Thanks for the explanation.rcxAsh wrote: ↑ One of the main applications as far as I've understood it is to use it as a second factor for your authentication. So then to log into an account that supports it, you would need both your password and the YubiKey physically present to log in. The idea is that you cannot log in with only your password (something you know) or only with the YubiKey (something you have). You need both at the same time. This makes it more difficult for someone to access your account even if they know your password because they would have to physically obtain your YubiKey before they can log in. Similarly, if someone stole your YubiKey but did not know your password, they could not log into your account either.
If you've used other two-factor authentication systems before (a common one is where you have to enter a numeric code generated by your phone or a physical token in addition your password), this is another type of second factor (e.g. you can setup your accounts to use this instead of using a one-time password generated on your phone).
I understand this part but I don't understand how to set it up.
I've read it works without any setup but maybe that's skipping some details?
Does it only work on certain websites that have explicit support for yubikey?
For example, how do I use it to authenticate to RFD?