Yubico’s YubiKeys are high-quality and simple to use hardware security keys that can provide foolproof security for your online accounts — but they may not be for everyone.
Hardware security keys are a lesser-known choice for two-factor or multi-factor authentication, but they arguably provide the highest level of security. While they may not be the best option for every single person, they’re still worth considering if someone hacking your accounts keeps you up at night.
Yubico makes some of the most popular security keys on the market — and for good reason. They’re some of the best.
A primer on hardware multi-factor authentication
Multi-factor authentication comes down to two things: something you know and something you have. The first thing is typically your password, while the second thing is something that you have access to. For most people, the second factor will be their phones for one-time passcodes.
A hardware security key replaces this second factor. Instead of a phone to receive a passcode, the security key is your second factor. When it comes time to log into your account, you plug it into your device.
This comes with a slew of benefits. For example, you won’t be vulnerable to SIM swapping. For some accounts, it’ll be impossible to log in without physical access to your key.
There are a number of hardware security keys on the market. Yubico makes some of the best and most well-known.
Yubico YubiKey – Design and usage
Yubico makes a range of differently sized security keys that can fit in fairly easily with your everyday carry. We tested the YubiKey 5 NFC and the YubiKey 5Ci.
The YubiKey 5 NFC is shaped more like a traditional USB device, but it’s a lot flatter. It’s designed to fit on your keychain, so you can have it wherever you go.
However, it only features a standard USB-A connection, along with NFC functionality. The latter technology will likely suffice, but not all apps on iOS support it.
For Apple users, the YubiKey 5Ci might be a better choice. Its form factor is smaller and more dongle-like, and it ditches NFC and USB-A for Lightning and USB-C connectors. If you only have iPhones and Macs in your setup, it’s a great option.
No matter which YubiKey you choose, you’ll get the same level of security. The YubiKeys themselves are also durable. They’re water- and crush-resistant, and have no batteries or moving parts that can fail. In other words, they’re designed to be carried with you everywhere you go.
To use a YubiKey, you’ll try logging into your account normally. At a certain point, a two-factor prompt will show up. From there, you just plug your YubiKey into your iPhone or Mac — or use NFC — and you’ll be logged in. It’s as easy as that.
Yubico YubiKey – Some things you should know
As mentioned earlier, depending on the account you’re locking down, it might be impossible to log in without access to a hardware security key. That could be a problem if you lose it.
It’s recommended that you have at least two hardware security keys set up on a single account with multi-factor authentication. Keep one on your person for easy access, and leave one in a secure location.
If you can’t justify buying two, there are some alternatives. Google, for example, allows users to have a secondary factor if they don’t have access to a security key. That could be an authenticator app or a phone. It could be argued that these backups weaken your security a bit, but they’re essential if you lose your only security key.
Generally, you won’t need to plug in your security key every time you log into your account. For example, your email will likely stay signed in on your Mac or iPhone. Mostly, you’ll only need to authenticate with a security key is if you’re logging in on a different device, or your session has expired.
However, there will probably be those rare cases in which a security key is an inconvenience. You leave it at home and can’t log in to your email on a friend’s computer, for example. If you’re in a rush, using a YubiKey adds a few additional seconds to the process of logging in.
Additionally, YubiKey — or the underlying FIDO2/WebAuthn & U2F standards — isn’t supported everywhere. Most of the important services that you probably use likely support it. As of writing, you can lock down your Gmail, Yahoo, Facebook, or Protonmail accounts, for example. You can also log into your Gmail account using a YubiKey as a second factor in the macOS or iOS Mail apps.
However, many apps with a login won’t support a hardware security key. For example, Snapchat and Netflix don’t currently offer support. While that could change in the future, it’s something to consider now. Also keep in mind that you won’t be able to use a YubiKey to provide a second factor for your Apple ID or iCloud logins. You can find a list of supported services here.
Importantly, most password managers also support hardware security keys, which is good because they’re likely the sensitive account that you own. However, all of the popular password manager options only feature YubiKey support for their paid or premium subscription tiers. In a pinch, Bitwarden is the most affordable at $9.99 a year.
Should you buy the YubiKey?
Answering this question really comes down to your security needs. If you’re not overly concerned about account security, then a YubiKey might be an additional inconvenience. But if the thought of attackers getting into your email or password manager keeps you up at night, a YubiKey is a solid way to rest easily.
Of course, you should keep some of the downsides in mind. You’ll want to purchase at least two YubiKeys, or set up a secondary authentication method in advance. If you frequently log into your accounts on computers that you don’t regularly use, you’ll also want to factor in the extra bit of inconvenience.
A hardware key is probably overkill for most users. Not everyone needs this kind of protection for their accounts, but anyone can benefit from the additional peace of mind knowing that their most precious services are locked down. It’s a solid layer of defense that can put to ease any concerns about attackers breaching your accounts.
If you do decide that a hardware security key should be in your gear list, then the YubiKeys are the best on the market. They’re simple, durable, and feature a relatively wide selection of supported services. Any cons listed here are marks against hardware security keys in general, and not against Yubico’s products specifically.
- Adds a solid extra layer of security for your accounts
- Lightweight design fits on your keychain
- Durable and battery-free
- Compatible with many of your most important accounts
- You won’t be able to log in without a YubiKey or backup method
- Not supported everywhere, and password manager support costs extra
- Adds an extra step to the login flow
Where to Buy