With the advancement of 2FA security to cut down on fraud (using another device in order to login to a website/system/app/cryptowallets/exchanges or even computer or another device), people are increasingly using USB keys to make sure their online accounts and identities are secure. Have a look on the forums and one name will keep popping up time and again. Yubico has become one of the leading light in secure digital keys authentication systems. I thought it might be a good idea to contact the experts at Yubico with a few questions to try and dispel some of the myths around digital security and get some of the basic information on their range of products.
What are the advantages of using a YubiKey over biometric or 2FA authentication?
Most traditional 2FA/MFA (multi-factor authentication) methods are insecure. SMS, one time passwords, and even mobile push authenticators are susceptible to account takeover attacks from phishing and man-in-the-middle attacks. They are also inconvenient – inputting multiple passwords and passcodes takes time. Yubikeys offer the best of both worlds – the best available security against phishing attacks and account takeovers, as well as the best user experience. To authenticate, users simply tap/touch their security key. Read more here.
When it comes to biometric authentication, we are actually working on adding biometrics to our line of security keys. To learn more about this please see here.
Can you use the same YubiKey on multiple sites or applications?
Combining multiple authentication protocols on a single device, YubiKeys secure access to more than 700 leading business and consumer applications. These include accessing IAM platforms, computer login, VPNs, password managers, privileged access software, top online services, developer tools, smart card management systems and encryption. See the full list of sites that work with YubiKeys here.
What happens if you lose your YubiKey, can you restore it somehow? Is it better to buy two?
Best practice is to have multiple YubiKeys set up for your accounts. One on your keychain, or one in your wallet, and one in a safe place at home will help to make sure you’ve always got a backup YubiKey nearby. Having a spare key gives us the assurance that if we lose our primary keys, we will not be without access to critical accounts when we need them most. No need to fear being locked out of any accounts, and no need to go through a lengthy recovery and identity verification process to recover them. Many services let users set up multiple YubiKeys with their account for this very reason. More information on spare keys here.
Are the keys safe to go through airport x-ray machines? Are they waterproof / fireproof etc?
YubiKeys are made of one solid and robust piece of plastic so are safe to go through airport scanners. They don’t require batteries, have no breakable screens, don’t need a cellular connection, and are water-resistant and crush-proof. One user even found their missing YubiKey in a washing machine having survived ten weeks of heat, water and detergent. More about the manufacturing process here.
Can someone access your logins and data etc if they are able to get hold of your key?
No, they would be able to login to your applications only if they also had access to your approved devices as well. They would also need your basic login information too EG username / password etc.
Is it possible for someone to ‘hack’ into the NFC YubiKey’s if they are nearby?
No, they would have to be in possession of your key, they cannot be hacked.
So there you have it, as time goes by these kind of secure keys will be more and more commonplace. I found the process of setting up the devices very simple, in the case of Crypto wallets where there are no access recovery systems make sure you have a backup and it’s a good idea to register the keys on at least 2 devices if possible. That means if you lose one you won’t lose your crypto! In my case, I had a Yubikey 5 NFC (usb) and a Yubikey 5c NFC (usbc). For more information the range of Yubikey’s visit the website www.yubico.com
Best practice is to have multiple YubiKeys set up for your accounts. One on your keychain, or one in your wallet, or one in a safe place at home will help to make sure you've always got a backup YubiKey nearby. Many services let users set up multiple YubiKeys with their account for this very reason.
It is costly to design, mould, manufacture, sell and support a hardware product, even something as small as this. Since you don't want your 2FA company to go out of business there is good value in knowing they have a stable business model that can actually support a company rather than just burning capital.
No, you only need to insert your yubikey when you are prompted to do so during login. Leaving it plugged in could result in the yubikey being lost or damaged. Q. I have already set up a security question.
The YubiKey works with Password Safe to protect your passwords using two-factor authentication (2FA). Both a master password and a YubiKey are needed to enable access to your Password Safe file, which contains the usernames, websites, passwords and other information for all of your online accounts.
So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can't create a backup YubiKey, you can always contact Yubico to get a replacement key.
A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites. Portability: I have a smartphone, a work laptop, a home laptop, and a home desktop. My Yubikey has USB and NFC, so it can trivially be used with all of them.
The Yubikey Security Key C NFC is our top pick for most people. It features excellent build quality, and its USB-C connector means it works on just about every new device. It also has NFC support, which lets it authenticate on mobile devices that lack a USB port.
Another key advantage is its resistance to phishing attacks. Because the YubiKey communicates directly with the service it's securing, it's immune to counterfeit websites or other phishing schemes designed to capture 2FA codes.
A YubiKey supports an unlimited number of accounts with both WebAuthn and U2F protocols. If you're using your hardware key for TOTP, you can only hold 32 accounts.
Yubico's YubiKey is built on a foundation of strong authentication. This robust resistance to phishing offers malware protection because it hinges on the ability to detect these attacks before they take place.
FIDO2 - the YubiKey 5 can hold up to 25 discoverable credentials (AKA hardware-bound passkeys) in its FIDO2 application. FIDO U2F - similar to Yubico OTP, the FIDO U2F application can be registered with an unlimited number of services.
The YubiKey is crush-resistant and water-resistant. It requires no battery or cellular network connectivity and its simple touch authentication is four times faster than typing a One Time Password.
A: Many of our customers actually purchase several spares for maximum security and peace of mind. This is not a bad idea when guarding extremely critical accounts. Starting off, you should be fine with 1-2 spare keys.
A PIV-enabled YubiKey NEO holds 4 distinct slots for certificates and a YubiKey 4 & 5 holds 24, as specified in the PIV standards document. Each of these slots is capable of holding an X. 509 certificate, together with its accompanying private key.
OATH-TOTP - the YubiKey 5's OATH application can hold up to 32 OATH-TOTP credentials (AKA authenticator codes). OTP - this application can hold two credentials, can be registered with an unlimited number of services.
The YubiKey allows three different protocols to be used simultaneously – PIV, as defined by the NIST standard for authentication; OpenPGP for encryption, decryption, and signing; and OATH, for client apps like Yubico Authenticator.
Find all the ways you can stay secure with a YubiKey
Own a YubiKey? Whether it is for work or personal use, or both, leverage the Works with YubiKey program to find all the dynamic ways you can stay secure online, at work, or on your favorite device with helpful tips and how-to guides.
Introduction: My name is Van Hayes, I am a thankful, friendly, smiling, calm, powerful, fine, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.