How Yubico OTP works

This is the seventh post in a mini-series about security, to mark an upcoming security upgrade to our login and authentication system. All new changes will be launching on Monday, 25th July 2016.

In yesterday’s post, we looked at how U2F security keys work. Today we’re going to look at look at how Yubico OTP works, the third and final method of two-step verification we will be supporting from tomorrow. We’ll explore how it works from a technical side, and its strengths and weaknesses.

A security key is a small USB device that you use to log in securely to your accounts online. While (we hope) the future is for U2F security keys, a super-secure open standard implemented by several manufacturers, these still have compatibility issues which mean they may not be suitable for everyone. Most security keys from Yubico also support another protocol called Yubico OTP. (If you own an older YubiKey, it may only support this and not U2F.)

Using a Yubico OTP security key with FastMail is simple, and in fact works exactly the same as with U2F keys. You just plug it into your computer when prompted and press the button on the top.

Under the hood however, the way they work is very different! With Yubico OTP, your security key acts like a keyboard, and when you press the button it actually types in a 44-character single-use password. The first 12 characters are a unique id that identifies the security key. The remaining 32 characters contain a bunch of information that’s encrypted (with AES, crypto folks) using a key known only to the device and Yubico’s servers. The information includes:

• A private internal value.
• A number of counter fields (each time you plug the key into a machine, or generate a new key, internal non-volatile counters are incremented).
• Timer field (an internal 8hz counter value).
• A random number.
• A CRC checksum.

At FastMail, we get the 44-character code. We check that the first 12 characters correspond with a YubiKey you’ve registered with your account, then we send the code on to the Yubico servers. Since they have the shared secret encryption key, they can decrypt the values and check to make sure they are valid (e.g. counters are all higher than their previous values, the checksum is valid, etc.). If everything checks out, they return an OK to FastMail and you’re in!

Strengths and weaknesses

Compared to U2F, the big upside of this system is increased compatibility. Because it behaves just like a keyboard, you can use it with any browser on any system with a USB port.

However, it doesn’t share the same security properties of U2F. There’s nothing to stop you inserting the one-time code into a phishing site. The codes are single use but there’s no time limit mechanism other than a sequential ordering of the codes (i.e. once a newer code has been used you can’t use an older one). A code is valid until the Yubico server sees the newer one.

The security keys have an ID which is the same wherever you use it, even across different sites. We have to ask Yubico to verify the code, so there’s an extra service that needs to be trusted to keep your account secure.

So what should I use: TOTP, U2F or Yubico OTP?

Unfortunately, there’s no one right answer. It depends on which strengths and weaknesses are important to you. U2F is definitely the most secure, but only compatible with Chrome (and not really usable yet on mobile).

However, we can say that using any of these to add two-step verification to your account will make it much harder for an attacker to gain access. And of course you can register as many security keys and authenticator apps with your account as you like, so you can use different methods in different situations.

Whatever you choose, enabling two-step verification is a big step forward in keeping your account safe.