Customer Ratings & Reviews

I have been using YubiKeys for a few years now and I love them! Having the peace of mind that no one can get into my most important accounts without having a username, password or PIN, and a physical key is priceless. This latest firmware can now support up to 100 passkeys in addition to all of the features they have already been able to do. In my case, I use these to secure my password manager, email, NAS, and social media accounts. If my key is lost or stolen, it is useless to the person who finds it because they still need to know my username and password or PIN for the key. Without those, they can reset the key to wipe its memory, but they cannot access any of my accounts. It is extremely important to note that people need at least two keys to start. In my case, I have a nano key plugged into my computer, a 5 NFC on my keychain, and another 5 NFC secured in an undisclosed location (work, safety deposit box, and trusted friend or family member’s home are all good places) so if my home were to burn down, I would still be able to log into my accounts. Part of the reason people need two keys is because there is purposely no way to back them up. YubiKey does not have a server keeping tabs on who has what keys or what is on them. The keys communicate directly with the services so there is no middleman that could be hacked. If a person only has one key and loses it, there is no way to replace or duplicate it. By having a backup key, they just have to retrieve it, log into their accounts, delete the old key, and add a new one. While kind of inconvenient, it is the most secure way to do this. When it comes to using the keys, each compatible service has a way to add them through their account management pages. Once added, simply log in like you usually do and either plug in the key to a USB port and touch the gold tab, or hold the key up to the NFC reader that exists on most current smartphones. If you are using a service without a password, you will be required to enter your PIN for the key. If you already entered a password, most services just need to see the key. The key is then verified in less than a second and access is granted. It is simple. Depending on what devices you plan to use, there are keys for USB-A like this one, but they also have USB-C for newer devices. When traveling, I always have a cheap USB-A to USB-C adapter in my bag so I can use the key on any device I encounter. I can’t say enough about how good these are for security. Not only do I recommend them to my friends, but I bought some for my parents. My father is a frequent target of phishing attempts because of who he is, so these keys add one more major layer of security to protect him and his client data.

I've never used a hardware security key before, and have always been slightly intimidated by them, even as person who's pretty technically inclined. Yubico does what they can to help clear any confusion around how a security key fits into your account security, but unfortunately, there are a lot of standards out there, and each website and system decides which system to implement (if any). Yubico has a page on their website that lists all the providers they know of that support one of the hardware key security standards and will work with a Yubikey. The Yubikey 5 itself, is fairly straightforward. It's a physical hardware device, with some onboard memory for storing keys. This model has a USB-A interface, but may look odd to some because it doesn't have the outer metal box that most USB plugs have. But it fits and works just fine in any USB-A port. It also supports NFC which almost every modern phone has (and some computers). The NFC is actually in a disabled state out of the box until you plug it into a USB port. Yubico explains this is a security measure to prevent the key from being tampered with during shipping. The gold Y in the middle is a touch area (not fingerprint). This helps validate presence, but also since this key will present itself as a keyboard (in addition to being a security key) it spits out a unique random key on the keyboard input. This hardware key works with basically every hardware key standard currently out there. How its implemented is really dependent on the service provider. It could be used as a passwordless verification (e.g. the key is your password), or it could be used as a 2nd factor in addition to a password. Since most services, once a key is setup, require it for all future logins, Yubico recommends getting a 2nd backup key, and setting that up at the same time. That way if you lose one, you'll still have the backup (like a spare car key). That sounds like a good idea, and if you're going the security key route, I would suggest the same. Unfortunately some websites implementation of security keys is lacking, but at least if you have this, your accounts will still be more secure than without it. I just wish all the different protocols and how to set them up was a bit clearer.

I was surprised to find out that this product has existed in multiple previous forms and this was the first time I had heard of it. Now that these have become a bit more mainstream some services like Gmail are letting you set them up directly. Requiring the need to be plugged into the device AND have a physical touch to log in adds that extra layer of security many are looking for. This was fairly straightforward for me to set up but you’re unlikely to set one of these up and give it to your grandma. It’s a bit too techy for that. I almost wish these came in a two pack as Yubico themselves recommend you have a backup or second key. I did also encounter a few instances where I couldn’t set it up at all and had to work around it. The NFC portion was a little finicky for me when using it on a mobile device. Overall this is well made and I recommend one for anyone attempting to add more layers of security to their life. The form factor is great and the key itself lends very well to every day carry.

The YubiKey 5 NFC was easy to setup the pin and get device ready for use. The reason why I gave 3 out of 5 stars is because the YubiKey website was not helpful; after pin setup and my Windows recognizing the device, I had no idea how use the device to log into Windows. After about 30 minutes trying to figure it out, I gave up. Later, I had to search for videos on YouTube and various sites to finally figure it out. I had to download additional software from the YubiKey website to log into Windows. So I think that the YubiKey website needs to be more informative and user friendly to the users because the video at the home screen did not help. Another drawback is the instructions ask that users have a backup key as well, so this caused some second guessing if I wanted to use it without a backup YubiKey. In the end, after being able to use the YubiKey to login, everything was OK. I will still recommend this to friends and family as it seems very secure because the YubiKey must be plugged into the system for login as extra security. If I had not lost an hour or more on setup, I think I would have given 5 stars.

I really wanted to like the YubiKey 5 NFC that I was given to evaluate. I'm a big fan of multifactor (or two factor) authentication (MFA or 2FA in the jargon). Multifactor authentication relies on something you know (like a username/password pair) as well as something you have (for example, a phone to receive an SMS message or a phone app to generate a time based one time password - TOTP). I have several TOTP authenticators on my phone for various websites (e.g. OTP Auth, Norton VIP Access, or Google Authenticator). They all work pretty much the same - you enter your username/password pair, pull out your phone and bring up the proper app, and enter the six digit code that it generates (which typically changes every minute). Yubikey can automate this process, but as a big improvement, it supports FIDO2 (a very secure challenge response protocol) as well as the one-time password world. That's a big win. The problem is that it's really best used with a phone (for NFC) or a laptop (to plug in). If you're a desktop user like myself, then there's often something else plugged into the easily accessible USB port and you still have to touch the key to authenticate which involves serious contortions. Also, a single Yubikey isn't a good idea - you need two so that you have a backup. I have no idea why they don't sell these as pairs since a single Yubikey is very vulnerable to loss and you often (depending on the website) cannot use an alternate authentication method to get in if you lose your Yubikey. At any rate, I'm a bit paranoid so I never log in to finance sites using my phone or laptop connected via wifi. As a result, Yubikey isn't a big win for me.