Theft: A $2000 laptop is an easy target for anyone with sticky fingers, and so is a $1000 smartphone. A Yubikey has essentially zero resale value, so you will not lose them due to random theft.
Durability: If you drop your smartphone, there's a pretty good chance you'll shatter the screen and buy a new one. You can play tennis with a Yubikey and it'll be fine. You can run it through the washing machine and it'll be fine.
Longevity: Laptops and smartphones generally only have a 3-5 year lifespan due to battery degradation, and many people will want to swap it for one with more storage or whatever anyways. A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites.
Portability: I have a smartphone, a work laptop, a home laptop, and a home desktop. My Yubikey has USB and NFC, so it can trivially be used with all of them. Individually enrolling each device would be a nightmare, and having the credentials sync is a bad idea from a security perspective.
Security: If your device gets compromised, it's pretty much game over: the attacker can now log in to all your accounts, any time they want. With a Yubikey I have to physically insert it and tap the button for each login - which is relatively rare because active sessions don't tend to expire. This means I would have to actively participate in a mass compromise of my accounts, making it way more likely to be noticed.
FAQs
Physical Security:
Unlike traditional methods that rely solely on passwords, YubiKey provides a tangible key resistant to phishing attacks. The cryptographic hashes used to authenticate you to an online service are saved on your key, and since only you have possession of the device, you can log in.
What is the advantage of YubiKey? ›
Strengthened Security
As noted, following adoption of YubiKeys, the risk of phishing and credential thefts alone was slashed by 99.9 per cent, and interviewees reported high levels of user satisfaction. “We have a risk-acceptance curve with a predicted cost of risk, and YubiKeys lowered our risk profile significantly.
How effective is YubiKey? ›
Stop account Takeovers
YubiKeys are trusted by the world's largest companies and users have experienced 0 account takeovers.
Can YubiKey be used on more than one device? ›
A single YubiKey works across multiple shared devices including desktops, laptops, mobile, tablets, and notebooks, enabling users to utilize the same key as they navigate between devices, and helping you deploy phishing-resistant MFA at scale.
Which YubiKey is most secure? ›
The YubiKey 5 FIPS certified security keys meet the highest level of assurance (AAL3) of the new NIST SP800-63B guidelines.
Why is YubiKey better than Authenticator app? ›
Authenticator apps provide a layer of security and are a convenient option for use by many, but they are still vulnerable to phishing due to the 30-second window. Security keys, like the YubiKey, are considered to be both more convenient and more secure. Yubico also provides a use in conjunction with the YubiKey.
What is the difference between YubiKey and security key? ›
The Security Key Series differs from a YubiKey 5 Series in that it comes only with the FIDO (FIDO2/FIDO U2F) protocol and the non-Enterprise Edition does not have a serial number. It is only available in USB-A + NFC and USB-C + NFC form factors.
Does YubiKey prevent phishing? ›
This additional layer makes it exceedingly difficult for an attacker to trick a user into logging in. So, in short: yes, YubiKey FIDO2 is phishing resistant. Check out this blog on how FIDO2 prevents phishing for an even deeper dive into the topic.
Is buying a YubiKey worth it? ›
The Yubico Security Key C NFC is the best choice: It's affordable and will work with just about every site that supports security keys. If you're already familiar with security keys and need or want more-advanced features, the Yubico YubiKey 5C NFC is a pricier but worthwhile choice.
How long will a YubiKey last? ›
A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites.
The YubiKey works with Password Safe to protect your passwords using two-factor authentication (2FA). Both a master password and a YubiKey are needed to enable access to your Password Safe file, which contains the usernames, websites, passwords and other information for all of your online accounts.
Is YubiKey more secure than password? ›
Passwordless authentication: A YubiKey allows users to securely log in to their online accounts without the need for a password, relying solely on the physical YubiKey. This not only simplifies the login process but also significantly reduces the risk of password-related breaches.
Can YubiKey replace passwords? ›
YubiKeys make passwordless possible
Passwordless can be achieved using legacy Smart Card protocols, or modern FIDO2 / Passkey authentication secured by PIN or biometric identification.
Is one YubiKey enough? ›
Yubico always recommends adding two keys to each of your online services and accounts; one primary and one secondary as backup in case the primary is lost.
Why are passkeys more secure? ›
Passkeys offer a more secure alternative to passwords by utilizing asymmetric encryption, a cryptographic technique that employs a pair of mathematically linked keys: a public key and a private key.
Can YubiKey be compromised? ›
Yubico says, “If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by the YubiKey Manager GUI may be opened as Administrator, which could be exploited by a local attacker to perform actions as Administrator.” If this sounds worrying that's because it is.
What is the life expectancy of a YubiKey? ›
A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites.
Is it safe to keep YubiKey plugged in? ›
Security Hints
If you trust your environment (like at home) you can keep the YubiKey near or even plugged into your computer. In low trust environments (coffee shops, hotel rooms, etc.) keep your YubiKey with you at all times (in a pocket or purse), especially if step away from your computer, even briefly.
