Disabling YubiKey OTP (One-Time Password) functionality is beneficial if you frequently experience accidental triggers, especially with models like the Nano that remain inserted in USB ports. This change allows for more controlled use of your YubiKey while still leveraging its robust security features for authentication.
Disabling OTP doesn't affect other YubiKey functions FIDO2, U2F, and TOTP capabilities remain active
Reduces the risk of accidentally leaking device id through unintended OTP generation.
Stops your YubiKey from generating codes when unintentionally touched.
Each OTP contains a unique device ID that:
- Remains constant across all codes
- Can be used for device tracking
- Links different activities to the same YubiKey
- Creates a persistent identifier
Particularly important for:
- Security researchers
- Privacy advocates
- Individuals requiring anonymity
- Those working with sensitive information
- Add Yubico repository
sudo apt-add-repository ppa:yubico/stable
sudo apt update- Install required packages
sudo apt install opensc-pkcs11 pcscd libfido2-1 fido2-tools- Start pcscd service
sudo systemctl start pcscd- Install
sudo apt install yubikey-manager- Verify
ykman listykman config usb --disable otp- Launch YubiKey Manager
- Open navigation window
- Select your YubiKey device
- Navigate to the "Toggle Applications" section
- Find the "OTP" application and click on it
- Click the "Disable" button
- Confirm the action when prompted