Many enterprise environment make use of Yubikey as hardware 2FA. For time to time, people keep accidentally triggering the Yubikey touch and sending the OTP to somewhere, mostly, Slack channels. Then they have to immediately delete the OTP embarassingly.
A typical example:
I could not resist to create a Slack app to automatically capture the OTP and humiliate them (in a friendly way).
None. Check out the steps of creating a Slack app and simply run the script somewhere when the Slack app setup is done.
While the OTP is somewhat sensitive, it is not the end of the world if you accidentally exposed it. See this post
(Obviously not an output from my own Yubikey with critical usage)
