<aside> 💡 Only buy yubikeys from the official store at https://www.yubico.com/ DO NOT PURCHASE ANYWHERE ELSE.
</aside>
OTP is when you put in the number from the application in your phone when you login. Baddies will trick you into giving them that during phishing and its been a common part of phishing kits for many years. Using a hardware token where you touch the token in your computer (see images below) rather than use the code currently is the best protection we have — Use it!
Untitled
Untitled
Phishing with OTP (successful 😢)
Yubikeys_e3e1ebd28ee041318583bcebe25a8701GitHub_Phishing_OTP.mov
Phishing with Yubikey (Safe! 💪🔒)
Yubikeys_e3e1ebd28ee041318583bcebe25a8701GitHub_Phishing_Yubikey.mov
Most online accounts are secured by a username and a password, this is a single factor of authentication (to prove you are who you say you are!), to keep everyone safe the general security guidance is to recommend that users have an additional form of authentication. This means that if a baddie has your username and password they also need something else to login to your accounts!
Some examples of Multi-factor options: