It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device.

A YubiKey can also present itself as an OpenPGP card using 1024, 2048, 3072 and 4096-bit RSA (for key sizes over 2048 bits, GnuPG version 2.0 or higher is required) and elliptic curve cryptography (ECC) p256, p384 and more, depending on version,[11] allowing users to sign, encrypt and decrypt messages without exposing the private keys to the outside world.

This feature allows code signing of Docker images as well as certificate-based authentication for Microsoft Active Directory and SSH.

[12][13][14][15] Founded in 2007 by former CEO now Chief Evangelist Stina Ehrensvärd, Yubico is a Public company with offices in Santa Clara, CA, Bellevue, WA, and Stockholm, Sweden.

[16] Yubico CTO, Jakob Ehrensvärd, is the lead author of the original strong authentication specification that became known as Universal 2nd Factor (U2F).

The Neo is also able to communicate using the CCID smart-card protocol in addition to USB HID (human interface device) keyboard emulation.

The CCID mode is used for PIV smart card and OpenPGP support, while USB HID is used for the one-time password authentication schemes.

This slotted in between the Neo and FIDO U2F products feature-wise, as it was designed to handle OTP and U2F authentication, but did not include smart card or NFC support.

[39] Alternatively, this issue can be addressed by using operating system features to temporarily switch to a standard US keyboard layout (or similar) when using one-time passwords.

However, YubiKey Neo and later devices can be configured with alternate scan codes to match layouts that aren't compatible with the ModHex character set.

U2F authentication in YubiKey products bypasses this problem by using the alternate U2FHID protocol, which sends and receives raw binary messages instead of keyboard scan codes.

[49] In January 2018, Yubico disclosed a moderate vulnerability where password protection for the OTP functionality on the YubiKey NEO could be bypassed under certain conditions.

The issue was corrected as of firmware version 3.5.0, and Yubico offered free replacement keys to any user claiming to be affected until April 1, 2019.

In September 2024, security researchers from NinjaLab discovered a cryptographic flaw in Infineon chips that would allow a person to clone a Yubikey if an attacker gained physical access to it.

Yubico rated the issue as "moderate" citing the need for an attacker to have physical access to the key, expensive equipment, and advanced cryptographic and technical knowledge.

The company states the decision was based on their mission to protect vulnerable Internet users and work with free speech supporters.