OATH YubiKeys

Open Authentication (OATH) is an open standard introduced by VeriSign and designed to enable strong authentication for devices from multiple vendors.

The YubiKey 2.1 includes the option to configure the device to generate event-based 6- or 8 digit one time passcodes (OTPs) that works seamlessly in OATH eco-systems. The YubiKey 2.1 can also be configured to automatically generate an OATH Token Identification string.

With the dual-configuration functionality, the YubiKey 2.1 also supports the proven YubiKey OTP mode, which offers a longer OTP and embedded timing information.

Compared to OATH LCD tokens, the YubiKey is convenient sized, robust and does not require any batteries. With the USB connection, the OTP and optional identifier is automatically inserted in the OTP and identification fields.
 

OATH enterprise software

Yubico does not provide any OATH back-end software or service, but welcomes our customers to contact the range of software providers supporting OATH tokens. These can be found on our partner wiki or at www.openauthentication.org.
 

OATH open source components

If you want to set up an environment for testing the OATH HOTP against a web service, see this link. It allows you to set up the Apache web server with two-factor authentication using a password and an OATH HOTP one-time password. This test software is limited in functionality but can be seen as a starting point for custom developments.