Customer Ratings & Reviews

The Yubikey 5 NFC is a great FIDO2 USB key that has some extra value for personal users who are keen to improve their security posture on personal accounts. This key functions as an NFC tag to unlock the Yubikey app on your phone, giving you an additional layer of physical security along with the standard benefits of MFA. Rather than approach this from an IT perspective (until recently I was pretty heavily embedded in IAM for the enterprise), I'm going to approach it as a tech savvy personal user looking to up his game for security on personal accounts. For those familiar with setting up TOTP authentication for MFA, the Yubikey is going to be a piece of cake. I added the Yubikey app to my phone and tapped the Yubikey 5 to the back of my device and I was able to get my first TOTP account configured within probably 60 seconds. Using the Yubikey Manager app on my computer, I was able to configure the short and long taps to spit out 6 digit codes for some of my TOTP MFA accounts. It was also easy to add the Yubikey as a physical security key to my Facebook and Github accounts. I'm going to do some additional testing before I commit to using it with more important things but for now, I'm very happy with how easy it is to use. If you're able to use the Yubikey for work, it has even more value. But even just for geeks who want to add a layer of physical security to their MFA protection, the Yubikey 5 NFC is a pretty sweet little device.

The Yubi key is user-friendly, straight out of the box follow the website instructions, and download the manager. Then proceed to the accounts you want the Yubi key to manage and follow their instructions. Some account holders will require you to have two (2) Yubi Keys to use the one. Others are okay with just one Yubi key being utilized. Now each type of account whether it be Microsoft, I-Cloud, or any other service, their specifics on how to use the Yubi Key vary from one to the other. However, at least for Google and Microsoft, it was easy to understand their instructions, and easy to use. The Yubi key is small and fits on a keychain very nicely. It appears to be made well and fits into the USB ports like a glove. The NFC portion of the Yubi key also makes this a wonderful feature and makes it that much easier to use. If you want your accounts to be secured, and you want something easy to take with you, then the Yubi Key is the way to go. I would recommend this to a friend. I know several businesses that have purchased these keys and they love them as well.

Setting this security key up on my Apple devices helps me feel much more secure in my online dealings. I did need to configure two at the time of setup as Apple requires you to do so in order to help you not get locked out of your data should one of them go missing for some reason. Setup on my iPhone was a bit cumbersome and not as straightforward as I would have preferred. I ran into challenges with it identifying the key at first. I was doing the setup via NFC but at first it wasn't being recognized. I then put the key identifier into the manual entry space and I was able to keep moving forward. The QR code was simply too small for the phone to pick up well and it forced me to have to put the numbers. Once I successfully added them to my phone, I removed them so that I could try it out on my MacBook. This was much simpler, and the keys were both recognized right away. I have both a USB-A and a USB-C key but keep in mind, there is no NFC on either a MacBook or an iPad so you will need to be sure you can connect them accordingly. Overall, I am looking forward to using these in my day to day online activity and hoping to reduce the risk of having my accounts hacked or my identity compromised. I think we're headed in the right direction with the use of devices like this. They are not too large that you can't carry them around easily. Putting it on a key ring should do it and as long as you don't misplace them, you should be able to keep all of your personal data secure.

As someone who uses an Yubikey at work, I have seen its usefulness and sought to incorporate its feature set into my personal life to secure my computer login, Microsoft, GitHub accounts, and allow for the secure signing of git commits. The Yubico YubiKey 5 NFC seemed like a promising candidate to meet these needs. **Setup Experience:** The initial setup process was somewhat mixed. The written instructions available on Yubico's website were sufficient, but not without their hurdles. Some assumptions in the setup guide required a bit of trial and error, leading to a necessary factory reset due to confusion over the separation of PINs for different functions of the YubiKey. Despite this, it was a minor setback, and I was able to proceed without much difficulty thereafter. **Performance and Utility:** Once configured, the YubiKey 5 NFC excelled in functionality. It simplified the login processes on my desktop significantly, particularly with web logins to sites like GitHub and accessing my password manager—making these actions quicker than other security methods I’ve used. To improve, I suggest enhancing the process of importing existing GPG keys so users with an existing security posture don't have to jump through so many hurdles. **Mobile Interaction:** For mobile use, the YubiKey felt somewhat cumbersome and I've yet to find an app or use case where I can actually apply it, given the # of apps and sites that have already integrated biometric security which is much more convenient than having to get out a physical key to log in. **Durability and Build:** So far, the device has shown no physical wear and appears durable. It has stood up well to regular use without any issues of degradation. **Final Thoughts:** The YubiKey 5 NFC is highly recommended for advanced computer users who utilize GPG security or are transitioning towards a passwordless digital environment. Its robust security features, once set up, offer a significant improvement to both security and efficiency for desktop users. While mobile integration could be enhanced, the overall performance remains impressive.

