This app was mentioned in 17 comments, with an average of 2.82 upvotes
I use it every day to pay for my coffee and for the Yubico Yubikey replacement for Google Authenticator. Yubico requires me to tap an nfc-ready keyfob to my phone before it will generate Authenticator Codes.
Edit: Links added.
I don't think you can use the neo to unlock your phone, at least i have never tried. But to actually authenticate with the key you need to tap it on the back of your phone having NFC on, it won't do anything if its just near your phone.
Using 2FA with your key you will need this app, pretty simple to set up. Similar to google authenticator or authy. https://play.google.com/store/apps/details?id=com.yubico.yubioath&hl=en
Because you shouldn't merge your first and second factors into one.
You're opening up the possibility of an attacker being able to intercept and/or hijack your tokens and token-generating program (e.g. seed values).
For 2FA to be effective your tokens need to come from a separate dedicated hardware device or from a piece of paper.
BTW, the Yubikey is supported on Android devices. On desktop platforms you can use a helper app. This is secure (compared to running a TOTP app on your machine) because the Yubikey actually provides the tokens and is a self-contained security module instead of a general purpose computer.
If you have Yubico Authenticator https://play.google.com/store/apps/details?id=com.yubico.yubioath it should be as simple as clicking the top right menu icon in the app and hitting "Scan account QR-Code", scan the code and tap the NEO to the phone when prompted.
I also save the QR code image and make an encrypted backup on a USB key locked away, just in case I lose the Yubikey or want to set up a new one from scratch, but that's going off on a bit of a tangent...
Edit
I have never added a new site from the desktop app, only from the phone app.
I am referring to the Google Play Store.
https://play.google.com/store/apps/details?id=com.yubico.yubioath&hl=en_US
There is nothing for ios as Apple does not support NFC yet. Once the 5Ci is released and iOS13 maybe we'll see that change.
Download this app and for me it did everything I needed automatically.
https://play.google.com/store/apps/details?id=com.yubico.yubioath
Edit: to be clear for my experience- I used my computer to setup the yubikey as 2FA for Google and then when I went to login on my phone (with this app already installed) I just followed the directions and it worked.
You can use the Yubico Authenticator Android app to test NFC.
Another general NFC app for reading tokens is NFC TagInfo by NXP.
i personally love Yubico Authenticator
doesn't matter what device i have as long as i have my yubikey neo.
tie it with lastpass and its all i need.
yes you can yubikey your google authenticator with yubico authenticator app
I set mine up to work with a Yubikey Neo:
https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
It's a pain to setup the first time, but easy to use afterwards. This way the secret keys used to generate the 6 digit codes are stored on the Yubikey where they can't be extracted (probably). I personally don't trust my phone to store the 2FA secret keys.
You can see the codes on an Android phone with their authenticator app by tapping the phone using NFC. https://play.google.com/store/apps/details?id=com.yubico.yubioath
You can see the codes on your desktop by plugging the yubikey into the USB and using their desktop program:
https://developers.yubico.com/yubioath-desktop/
There are any number of possible "factors", but generally speaking people mean "something you know" and "something you have" when talking about 2FA, and that's where I'll stay for the purposes of this discussion.
"Something you know" covers passwords, answers to security questions, and anything else that's a piece of knowledge you could tell me and I could use to authenticate as you at an arbitrary time in the future.
Most commonly, a "something you have" is a device (smartphone!) that implements HOTP or TOTP. Since the algorithms produce different numbers every 30 seconds, someone who intercepts the number once has no way of predicting what the correct number will be after the 30-second period has finished. This is really important, because it means to successfully compromise your account, an attacker not only has to steal or guess your static password (which they can do remotely), but steal a physical device that you probably keep on your person, and either alert you to it being stolen or copy the inputs the device uses for the OTP algorithm (which isn't trivial).
Personally, I use a Yubikey and either U2F or their HOTP/TOTP app. It's pretty cheap compared to most HSMs, and is significantly less likely to be compromised than my computer or phone. For most people, an OTP app is sufficient, but since I often find myself with full-access Amazon credentials for companies and things like that, I have a bit of a more paranoid risk model than most.
Looks like it's back up, I can see it here:
https://play.google.com/store/apps/details?id=com.yubico.yubioath
Requirements
Instructions
https://support.yubico.com/support/solutions/articles/15000006419-using-your-yubikey-with-authenticator-codes however cannot find those settings to "enable a 2fa"
I have a Yubikey Neo too! An older model. I like it because you can tap it to any NFC-enabled phone and authenticate that way.
For TOTP, you use Yubico Authenticator on Android with NFC. It's also available for desktop, where you plug it into your USB port.
It was a long time ago that I got it set up, but as I recall, you have to enable CCID Mode using YubiKey Neo Manager.
Then you just use either/or desktop and mobile apps to create and get TOTP codes, just like Google Authenticator. The difference is that it's all stored on your Yubikey, so even if both your phone and your computer blow up, you still have your 2-factor codes.
The main disadvantage, from a security standpoint, is that TOTP requires a shared secret at the time of initiation (you scan a barcode or enter a number). If someone is looking over your shoulder at the time you scan the barcode, they could scan it too, for example. U2F prevents that, but again, Chrome-only so meh.
EDIT: I found some instructions on the CCID Mode thing. It's a desktop app you download, check a box, hit save. As usual none of the Yubikey apps are pretty, but they work.
Can you backup a NEO that uses the Yubikey authenticator Android app via NFC with another NEO?