Customer Ratings & Reviews

As an IT guy that works at a lot of varied locations and who is frequently on other people’s servers and devices, I often find it handy to logon to my email, cloud storage, or admin account while at their workstation but the trick is to mitigate leaving a security fingerprint behind. Multi Factor Authentication, often tied to a phone by SMS or an authenticator app, has been a huge boon to protecting my account but there are times where I work so remotely and/or so deep in a building or underground (one of the sites I support is a warehouse/storage in a literal cave) that phone signal is unreliable – and some security scenarios and locations where phones aren’t even allowed – so I wanted a hardware key option that I could have on me that would be useful esp. when my phone isn’t an option. The YubiKey NFC 5 has been a great addition to my security portfolio that enables me to take my passkey with me. It’s simple to add and use the YubiKey NFC 5 with most major accounts – Google, Microsoft, etc. Once added to your account it’s as simple as logging in, inserting the YubiKey (or use NFC), selecting to use your passkey, and touching the sensor pad. Because it supports NFC it’s usable even in situations where you aren’t allowed to directly attach/insert USB devices. I can’t say this is my only or even my primary MFA device, but it’s been a great addition to accessing my accounts and keeping them secure.

This key is a jack of all trades, it has a lot of security features and works using one of those security features with a large amount of services and platforms. I am mostly using it via two types of devices, Windows computers and a smart phone. I have used it with the smart phone via the NFC feature and also by using a USB-C to USB-A adapter cable. I have used it on computers via just the USB-A plug in feature. It works very well with my Password Manager Software. I like that you can find out what firmware is on your particular keys with a program from Yubico, and that the firmware is NOT changeable, one less way to compromise a system. Also know that its a good idea to have multiple security keys in case you lose one or two. I have this one, which I keep with me, a USB-C Yubikey 5C which I keep at home in a safe, and another Yubikey 5C which I keep in another location. I like that this has the FIDO2 feature which allows you to go Password less with some platforms and services. I love the idea of using a security key to increase the ease of keeping accounts secure. I just wish more services and platforms would let you go Password-less or at least turn OFF SMS/Text 2FA.

Yubikeys are a great way to securing your most valuable accounts and I'm really happy their making this security level that is quite common in corporate world more available for our personal accounts. I found it really easy to set this up to secure my google account: its a great extra level of protection so that you must have physical access to your account, just like physical access to your car keys or house keys. I like this one in particular because you can use it "like a key": it fits on a keychain next to your house key that you can keep in your pocket and plugin when ever you need to authorize a new login to Google. If you do this often on your phone the you will need a USB-A to USB-C converter (or pre usb-c Apple). I prefer USB-A because I still use a laptop for most of my online activity and I didn't want to sacrifice a coveted thunderbolt slot just for my key. I do recommend you download the yubico YubiKey Manager as it helped in setting up Two Factor Authentication on my accounts.

I have been using YubiKeys for a few years now and I love them! Having the peace of mind that no one can get into my most important accounts without having a username, password or PIN, and a physical key is priceless. This latest firmware can now support up to 100 passkeys in addition to all of the features they have already been able to do. In my case, I use these to secure my password manager, email, NAS, and social media accounts. If my key is lost or stolen, it is useless to the person who finds it because they still need to know my username and password or PIN for the key. Without those, they can reset the key to wipe its memory, but they cannot access any of my accounts. It is extremely important to note that people need at least two keys to start. In my case, I have a nano key plugged into my computer, a 5 NFC on my keychain, and another 5 NFC secured in an undisclosed location (work, safety deposit box, and trusted friend or family member’s home are all good places) so if my home were to burn down, I would still be able to log into my accounts. Part of the reason people need two keys is because there is purposely no way to back them up. YubiKey does not have a server keeping tabs on who has what keys or what is on them. The keys communicate directly with the services so there is no middleman that could be hacked. If a person only has one key and loses it, there is no way to replace or duplicate it. By having a backup key, they just have to retrieve it, log into their accounts, delete the old key, and add a new one. While kind of inconvenient, it is the most secure way to do this. When it comes to using the keys, each compatible service has a way to add them through their account management pages. Once added, simply log in like you usually do and either plug in the key to a USB port and touch the gold tab, or hold the key up to the NFC reader that exists on most current smartphones. If you are using a service without a password, you will be required to enter your PIN for the key. If you already entered a password, most services just need to see the key. The key is then verified in less than a second and access is granted. It is simple. Depending on what devices you plan to use, there are keys for USB-A like this one, but they also have USB-C for newer devices. When traveling, I always have a cheap USB-A to USB-C adapter in my bag so I can use the key on any device I encounter. I can’t say enough about how good these are for security. Not only do I recommend them to my friends, but I bought some for my parents. My father is a frequent target of phishing attempts because of who he is, so these keys add one more major layer of security to protect him and his client data.

