra, YubiKey is recommended as part of a holistic security setup for identity and access management, especially in combination with services like IAM (Identity and Access Management), PAM (Privileged Access Management), and Multi-factor authentication (MFA). 

In many organizations, YubiKey is part of Sicra’s work on secure login, MFA strategies, and Zero Trust architecture, where physical authentication helps eliminate vulnerabilities related to phishing, password reuse, and account compromise. 

Services

Learn more about IAM (Identity and Access Management) here > 

Learn more about PAM (Privileged Access Management) here > 

Learn more about Multi-factor authentication (MFA) here > 

Learn more about Zero Trust architecture here > 

Related terms: Multi-factor authentication (MFA), Passwordless, FIDO2, SSO, Zero Trust, Entra ID, IT security, Digital security, Phishing, Password spraying