What happens if I don’t have my YubiKey with me?

The answer depends on what option each application vendor and service provider offer users to address such a situation. It is common practice that the application/service may offer options to temporarily disable the need for the YubiKey Authentication and  fallback to one-factor authentication for certain duration (such as a day). Other applications may provide temporary OTPs over other communication channels, like SMS or email. Some applications may even support backup mobile tokens. But again, all these options need to be implemented by the application vendor/service provider in a way that suits their security requirements. Please check with any application or service to see how they handle situation where a user’s YubiKey is unavailable.

Posted in: 2. The YubiKey