Flexible Modern Authentication with the Multi-Protocol YubiKey

Most organizations work with multiple services and applications, and thus different authentication protocols, to meet all their security needs. Oftentimes, the protocol is predetermined by the application or service provider. However, in other cases, a business or systems integrator has some flexibility on which integration approach or third party to use. When it comes to authentication choices, there is typically no such thing as a silver bullet. The YubiKey was designed with this in mind to support multiple methods for authentication, enabling users and integrators to utilize the best method for each solution.

YubiKeys have multiple authentication protocols, spanning One-Time Passwords (OTP), CCID (smart card), and Universal 2nd Factor (U2F). Each protocol has support for different services and apps, much like a toolbox, allowing the user to select the correct tool for the task at hand.

OTP supports protocols where a single use code is entered to provide authentication. These protocols tend to be older and more widely supported in legacy applications. The YubiKey communicates via the HID keyboard interface, sending output as a series of keystrokes. This means OTP protocols can work across all OS/Environments that support USB keyboards, as well as with any app that can accept keyboard input. Some common services that use OTPs are network devices like VPNs and local authentication services with user login, as support for OTPs tend to be the most straightforward to integrate.

CCID, or smart cards as their interface is more commonly called, is another supported protocol on the YubiKey. The YubiKey identifies itself as a smart card reader with a smart card plugged in, so it will work with most common smart card drivers. Windows has native support, Linux has the OpenSC project, and macOS has support for smart cards natively on Sierra (10.12) and higher. The YubiKey allows 3 different CCID protocols to be used simultaneously – PIV, as defined by the NIST standard for authentication; OpenPGP for encryption, decryption, and signing; and OATH, for client apps like Yubico Authenticator and Windows Hello. The open source nature of the supported smart card protocols make them ideal for integrating with existing environments, such as Windows Authentication, Active Directory Federated Services, SSH or OpenPGP, and derived services.

FIDO U2F is the newest protocol supported by the YubiKey. Developed by Yubico and Google, the U2F protocol provides strong authentication without requiring a complex backend or framework to support it. Turning traditional authentication on its head, FIDO U2F makes the authentication device (like the YubiKey) the authentication provider. It issues unique keys to the services it is authenticating against, ensures each service does not have any information about the others, and removes the need for a central authentication service. With FIDO 2.0, the specification is growing to meet evolving industry needs, while ensuring that the previous generation is not rendered obsolete. The security built into the U2F protocol makes it ideal for web applications or customer-facing apps, which may be exposed to attacks on the information in transit between the user client and server.

Each protocol has strengths and weaknesses, restricting the situations where each one is most effective. However, the YubiKey resolves this limitation by supporting all of the different protocols on a single device, all at the same time. Like a carpenter using the right tool in his toolbox for the job at hand, users and integrators are able to secure their applications and services with the YubiKey using the appropriate protocol for each environment.

To learn more about the protocols supported by the YubiKey, please refer to our Developer site.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day