Yubikey OTP Secret
Service Name: Yubico (YubiKey)
Service Description: YubiKey is a hardware authentication device manufactured by Yubico that provides strong two-factor authentication through one-time passwords (OTP). The YubiKey OTP secret is the cryptographic key stored on the YubiKey device that generates one-time passwords.
Service Address: https://www.yubico.com/
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but can be implemented at the service integration level depending on the authentication server configuration.
Secret Access Scope: Grants the ability to generate valid one-time passwords for authentication to services that support YubiKey OTP.
Secret Revokement URL: https://www.yubico.com/support/security-advisories/
Secret Example: vvCCccGGhhTTiiUUjj
Suspicious Activity Investigation Instructions:
- Check authentication logs for unusual login patterns or locations.
- Review the YubiKey device's physical security and ensure it hasn't been compromised.
- Verify if there are any unauthorized authentication attempts using the YubiKey.
- Check if the YubiKey has been registered to unauthorized services.
- Monitor for any authentication events that don't correspond to legitimate user actions.
Mitigation Instructions:
- Immediately deactivate the compromised YubiKey in your authentication systems.
- Remove the YubiKey from all associated accounts and services.
- Register a new YubiKey device with fresh credentials.
- Update your authentication server to reject the compromised YubiKey's OTPs.
- If using YubiCloud validation service, contact Yubico support to revoke the compromised key.
- Review and update your security policies regarding physical security of authentication devices.
- Consider implementing additional authentication factors for sensitive systems.