A One-Time Password (OTP) is a password valid only for a single use and, once used, cannot be used again for authentication. A Yubico OTP is unique sequence of characters generated every time the YubiKey button is touched. The Yubico OTP is comprised of a sequence of 32 Modhex characters representing information encrypted with a 128 bit AES-128 key.

The information that makes up a Yubico OTP consists of:

  1. The private identity of the YubiKey
  2. Counter fields tracking how often the YubiKey has been used
  3. A Timer field tracking the time between generating each OTP
  4. A Random number to add additional security to the encryption
  5. A closing CRC16 checksum of all the fields

For more information about which YubiKeys support the Yubico OTP, see YubiKey Hardware.

Posted in: Basics