Yubico Forum

Could a potential attacker be able to store the output from a Yubikey that he would temporarily have in his possession and then use that output to login into a Bitlocker-protected Windows 10 machine with the Yubikey login tool?

What about storing an OTP for later use to authenticate other things like Lastpass?

I assume you're referring to...

HMAC-SHA1 Challenge-Response (Windows Login) - No, Challenge-Response doesn't emit any text like OTP does, and the secrets can't be read off the YubiKey.

Yubico OTP (LastPass) - Yes and no, depending on the use case. Yes, if someone gets your YubiKey and sends an OTP to to their e-mail (for example), they could use this later UNLESS you have validated again since the OTP was generated. Validating a newly generated OTP invalidates all previously generated OTP.

So basically, if you believe someone might have grabbed an OTP, just go to demo.yubico.com as soon as possible and test single-factor. Running this test will invalidate any previously generated OTPs.

Would there be a way to find out if an OTP was generated without being used yet?

I'm assuming that the OTP is only verified through a Yubico server or some central server on the Internet?

There is no way to determine if additional OTPs were generated between the last successful authentication