Yubico YubiKey review: Simple and solid protection for your online accounts
Yubico YubiKeys are high-quality, easy-to-use hardware security keys that can provide rock-solid security for your online accounts, but they may not be suitable for everyone.
Hardware security keys are a lesser-known choice for two-factor or multi-factor authentication, but they arguably offer the highest level of security. While they might not be the best option for everyone, they’re still worth considering if someone hacking into your accounts keeps you awake at night.
Yubico makes some of the most popular security keys on the market – and for good reason. They are among the best.
Introduction to multi-factor hardware authentication
Multi-factor authentication comes down to two things: something you know and something you own. The first thing is usually your password, while the second thing is something you have access to. For most people, the second factor will be their phone for one-time pass codes.
A hardware security key replaces this second factor. Instead of a phone to receive a password, the security key is your second factor. When the time comes to log into your account, you plug it into your device.
This comes with many benefits. For example, you will not be vulnerable to the SIM swap. For some accounts, it will be impossible to log in without physical access to your key.
There are a number of hardware security keys on the market. Yubico makes some of the best and most well known.
Yubico YubiKey – Design and Use
Yubico manufactures a range of security keys in different sizes that can fit fairly easily into your daily transport. We tested the YubiKey 5 NFC and the YubiKey 5Ci.
The YubiKey 5 NFC is shaped like a traditional USB device, but it’s much flatter. It’s designed to fit on your keychain, so you can have it anywhere you go.
However, it only has a standard USB-A connection, as well as NFC functionality. This latest technology will probably suffice, but not all apps on iOS support it.
For Apple users, the YubiKey 5Ci might be a better choice. Its form factor is smaller and more dongle-like, and it ditches NFC and USB-C for Lightning and USB-C connectors. If you only have iPhones and Macs in your setup, this is a great option.
Whichever YubiKey you choose, you’ll enjoy the same level of security. The YubiKeys themselves are also durable. They are water and crush resistant, and have no batteries or moving parts that could fail. In other words, they are designed to be taken anywhere with you.
To use a YubiKey, try to log into your account normally. At some point, a two-factor prompt will appear. From there, just plug your YubiKey into your iPhone or Mac – or use NFC – and you’ll be connected. It’s as simple as that.
Yubico YubiKey – Some Things You Should Know
As mentioned earlier, depending on the account you are locking out, it may not be possible to log in without access to a hardware security key. It could be a problem if you lose it.
It is recommended that you configure at least two hardware security keys on a single account with MFA. Keep one with you for easy access and leave one in a safe place.
If you can’t justify buying two, there are alternatives. Google, for example, allows users to have a secondary factor if they don’t have access to a security key. It could be an authenticator app or a phone. It could be argued that these backups weaken your security a bit, but they are essential if you lose your only security key.
Typically, you won’t need to log in your passkey every time you log into your account. For example, your email will likely stay logged in on your Mac or iPhone. Most of the time, you will only need to authenticate with a passkey if you are signing in on another device or if your session has expired.
However, there will likely be those rare cases where a security key is an inconvenience. You leave it at home and can’t log into your mailbox on a friend’s computer, for example. If you’re in a rush, using a YubiKey adds a few extra seconds to the login process.
Additionally, YubiKey – or the underlying FIDO2 / WebAuthn & U2F standards – is not supported everywhere. Most of the important services that you probably use probably support it. At the time of writing, you can lock your Gmail, Yahoo, Facebook, or Protonmail accounts, for example. You can also log into your Gmail account using a YubiKey as a second factor in macOS or iOS email apps.
However, many apps with a login will not support a hardware security key. For example, Snapchat and Netflix do not currently offer support. While that may change in the future, it is something to consider now. Also keep in mind that you won’t be able to use a YubiKey to provide a second factor for your Apple ID or iCloud connections. You can find a list of supported services here.
It’s important to note that most password managers also support hardware security keys, which is good as this is probably the sensitive account you have. However, all popular password management options only support YubiKey for their paid or premium membership levels. In a pinch, Bitwarden is the most affordable at $ 9.99 per year.
Should you buy the YubiKey?
Answering this question really depends on your security needs. If you’re not too concerned about account security, then a YubiKey can be an added inconvenience. But if the thought of attackers breaking into your email or password manager is keeping you awake at night, a YubiKey is a solid way to rest easy.
Of course, you have to keep in mind some of the downsides. You’ll want to purchase at least two YubiKeys or set up a secondary authentication method up front. If you frequently log into your accounts on computers that you don’t use regularly, you’ll want to factor in the additional annoyances as well.
A hardware key is probably overkill for most users. Not everyone needs this kind of protection for their accounts, but everyone can benefit from the added peace of mind knowing their most valuable services are locked down. This is a strong layer of defense that can allay concerns about attackers breaching your accounts.
If you decide that a hardware security key should be on your hardware list, the YubiKeys are the best around. They are simple, durable, and offer a relatively wide selection of supported services. All of the disadvantages listed here are marks against hardware security keys in general, and not against Yubico products in particular.
- Adds a strong extra layer of security for your accounts
- Lightweight design fits your keychain
- Durable and battery-free
- Compatible with many of your most important accounts
- You won’t be able to log in without YubiKey or backup method
- Not supported everywhere and password manager support costs more
- Adds an extra step to the login flow
The Yubico YubiKeys can be purchased from the company’s website here and their price ranges from $ 45 for the YubiKey 5 NFC to $ 75 for the YubiKey 5Ci. The YubiKey 5 NFC and the YubiKey 5Ci can also be purchased on Amazon.