Salesforce.com Winter ’17 Release (September 2016)
Salesforce completed integration of the FIDO Universal 2nd Factor (U2F) authentication standard in the Winter ’17 release. It’s a more secure, more convenient alternative to using Salesforce Authenticator or One-Time Passwords (OTP) sent by email or SMS.
Salesforce.com Winter ’15 Release (January 2015)
Salesforce introduced two-factor authentication with One-Time Passwords (OTP) in the Winter ‘15 Release. As a Salesforce admin, you can allow users to authenticate with their YubiKey(s) any time they’re challenged to verify their identity.