Yubico Forum

I currently use an app called Authy as an alternative to Google Authenticator which generates all my auth codes for over a dozen sites. I would like to use my Yubikey Neo to generate those codes at the push of a button. I have an iPhone, not an Android phone, so I can't use your Android app. I downloaded a Mac version of the Yubico Authenticator, but it won't recognize my Neo. I'm comfortablish on the command line but the process to get this up and running seems inordinately complex and I've already been ground to a halt trying to configure this thing for logging into my Mac.

I also bought a Yubikey U2F which, obviously, was incredibly easy to configure with Google and Dropbox. I guess what I'm wondering is, if that's so easy, why is it so complex for me to configure this thing to do all the other stuff I want it to do? How can I do what I want simply?

Why not design an app that just says, "How would you like to use your Yubikey?" with checkboxes for "to login with two factor auth for websites," "to login to my computer," "to store my PGP/GPG keys," "to store my SSH keys," and automate that process through the app instead of making such a complicated path for less hardcore folks like me?

The whole issue with broad adoption of advanced security is that there's such a high level of know-how needed to make even the most basic things work (like GPG) that the average end user will never adopt it. I thought the U2F was awesome and wanted to do more with it, so I bought a Neo. Now I feel like I wasted my money on something I can't even get working without having to write forum posts. Must we count on website owners to add U2F support instead of counting on you guys to make kick ass software that makes it easy for fools like me to secure their devices?

Like, why does this exist instead of an app to drag and drop my GPG private key and my SSH private key directly onto the Yubikey and have them activated for use automatically?

It depends on what type of OATH codes are used...
HOTP - counter based, you can program this into Slot 2 and use long-press
TOTP - time based, requires Yubico Authenticator (so button press is irrelevant, requires system time and the helper app)

If Yubico Authenticator doesn't see the NEO, you most likely still need to enable CCID mode (smart card functionality). Install the YubiKey NEO Manager to enable CCID, power cycle, and run Yubico Authenticator again. https://developers.yubico.com/yubikey-n ... /Releases/

Yubico is working on a configuration app that is more user friendly and handles the functionality of the NEO Manager / Personalization Tool - we are in the early testing phase right now.

iOS NFC is still limited to Apple Pay only and is not available for third-party developers to utilize, and Windows Phone cannot handle NFC/Mifare combo devices, so we are currently working on a BLE YubiKey to address these (and other) limitations.

If you're curious why smart card communication over USB is disabled by default on NEOs, it's because a good percentage of users never even use the smart card functionality over USB, and due to the way smart card / USB devices behave, the "smart card" has to be disconnected each time you want to use one of the configuration slots, and then reconnected. If you have your volume turned up, this results in the annoying disconnect/reconnect sound from the OS. The smart card functionality is still available over NFC when CCID mode is disabled, so apps like Yubico Authenticator for Android continue to work.

This is very valuable input. When you work with the same tools all the time, it's easy to get used to and not see their usability issues.


Since Smart Card communication is disabled by default, we should make Yubico Authenticator detect that a NEO without Smart Card communication is inserted (and give the user an option to enable it). I created an issue to implement this.


"to login with two factor auth for websites"
This is essentially what Yubico Authenticator is trying to do (I know that it didn't work for you, but we're now working on that).


That PGP/SSH guide is old. Many things can be done much easier now. We will update it! In the meantime, maybe this guide or this one helps?

This is why U2F exists and why Yubico has put a lot of effort into U2F. If the other authentication protocols were as easy to use, U2F would probably not exist.

Btw, I'm a developer at Yubico and I find GPG+SSH setup frustrating myself at times, so there's no reason for you to feel like a fool