Microsoft has long been working to phase out passwords in favor of Windows Hello, a security key, or a pin to help add an extra level of security to both your PC and your online logins.
But in addition to using a pin or Windows Hello on the computer itself, two-factor authentication (2FA) or an app like Microsoft Authenticator is also a good idea. The combination adds an extra layer of security to your accounts when you're logging in across different devices.
But did you know, Yubico is also part of that passwordless and security journey, too? Yubico was founded in 2007 with the mission to make secure login easy and available for everyone. Their sole invention, the YubiKey, is a piece of hardware (like an actual physical key) used around the world to help secure servers and logins.
Basically, with YubiKey, instead of having a 2FA code texted to your phone (or using an app like Microsoft Authenticator), you can use a physical Yubikey to prove your identity and log into your online accounts across different devices and platforms. It adds a third hardware-based layer of 2FA to your account, where you'll need to plug a key into your machine or phone (or tap it) then touch it to prove your identity (you can see a list here of services that work with Yubikey. there are many!)
At my curiosity and request, the company was kind enough to send me a few of their YubiKeys for review. Particularly, I got three keys from the YubiKey 5 Series — YubiKey 5Ci, YubiKey 5C Nano, YubiKey YubiKey 5 NFC. I also got a traditional Security Key NFC, too. Here's a look at each of these keys, and why Yubico has a security key for every one of your login needs.
Pick a Yubikey 5 Series security key that's right for you!
Before getting into my review, I want to note that Yubico has a lot of security keys for sale on its website. That might seem confusing, but each of the keys is different and catered to different form factors. The company actually has a survey you can take to pick one that's right for you. All keys are battery-free and draw power from your device to work.
If you're considering buying one, I highly recommend the survey to begin your YubiKey journey. Most of these YubiKeys support FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability protocols. It's best to check the product pages, though to see which is compatible with your needs. Keep in mind they are also IP68 rated and dust-tight and water submersible, too.
In terms of the 5-series, though, there are currently six keys you can buy. There is the YubiKey 5 NFC ($45,) the YubiKey 5C NFC ($55,) YubiKey 5CI ($70,) YubiKey 5C ($50,) and the YubiKey 5C Nano ($60.) Note that only the YubiKey 5 NFC and the YubiKey 5C NFC offer NFC communication and wireless, whereas the rest of the keys will require you to physically plug it into your device.
The focus of this review will be on the YubiKey 5Ci, YubiKey 5C Nano, and YubiKey 5 NFC. This post has the mindset of the average consumer in mind, but we're also planning a separate post later on which explains YubiKey for enterprise and business. We sat down with Yubico's Chief Solutions Officer, Jerrod Chong to discuss that matter, and will follow up next week with a separate post next week with our discussion.
YubiKey 5Ci security key
Out of the bunch of security keys that Yubico sent my way, my favorite is the YubiKey 5Ci. The reason comes down to the key being multiplatform and mobile-centric (which is what all YubiKeys do one way or another). Also, this security key is the most compact of the bunch and is durable, and portable, too. It comes in black plastic and has a metal-reinforced hole for attaching to a keyring. Anyway, the key slides into my iPhone, as well as my Android phone, and my PC, too (this is the multiplatform aspect I hint to.)
It works across all my mobile and desktop devices, thanks to the lighting port on the bottom and the USB-C end on the top. There's also a metal notch on the middle, too, which is used to verify you're touching it. YubiKey 5Ci can do everything YubiKey 5 NFC can do, too, which is one of Yubico's most popular keys. 5Ci supports the same protocols, sans the NFC support.
It's important to note, though, that before using any YubiKey, you'll need to set it up with your service first. I used all of the Yubikeys I am mentioning here with various services that I use every day. YubiKey is compatible with most services that consumers use. I used it with my Google, Twitter, Microsoft, and Instagram accounts.
Of course, you'll have to run the setup through these services before doing anything. YubiKey suggests you visit their getting started pages for more information on how you can do this. YubiKey even suggests using the Yubico Authenticator app to store and manage your credentials on/from a YubiKey and not on your mobile phone.
In most cases, to get started, you'll have to plug YubiKey into your device and follow the setup instructions on the screen for your service or app. In the case of Twitter, it involves setting up 2FA via the desktop web version of Twitter and plugging YubiKey into your device. With Instagram, I needed to enable 2FA from the web, plugin my YubiKey into my iPhone, and then scan a QR code via the Yubico Authenticator app.
My accounts then became protected and subsequent logins only required me to plug in the key or enter in a key from the Yubico Authenticator app itself after plugging in and touching the key itself. A great way to stay safe and carry my YubiKey across devices! YubiKey has a nice video that explains the process here.
YubiKey 5C Nano Security Key
While I think the YubiKey 5Ci is all about multiplatform and having a key you can carry everywhere for different devices, there's also the YubiKey 5C Nano, too. This key is the smallest of Yubikey's products and is designed to plug into a PC and stay out of the way.
In my initial review period, I tested this key solely with my Microsoft Account and used it to sign into and out of my account on a single-PC. That's why I'll dedicate this section to talk about the Microsoft Aspect of YubiKey. Just be aware that currently, a YubiKey cannot be used in conjunction with signing into your computer using a Microsoft Account.
In terms of the hardware, YubiKey 5C Nano works just like all the other security keys, except it's more compact. It's TINY and is designed to slide into a USB-C port and stay there. I preferred this for my personal computer, which I usually keep under lock and key and away from everyone else. For logins to my Microsoft Account, I just needed to tap my finger to the 5C Nano whenever I wanted to get in via the web. The video below explains my experience.
For setup, I needed to plug the key into my computer, visit the Microsoft Account sign-in page, visit Security options, and add the key to my account. After that, I was able to authenticate any subsequent logins across different with my YubiKey 5C Nano instead of my password.
Of course, I could still use Microsoft Authenticator if I prefer, too. But it is nice to see that the YubiKey adds an extra layer of security. You can manage Yubikeys from Windows 10 settings itself, too. Simply click Accounts, Sign-in options, and Security Key. You can erase a key, or protect it with a PIN from here. Of course, you can download YubiKey's dedicated app on Windows, too to get started.
YubiKey 5 NFC security key and more!
To end my review, I have a note on the YubiKey 5 NFC. YubiKey tells me that this product as well as the Security Key NFC (which is not part of the 5-series) is one of their most popular amongst consumers. YubiKey 5 NFC is one of the best sellers, too. Unlike the other UbiKeys which I have mentioned, this one has NFC capabilities, so you can tap it to log in to your accounts, rather than plug it into a USB-A port. It still keeps the key chain form factor, though, and is plenty portable.
I really enjoyed trying out these security keys, and I now strongly believe in protecting my accounts with 2FA and YubiKey. With recent high-profile hacks, you're just never certain who can gain access to your accounts, or how. Having a YubiKey keeps you safe, and if you're in a business, your work safe, too. Stay tuned for another look at YubiKey next week, and my interview with Chief Solutions Officer, Jerrod Chong.