Jeremy: Created page with " '''YubiKey NEO''' (2012–2018, USB-A + NFC hardware authenticator by Yubico) == Overview == The YubiKey NEO is a multi-protocol hardware token combining USB-A and NFC interfaces. It supports both HID (keyboard) and CCID (smart-card) modes and MIFARE Classic 1 k. == Supported Applications == * '''One-Time Passwords (OTP)''' Two independent OTP slots, each programmable as: * Yubico OTP (ModHex, 32 chars) *** HMAC-SHA1 Challe..."

2025-05-28T06:02:18Z

Created page with " '''YubiKey NEO''' <span style="font-size:90%;">(2012–2018, USB-A + NFC hardware authenticator by Yubico)</span> == Overview == The YubiKey NEO is a multi-protocol hardware token combining USB-A and NFC interfaces. It supports both HID (keyboard) and CCID (smart-card) modes and MIFARE Classic 1 k. == Supported Applications == * '''One-Time Passwords (OTP)''' ** Two independent OTP slots, each programmable as: *** Yubico OTP (ModHex, 32 chars) *** HMAC-SHA1 Challe..."

New page

'''YubiKey NEO'''
<span style="font-size:90%;">(2012–2018, USB-A + NFC hardware authenticator by Yubico)</span>

== Overview ==
The YubiKey NEO is a multi-protocol hardware token combining USB-A and NFC interfaces. It supports both HID (keyboard) and CCID (smart-card) modes and MIFARE Classic 1 k.

== Supported Applications ==
* '''One-Time Passwords (OTP)'''
** Two independent OTP slots, each programmable as:
*** Yubico OTP (ModHex, 32 chars)
*** HMAC-SHA1 Challenge-Response
*** Static Password
*** OATH-HOTP (counter-based)
** Delivered over USB HID or NFC (configurable NDEF URL)

* '''FIDO U2F'''
** Unlimited per-site credentials
** USB HID or NFC for universal second-factor flows

* '''OATH (HOTP & TOTP)'''
** Stores up to 28 OATH credentials
** Accessed in CCID smart-card mode via Yubico Authenticator

* '''PIV Smart Card (CCID)'''
** Certificate-based login, SSH, code-signing
** RSA 1024 and RSA 2048 key support

* '''OpenPGP Card (CCID)'''
** OpenPGP Smart Card v2.0 for GnuPG
** RSA 1024 and RSA 2048 key support

== Physical & Interface ==
* '''Connector:''' USB-A (USB 2.0)
* '''NFC:''' Contactless NDEF + MIFARE Classic 1 k
* '''Dimensions:''' 18 × 45 × 3.3 mm
* '''Weight:''' 3 g

== Limitations (vs. Later YubiKeys) ==
* No FIDO2/WebAuthn (CTAP2) support
* Smart-card key size capped at RSA 2048 bits
* USB-A only (no USB-C)
* No FIDO2 resident (client-side) credentials or passwordless flows
* OATH-HOTP/TOTP only via CCID (no direct OTP keystroke)

== Comparison with Other Models ==
{| class="wikitable sortable"
! Feature !! YubiKey NEO !! YubiKey 4 !! YubiKey 5 NFC
|-
| NFC || Yes || No || Yes
|-
| FIDO U2F || Yes || Yes || Yes
|-
| FIDO2/WebAuthn (CTAP2) || No || No || Yes
|-
| OTP (Yubico/OATH-HOTP) || Yes (slots + CCID) || Yes || Yes
|-
| Smart Card (PIV/OpenPGP) || Yes (≤ 2048 bit) || Yes (≤ 4096 bit) || Yes (≤ 4096 bit)
|-
| USB Port || USB-A || USB-A / USB-C (4C) || USB-A & USB-C
|-
| Resident Credentials || No || No || Yes
|}

== Support ==
* Support Page: https://support.yubico.com/hc/en-us/articles/360013714579-YubiKey-NEO

== Setup ==

Basic setup for use as OTP:

Install ykman:
jeremy@computer $ sudo snap install ykman

Generate an OTP, along with a private ID and key:
jeremy@computer $ ykman otp yubiotp 1 --serial-public-id --generate-private-id --generate-key

Using YubiKey serial as public ID: vvccccsfudhp
Using a randomly generated private ID: 7e5a8b0c664f
Using a randomly generated secret key: 735c8a8b7e8f7c980d6ac716fe8sff34
Program a YubiOTP credential in slot 1? [y/N]: y

Now go to this URL and enter the results to register it: [https://upload.yubico.com/ https://upload.yubico.com/]

Now you can press the button on the YubiKey in different programs and websites to use it as an OTP.

YubiKey NEO - Revision history