Manage passwords with YubiKey — Arpass's YubiKey-only mode

Arpass can manage your passwords without a master password and without a recovery paper. Just touch a registered YubiKey. Here's how that works, and what it actually feels like.

Last updated: May 2026

What is Arpass?

Arpass is a password manager that stores your passwords and files encrypted on a blockchain (Arweave). All encryption happens in your browser; even the operators can't see the contents — a "zero-knowledge" design. It works entirely in the browser, no app install required.

What "YubiKey-only mode" means

The standard Arpass mode opens with "master password + passkey." On top of that, there's a separate YubiKey-only mode.

In this mode, there is no master password and no recovery secret on paper. You touch a registered YubiKey and your secure drive opens. There is nothing to memorize. It's for people who want to anchor authentication to a physical key.

How it works — without the jargon

• Inside a YubiKey is a secret that only that key can produce. That secret never leaves the YubiKey — it can't be copied or extracted by design.
• Arpass takes the "master key" that opens your secure drive and wraps it with the secret from each registered YubiKey.
• To unlock, you touch a YubiKey. Its secret unwraps the master key, and the drive opens.
• Any of your registered YubiKeys can open it (one is enough). Conversely, anyone without a registered YubiKey cannot open it — period.

The key insight: secrets never leave the YubiKey. Arpass's servers and the cloud never hold anything that can open your drive. The only thing that can is the physical key in your hand.

What it feels like

• Nothing to memorize. No master password to invent, remember, or forget. Just touch the key.
• Works on a new device right away. On any phone or PC, plug in (or NFC-tap) a registered YubiKey and your drive opens. No prior sync or setup required.
• Strong against phishing. Because you have to physically touch the device, you can't be tricked into handing over your credentials by a fake site.

Why you need two YubiKeys

For that reason, Arpass requires you to register two or more YubiKeys when you create a YubiKey-only drive — so that losing or breaking one still leaves another that can open it. Keep the spare(s) in a separate safe place (home drawer plus office safe, for example).

How to get started (in outline)

1. Create. Go to arpass.io, pick "Use YubiKey only," choose how many keys to register (two or more), and tap each one as prompted.
2. Open on another device. On a different device, pick "Restore a secure drive created on another device" → "Open with a YubiKey." Tap any of your registered keys.
3. Add a YubiKey. From the settings screen, after touching one of your already-registered YubiKeys, you can add a new one.

Step-by-step screens are in the help guide for YubiKey-only mode.

Caveats

• Don't lose all your YubiKeys. There's no recovery. Always two or more, in different places.
• Mac Safari can't share. Due to a technical incompatibility, a YubiKey drive created or used in Mac Safari only works in Mac Safari and not in other browsers/devices. Use Chrome / Edge on a Mac if you want cross-device sharing.
• If you'd rather memorize a password, the standard mode (master password + passkey) has more recovery options and is more forgiving.

Which YubiKey to use?

Arpass's YubiKey-only mode works with any YubiKey that supports passkey / FIDO2. For your first two keys, the 5C NFC is a comfortable pick — USB-C plus NFC, works on PC and phone alike.

Model selection details are in YubiKey: what it is and how to choose one.

Summary

Arpass's YubiKey-only mode is "zero passwords to remember, just tap a key, and the key is only in your hand." The trade-off is that losing all your keys is unrecoverable — so always two or more, stored separately. For people who want everything anchored to physical keys, it's a simple and strong choice.

Related

• YubiKey: what it is and how to choose one (2026)
• YubiKey vs iCloud / Google passkeys
• Plain-English security glossary