Visit Yubico

Yubico was founded by Stina Ehrensvard in 2007 with the goal to make secure online identities truly ubiquitous.


Yubikeys are manufactured in Sweden under best practice security processes in a fully access automated environment, using YubiHSM technology to ensure that no staff or IT administrators can have access to encryption keys. The YubiKey Standard and YubiKey Nano have been granted FIPS 140-2 certification (#2267), validating that the design and security functionality meets the highest security standard. The YubiKey has no battery but features a built in clock that uses the power from the USB-port. This clock can be used to measure the time between two OTPs, verifying user presence and that pre-recorded OTPs cannot be used. The YubiKey is based on standard components, high-pressure molded into plastic, making it practically impossible to tamper. If tampered, it will require sophisticated equipment to read out the secrets and cannot be done without physically destroying the device. Each YubiKey is seeded individually, so any breach would be for that unique Yubikey only, there is no systemic breach.


The YubiKey OTP utilizes 128 bit strong key and the AES state-of-the-art encryption algorithm, same algorithm as used by the U.S. military and governments around the world.


Standard LCD tokens are limited to a truncated 8 digit pass code as it is not feasible for users to re-type longer passwords read from a display. Because the YubiKey automatically enters the pass code for you, the pass code can be much longer. We have chosen the full 128 bit key strength, represented by 32 modhex characters one time pass code, offering several magnitudes higher level of security compared to 8 digits. (As a comparison in strength to resist brute force attacks, 8 digits represents 100 million combinations to brute force while 128bit offers a "whopping" 3,402,823,669,209,384,634,633,746,074,317.7 times 100 million combinations to try!)