Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A Yubikey can be run either in TOTP mode, in U2F mode, or as a generic smartcard. (Or a combination of the above.) It's configurable.

I use a Yubikey that's configured both as a U2F token for Google, as well as a smartcard for PGP/SSH use.

And their core, the construction of a Yubikey, smartcard, and HSM are very similar. The core idea is that you have physically secure memory guarded by a dedicated cryptoprocessor, so that your secrets never have to be exposed to the host OS when performing a signing operation.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: