The YubiKey NEO is the strong authentication bullseye the industry has been aiming at for years, enabling one single key to secure an unlimited number of applications.
Our newest NEO keys with the 3.3 firmware support U2F + OTP and CCID at the same time on the same key when running Version 39 of the Chrome browser (released 11/18/14). Users have long sought this multi-functionality, and now it is here.
In a single device, The Yubikey NEO has both contact (USB) and contactless (NFC, MIFARE) communications. It uniquely supports One-Time Passcodes, smart card functionality, including OpenPGP and PIV, and the emerging FIDO Alliance Universal 2nd Factor (U2F) protocol. The YubiKey NEO can be configured for U2F and other modes using the NEO Manager.
UNIVERSAL 2ND FACTOR
FIDO U2F breaks the mold for high security public key hardware devices, removing the complexity of drivers, clients software and the traditional costly CA model. With FIDO U2F, one single YubiKey NEO or NEO-n can be used with any number of online services, with no user information and encryption keys shared between the service providers. In the near future, large scale online services will support FIDO U2F, enabling users to own and control their single and secure online identity for any number of services. Please note, current U2F standards do not support NFC for mobile devices. For more information, you can access the full U2F Specifications on the FIDO Alliance website.
Special YubiKey NEO Features
- Works across Windows, Mac, Linux, major browsers and Android NFC phones and tablets
- Supports multiple authentication protocols, including Yubikey OTP, Smart Card and FIDOAlliance U2F
- Mobile authentication through NFC contactless technology (NDEF type 4), works with Android and other devices (NEO only)
- Mifare Classic, for legacy physical access control systems
- Hardware secure elements secure your encryption keys
CORE YUBIKEY FEATURES
- Works instantly, no need to re-type pass codes from a device
- Identifies as a USB-keyboard, smart card and smart card reader, no client software or drivers needed
- Minimized sized. NEO: 18 x 45 x 3 3 g light, NEO-n: 12 x 13 x 3 mm thin
- Practically indestructible, no batteries, no moving parts
- Integration within minutes with free and open source server software
- Manufactured in USA and Sweden with high security and quality
Integrate YubiKey NEO Support
Learn how you can add YubiKey NEO authentication to your site or service at our developer site.
Start your YubiKey
If you already have a YubiKey NEO or NEO-n, you can try it out here.
Where you can use YubiKey NEO or NEO-n
The YubiKey NEO and NEO-n can be used for securing access to a wide range of applications, including Remote access & VPN, password managers, computer login, CMS, popular online services, etc. Please find the range of open source and enterprise solutions at our Application page.
When can I purchase a YubiKey NEO with FIDO U2F or can I upgrade my current NEO?
YubiKey NEO and NEO-n devices have shipped with firmware version 3.3 since Oct. 1, which includes U2F support along with other protocols including Yubico OTP and smart card functionality. YubiKey NEOs are not upgradable based on best security practices. There is a no upgrade policy for our devices since nothing, including malware, can write to the firmware. For more information see our blog YubiKey and BadUSB
NEW 11/18/14 What are my benefits when using the OTP+U2F+CCID configuration?
When using the YubiKey NEO or NEO-n in OTP+U2F+CCID mode, users can access every feature of their device to secure their online accounts. On the same YubiKey, at the same time, users can use U2F to secure their Gmail account, access services like LastPass, as well as secure their communication using applets loaded on their device, such as the OpenPGP applet.
Please visit our applications website to see the various applications and use cases that NEO supports.
How does the NEO work with my mobile device?
YubiKey NEO has NFC contactless technology capabilities so you can use your NEO on any Android device that supports NFC. U2F is not yet supported over NFC.
Can my NEO work over NFC with my iPhone 6?
Not currently, but once Apple opens up support for NFC to 3rd party developers it may be possible.
Can I use my U2F-enabled NEO device to enable strong 2-factor authentication for my enterprise?
Any online service or application can integrate with the U2F protocol. One of our key partners, Duo Security, is the first to offer enterprise server solutions supporting U2F, you can learn more about Duo Security and U2F.
How many services can the YubiKey NEO/NEO-n be associated with?
There is no practical limit to the U2F secured services the YubiKey NEO/NEO-n can be associated with. During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the YubiKey NEO/NEO-n. Instead, the key pair (public key and encrypted private key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the YubiKey NEO/NEO-n.
How can I setup my Linux instance for use with U2F?
We advise everyone to install the Yubikey NEO manager software. Latest version of this software can be found here: https://developers.yubico.com/yubikey-neo-manager/Releases/
If you have a Yubikey NEO or Yubikey NEO-n ensure you have unlocked the U2F mode by following these instructions:
- If you have a Security Key by Yubico (blue color) U2F is enabled by default (only U2F mode is supported on this product!)
download or create a copy of this file named: 70-u2f.rules into the Linux directory: /etc/udev/rules.d/
If this file is already there, please ensure that the content looks like exactly the one provided on github.com/Yubico (link above)
Save your file. Reboot the machine.
Ensure that you are running Chrome 38 or above. From version 39 of Chrome you will be able to use the Yubikey NEO or NEO-n in U2F+HID mode.
NOTICE: This applies only to Yubikey NEO and NEO-n, the Security Key by Yubico only supports U2F mode enabled by default.