Depending on which one is purchased, a YubiKey is a USB-A, USB-C, Lightning, or NFC security key that makes two-factor authentication (2FA) or Multi-Factor Authentication (MFA) as easy as possible. Let's walk through an example. With a Google account if you enable 2FA, to log in, you would need to enter your username and password and then Google would text you a code to your phone and then you would enter that code to get access to your Google account. With a YubiKey, you would enter your username, a designated PIN code of your choosing, and with your YubiKey connected to your computer, you touch the sensor and then you're logged in. With the combination PIN and YubiKey, you are still in compliance with 2FA's authentication across multiple types. The PIN satisfies "something you know" and the YubiKey satisfies "something you have". The sensor that is on the YubiKey 5 is not a fingerprint reader. Therefore, you won't satisfy the "something you are" security type. Instead it just registers that there is someone physically present to activate the sensor. The Yubikey itself is about 18mm wide, 45mm long and shy of 3.5mm thick. It has a hole for a keyring on the opposite end from the USB connector. It doesn't need to be as thick as a normal USB key as it only contains the tongue of the USB-A port. While the thickness may give some people pause, it really is a durable device. I put some pressure to see if I could bend the key and it did not waver under what I estimated to be beyond a typical day of pressure. With that being said, something to consider is having multiple YubiKeys. While it may be durable, it's not indestructible. If you have it on a keychain, it'll be knocking around with keys. I drop my keys multiple times a year. The YubiKey can also be lost. Therefore, I recommend having 3. One I keep on my keychain, one to keep at home (maybe plugged into my home desktop) and one to keep in a safe location (maybe offsite from the other two). Please note, that any updates (adding passkey based services) will need to be made across however many YubiKeys you own. If you lose one, you can still get into your accounts with either of the other two while you delete the lost key's passkeys from your secured accounts. To plan ahead where possible, when you create the passkeys in your secured accounts, make sure to name the different YubiKey Passkeys appropriately, so you can identify the Passkey with the proper YubiKey in case you need to later delete the Passkey. Know that the YubiKey 5 can only hold about 25 Passkeys in its FIDO2 vault. While that may be plenty for most people, it is a limitation that would prevent someone from generating passkeys for all accounts. Instead, I would use it for a few frequently used services (e.g. Google, Amazon) and then use it to secure your password manager (LastPass, BitWarden, 1Password, etc.). By having a minimal set of passkeys, it does help to minimize the need to bring all owned YubiKeys to one place for passkey updates. I was disappointed to learn that several financial institutions either don't support YubiKey or only allow one passkey. The latter runs counter to having backup YubiKeys. Before purchasing a YubiKey, it might be helpful to understand what services work with YubiKey. (https://www.yubico.com/works-with-yubikey/catalog/) Without doubt a YubiKey is a superior security device enabling users to utilize 2FA with the highest security commonly available. However, I don't know if a normal consumer would bother with purchasing extra YubiKeys for backup, manually synchronizing them as well as planning ahead by naming Passkeys to match the backup YubiKey. It's a solid product and I would recommend it to my IT co-workers that are security minded. But I would likely promote a password manager with a 2FA compliant Time-based One Time Password (like a text code) for a normal consumer.

As an IT guy that works at a lot of varied locations and who is frequently on other people’s servers and devices, I often find it handy to logon to my email, cloud storage, or admin account while at their workstation but the trick is to mitigate leaving a security fingerprint behind. Multi Factor Authentication, often tied to a phone by SMS or an authenticator app, has been a huge boon to protecting my account but there are times where I work so remotely and/or so deep in a building or underground (one of the sites I support is a warehouse/storage in a literal cave) that phone signal is unreliable – and some security scenarios and locations where phones aren’t even allowed – so I wanted a hardware key option that I could have on me that would be useful esp. when my phone isn’t an option. The YubiKey NFC 5 has been a great addition to my security portfolio that enables me to take my passkey with me. It’s simple to add and use the YubiKey NFC 5 with most major accounts – Google, Microsoft, etc. Once added to your account it’s as simple as logging in, inserting the YubiKey (or use NFC), selecting to use your passkey, and touching the sensor pad. Because it supports NFC it’s usable even in situations where you aren’t allowed to directly attach/insert USB devices. I can’t say this is my only or even my primary MFA device, but it’s been a great addition to accessing my accounts and keeping them secure.

