If you are using your YubiKey with a service or application, the policy for lost or stolen YubiKeys depends on how that service or application deals with the situation.

The simplest recovery method is if the site supports alternative authentication mechanisms, so that you can regain access to the account and can delete (de-associate) the lost YubiKey from your account. You can then associate another (or a new) YubiKey to your account.

For example, the LastPass Premium subscription allows you to configure up to 5 YubiKeys with a LastPass account, so you can continue to log in using other keys if one is lost. For more information on how to disable a YubiKey with a LastPass account, see the LastPass Help Center.

If you cannot regain access, many sites have an authentication credential recovery mechanism. Use that to regain access to your account. You can de-associate the lost YubiKey, and then re-associate another key.

Applications or services may also provide other mechanisms for users or administrators to assign a new YubiKey in case the user lost an original key. Contact the company  supporting the YubiKey to find out about their policies.

For more information, see our blog post on best practices.

Posted in: Security