The local authentication provider Yubico provides uses HMAC-SHA1. See https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide . Security of their authentication provider is kind of questionable as they implement a wrapped authentication provider (GitHub - Yubico/yubico-windows-auth: YubiKey Logon for windows , Credential Providers in Windows - Win32 apps | Microsoft Learn ). In addition, the Yubikey is only used as a second factor, the user still has to enter their password.