YubiCloud

Yubico’s web service for verifying one time passwords (OTPs)

Core YubiCloud features

  • Strong two-factor validation for any IT system and online service
  • Free and easy web API integration in less than an hour
  • Redundant service with locations on multiple continents
  • YubiKey secrets protected with YubiHSM Hardware Security Module

How it works

We provide free web APIs for quick and easy integration of YubiCloud into services and IT systems. Five YubiCloud OTP validation servers are located around the world, distributed and synchronized to ensure that there is no single point of failure.

Integration guidelines

The growing popularity and adoption of YubiKey has resulted in a number of partner enterprise solutions and open source projects offering server-side YubiKey modules for two-factor authentication. However, as Yubico and its customers have noticed a large variance in the deployment, management, authentication and recovery capabilities offered by these modules we propose a set of general guidelines for the module design that will help to assure a good user experience.

Required

  • YubiKey Hardware
  • YubiCloud or own validation server

How to add YubiKey authentication to server-side applications

Follow the guidelines in the design guidelines document.

YubiKey module design guideline document (pdf)

This document provides the general guidelines for the development of a YubiKey authentication module so that it will work smoothly for the majority of use cases we have been exposed to. It covers the capabilities we recommend to be supported and the considerations to be made when designing and developing a comprehensive and configurable YubiKey authentication module for server-side applications. The document also provides recommendations for how the module should be implemented, administered and maintained. The document does not cover any specific platform or programming language details.

YubiKey authentication modules

YubiKey authentication modules are developed to add YubiKey two-factor authentication to server-side applications. The YubiKey Authentication Module can validate the OTP against either own Validation Server or against the Yubico Online Validation Service. You will have to decide which model works best for your application. The main benefit with your own server is that you are in full control over all AES keys programmed into the YubiKeys. The main benefit of using the Yubico online Validation Service is that the YubiKeys are already ready to use with the Online Validation Service out of the box (no additional handling needed). It also enables users that already have a YubiKey to sign up for your service.

Read more about Yubico OTP on our developers site