Yubico - YubiKey 5 NFC - Two-factor authentication security key, fits USB-A ports and works with NFC supported mobile devices

The Yubikey is a very good very secure device but like anything in the IT security world, it takes a while to learn how to use it and set it up and of course the methods vary, depending on your device types. And buy two, you need a spare just in case you lose one.I use Windows and Android so I have the Yubico authenticator app on my phone and use that to access many of my accounts in the traditional way, by adding an authenticator app to whatever account I want to use the Yubikey to access. When the QR code is presented, with the Yubico app open on the phone and in the accounts page, I press the 3 dots top right then add account, scan the QR code and save the account by re-scanning the Yubikey. I DONT input the presented code to the account yet though, I REPEAT the process for my spare YubiKey's first then when I do the last key and the account is added to all the keys, then I complete the process by adding the one time passcode as requested. Easy!On my PC I plug the key into my USB port and input the pin that I setup using the Yubico authenticator app from Windows store, this way I have to physically touch the copper contact on the key to log into whatever account I have setup using FIDO in this case versus NFC that the phone uses.There are plenty of videos on YouTube showing how to set these keys up, it just takes a day or so to get your head around it if you are new to passkeys, but what's a day or so of learning for the extra security these keys give you?Lastly, some of the reviews are concerned about vulnerabilities in the older firmware but the two keys I purchased have firmware 5.7.1 which is the latest firmware. As for one reviewers post about a criminal running a program on your device, that assumes they have stolen the device AND KEY, can get past the device sign in security and also know the pin number for the key too which you should set for NFC and FIDO. If somebody has your phone, can access it, has your key and knows the pin to it, has your accounts and knows the usernames and passwords, vulnerabilities are already a moot point.These are very good devices adding a level of security that is just not possible with other 2FA methods.

Works great for USB. I use it for Windows logon and for Yubico Authenticator app for sites that have OTP codes. It's also supported by Lastpass and Google.Of course, you'll probably want to get two of these as a backup in case you lose one. I have one permanently at home and the other on my keyring for mobile/laptop use when out and about.The one slight drawback as by design, many sites that support 2FA, only allow you to register one code.Ideally, you would register separately for each Yubikey, rather than having to set up the same on both Yubikeys at the same time, this way, if a Yubikey is lost, you can revoke the 2FA only for the lost key.One small drawback is you'll need both Yubikeys to hand every time you set up or remove a 2FA, to update both, as may sites/apps don't let you see the QR code again once it's been set up.This is perhaps offset by the useful ability to plug the Yubikey into any device, securely use your 2FA/auth, and then unplug it, rather than having to set it all up again for every device.It takes a bit of time to set up and get used to, but you'll be in a much more secure once it's done.The NFC feature never worked on my Huawei/Honor Play phone, despite all sorts of fiddling around with the NFC settings, so I had to use an adapter to USBC to use the YubiKey with this phone, but I just upgraded to a Google Pixel 6 and it works pretty well once you get the technique of how to hold it behind the phone. (doesn't need to physically make contact, just hold quite close to the back)I haven't got SSH/PGP working with it yet as this seems quite complicated to do on Windows and the documentation is somewhat lacking in this area.

The product is great. I wanted a physical key that I can carry on my keys and the image above highlights how compact and nicely it fits on there. The appearance is simple and straight to the point.The product itself is really great but the availability of uses is limited due to companies not using it very often.It however is a very quick and simple product which saves you time with accessing your information and other websites. By implying taping your device to authenticate.I find some devices like my MacBook struggle with the connectivity or even the app not working at all.Definitely considering buying this product though, if you care about a secure method and physical key that can backup and keep you safe online.

I've been keeping my eyes on YubiKeys for the past few years whilst the technology matures and I think it's fair to say it's gotten to a point where they're "mature" enough. Having ubiquitous on any NFC-support Android support and support in iOS since iOS 13 (though apps may require updating) combined with a growing web presence; now is the time to start grabbing these.Generally setup is fairly easy, following whatever process a website has which is typically clicking a button, tapping the gold disc and giving it a tag. I can see these easily replacing TOTP apps and SMS OTPs in the future: in some cases many businesses are already doing this, an example being Google who has issued all of their employees with a hardware security key!Another benefit of this key comes in a particularly unique way: it's a physical way to identify you're at the PC and secondly even if you were to lose this and someone were to find it - they would have no idea what sites or even what accounts it works for!If you're on the fence due to price: Either nab yourself a Yubi Security Key (which is about half the price at time of writing) or question, can you really put a price on good solid security?