I've never used a hardware security key before, and have always been slightly intimidated by them, even as person who's pretty technically inclined. Yubico does what they can to help clear any confusion around how a security key fits into your account security, but unfortunately, there are a lot of standards out there, and each website and system decides which system to implement (if any). Yubico has a page on their website that lists all the providers they know of that support one of the hardware key security standards and will work with a Yubikey. The Yubikey 5 itself, is fairly straightforward. It's a physical hardware device, with some onboard memory for storing keys. This model has a USB-A interface, but may look odd to some because it doesn't have the outer metal box that most USB plugs have. But it fits and works just fine in any USB-A port. It also supports NFC which almost every modern phone has (and some computers). The NFC is actually in a disabled state out of the box until you plug it into a USB port. Yubico explains this is a security measure to prevent the key from being tampered with during shipping. The gold Y in the middle is a touch area (not fingerprint). This helps validate presence, but also since this key will present itself as a keyboard (in addition to being a security key) it spits out a unique random key on the keyboard input. This hardware key works with basically every hardware key standard currently out there. How its implemented is really dependent on the service provider. It could be used as a passwordless verification (e.g. the key is your password), or it could be used as a 2nd factor in addition to a password. Since most services, once a key is setup, require it for all future logins, Yubico recommends getting a 2nd backup key, and setting that up at the same time. That way if you lose one, you'll still have the backup (like a spare car key). That sounds like a good idea, and if you're going the security key route, I would suggest the same. Unfortunately some websites implementation of security keys is lacking, but at least if you have this, your accounts will still be more secure than without it. I just wish all the different protocols and how to set them up was a bit clearer.

I was surprised to find out that this product has existed in multiple previous forms and this was the first time I had heard of it. Now that these have become a bit more mainstream some services like Gmail are letting you set them up directly. Requiring the need to be plugged into the device AND have a physical touch to log in adds that extra layer of security many are looking for. This was fairly straightforward for me to set up but you’re unlikely to set one of these up and give it to your grandma. It’s a bit too techy for that. I almost wish these came in a two pack as Yubico themselves recommend you have a backup or second key. I did also encounter a few instances where I couldn’t set it up at all and had to work around it. The NFC portion was a little finicky for me when using it on a mobile device. Overall this is well made and I recommend one for anyone attempting to add more layers of security to their life. The form factor is great and the key itself lends very well to every day carry.

The YubiKey 5 NFC was easy to setup the pin and get device ready for use. The reason why I gave 3 out of 5 stars is because the YubiKey website was not helpful; after pin setup and my Windows recognizing the device, I had no idea how use the device to log into Windows. After about 30 minutes trying to figure it out, I gave up. Later, I had to search for videos on YouTube and various sites to finally figure it out. I had to download additional software from the YubiKey website to log into Windows. So I think that the YubiKey website needs to be more informative and user friendly to the users because the video at the home screen did not help. Another drawback is the instructions ask that users have a backup key as well, so this caused some second guessing if I wanted to use it without a backup YubiKey. In the end, after being able to use the YubiKey to login, everything was OK. I will still recommend this to friends and family as it seems very secure because the YubiKey must be plugged into the system for login as extra security. If I had not lost an hour or more on setup, I think I would have given 5 stars.

I really wanted to like the YubiKey 5 NFC that I was given to evaluate. I'm a big fan of multifactor (or two factor) authentication (MFA or 2FA in the jargon). Multifactor authentication relies on something you know (like a username/password pair) as well as something you have (for example, a phone to receive an SMS message or a phone app to generate a time based one time password - TOTP). I have several TOTP authenticators on my phone for various websites (e.g. OTP Auth, Norton VIP Access, or Google Authenticator). They all work pretty much the same - you enter your username/password pair, pull out your phone and bring up the proper app, and enter the six digit code that it generates (which typically changes every minute). Yubikey can automate this process, but as a big improvement, it supports FIDO2 (a very secure challenge response protocol) as well as the one-time password world. That's a big win. The problem is that it's really best used with a phone (for NFC) or a laptop (to plug in). If you're a desktop user like myself, then there's often something else plugged into the easily accessible USB port and you still have to touch the key to authenticate which involves serious contortions. Also, a single Yubikey isn't a good idea - you need two so that you have a backup. I have no idea why they don't sell these as pairs since a single Yubikey is very vulnerable to loss and you often (depending on the website) cannot use an alternate authentication method to get in if you lose your Yubikey. At any rate, I'm a bit paranoid so I never log in to finance sites using my phone or laptop connected via wifi. As a result, Yubikey isn't a big win for me.