The OTP application slots on the YubiKey are capable of storing static passwords in place of otherconfigurations. As the name implies, a static password is an unchanging string of characters, much like the passwordsyou create for various online accounts. When a slot containing a static password is touch-activated, the passwordcharacters are sent to the host device as keyboard input (more specifically, as USB HID reports).
Note
Because static password characters are stored on the YubiKey as their corresponding HID usage IDs, sometimes referredto as "scan codes," they can only be communicated correctly when the YubiKey is connected to a host device over USB orLightning. In this case, a host device will translate the HID usage IDs to characters according to the HIDcommunicationprotocol. NFC-enabled YubiKeys use the NDEF communication protocol to submit passwords wirelessly tohost devices as ASCII/UTF characters. Because NDEF expects input (the password) to already be in ASCII/UTF characters,it will send the HID usage IDs to the host device as-is, and the host will not translate them from HID to ASCII/UTF.
As you can imagine, static passwords are not as secure as other configurations, suchas Yuibco OTPs, but their length and complexity still make them resistant to guessing. For thisreason, we do NOT recommend using static passwords unless they are required for use with legacy systems for which otherconfigurations would not be compatible.
Static password configuration
Static passwords can be either randomly generated or manually set by a developer. Both options require configuration viatheAPI's ConfigureStaticPassword()method. Please see How to program a slot with a static password for examples.
Note
Each OTP application slot may store one generated or user-defined password. If you try to configure a slot with both,you will receive a System.InvalidOperationException
.
Generate a password
The GeneratePassword()method allows you to generate a random password of a specified length (up to 38 characters) when configuring a slotwith ConfigureStaticPassword()
. If desired, the SDK can generate passwords using the ModHexcharacter set, meaning that each character of the static password will be one of the 16 ModHex characters. This ensuresthat the generated password will be interpreted correctly by host devices, regardless of which keyboard layout they areconfigured with (e.g. English, German, etc).
Note
GeneratePassword()
can be configured to use any keyboard layout (e.g. US English) inthe KeyboardLayout class.
Set a password
The SetPassword()method allows you to set the static password to anything of your choosing (up to 38 characters in length).
Any key may be used as part of the password (including uppercase letters or other modified characters). However, youmust specify the host device's keyboard layout, as that determines whichHID usage IDs will be stored on the YubiKey (HID usage IDs for some characters can vary across different keyboardlayouts). If your password contains characters that are not present in your chosen keyboard layout,a System.InvalidOperationException
will be thrown.