Q: There are several types of OTP tokens out there. Which is the YubiKey?
A: Many OTP solutions today depend on time-synchronized tokens and verification service. Since each OTP is valid for only a limited time, this solution adds higher protection against phishing. Unfortunately the synchronization process is difficult to administer and out-of-synch tokens add frustration for users.
Other OTP solutions depend on a incremental internal sequence counter as the basis for the OTP generation. In this case an OTP does not expire, and thus the risks are higher, but at the same time it is generally an easier system to administer than time-based tokens.
YubiKeys combine the best of these two approaches. There is no need for the YubiKey tokens to be synchronized to a common server time. Each token has an internal sequence counter that is partly driven by its internal clock. YubiKey's unique design ensures that this counter is part of the generated OTP, so the system in effect lets the service check synchronization at the OTP validation time.
|