This key is a jack of all trades, it has a lot of security features and works using one of those security features with a large amount of services and platforms. I am mostly using it via two types of devices, Windows computers and a smart phone. I have used it with the smart phone via the NFC feature and also by using a USB-C to USB-A adapter cable. I have used it on computers via just the USB-A plug in feature. It works very well with my Password Manager Software. I like that you can find out what firmware is on your particular keys with a program from Yubico, and that the firmware is NOT changeable, one less way to compromise a system. Also know that its a good idea to have multiple security keys in case you lose one or two. I have this one, which I keep with me, a USB-C Yubikey 5C which I keep at home in a safe, and another Yubikey 5C which I keep in another location. I like that this has the FIDO2 feature which allows you to go Password less with some platforms and services. I love the idea of using a security key to increase the ease of keeping accounts secure. I just wish more services and platforms would let you go Password-less or at least turn OFF SMS/Text 2FA.

Yubikeys are a great way to securing your most valuable accounts and I'm really happy their making this security level that is quite common in corporate world more available for our personal accounts. I found it really easy to set this up to secure my google account: its a great extra level of protection so that you must have physical access to your account, just like physical access to your car keys or house keys. I like this one in particular because you can use it "like a key": it fits on a keychain next to your house key that you can keep in your pocket and plugin when ever you need to authorize a new login to Google. If you do this often on your phone the you will need a USB-A to USB-C converter (or pre usb-c Apple). I prefer USB-A because I still use a laptop for most of my online activity and I didn't want to sacrifice a coveted thunderbolt slot just for my key. I do recommend you download the yubico YubiKey Manager as it helped in setting up Two Factor Authentication on my accounts.

I have been using YubiKeys for a few years now and I love them! Having the peace of mind that no one can get into my most important accounts without having a username, password or PIN, and a physical key is priceless. This latest firmware can now support up to 100 passkeys in addition to all of the features they have already been able to do. In my case, I use these to secure my password manager, email, NAS, and social media accounts. If my key is lost or stolen, it is useless to the person who finds it because they still need to know my username and password or PIN for the key. Without those, they can reset the key to wipe its memory, but they cannot access any of my accounts. It is extremely important to note that people need at least two keys to start. In my case, I have a nano key plugged into my computer, a 5 NFC on my keychain, and another 5 NFC secured in an undisclosed location (work, safety deposit box, and trusted friend or family member’s home are all good places) so if my home were to burn down, I would still be able to log into my accounts. Part of the reason people need two keys is because there is purposely no way to back them up. YubiKey does not have a server keeping tabs on who has what keys or what is on them. The keys communicate directly with the services so there is no middleman that could be hacked. If a person only has one key and loses it, there is no way to replace or duplicate it. By having a backup key, they just have to retrieve it, log into their accounts, delete the old key, and add a new one. While kind of inconvenient, it is the most secure way to do this. When it comes to using the keys, each compatible service has a way to add them through their account management pages. Once added, simply log in like you usually do and either plug in the key to a USB port and touch the gold tab, or hold the key up to the NFC reader that exists on most current smartphones. If you are using a service without a password, you will be required to enter your PIN for the key. If you already entered a password, most services just need to see the key. The key is then verified in less than a second and access is granted. It is simple. Depending on what devices you plan to use, there are keys for USB-A like this one, but they also have USB-C for newer devices. When traveling, I always have a cheap USB-A to USB-C adapter in my bag so I can use the key on any device I encounter. I can’t say enough about how good these are for security. Not only do I recommend them to my friends, but I bought some for my parents. My father is a frequent target of phishing attempts because of who he is, so these keys add one more major layer of security to protect him and his client data.

I've never used a hardware security key before, and have always been slightly intimidated by them, even as person who's pretty technically inclined. Yubico does what they can to help clear any confusion around how a security key fits into your account security, but unfortunately, there are a lot of standards out there, and each website and system decides which system to implement (if any). Yubico has a page on their website that lists all the providers they know of that support one of the hardware key security standards and will work with a Yubikey. The Yubikey 5 itself, is fairly straightforward. It's a physical hardware device, with some onboard memory for storing keys. This model has a USB-A interface, but may look odd to some because it doesn't have the outer metal box that most USB plugs have. But it fits and works just fine in any USB-A port. It also supports NFC which almost every modern phone has (and some computers). The NFC is actually in a disabled state out of the box until you plug it into a USB port. Yubico explains this is a security measure to prevent the key from being tampered with during shipping. The gold Y in the middle is a touch area (not fingerprint). This helps validate presence, but also since this key will present itself as a keyboard (in addition to being a security key) it spits out a unique random key on the keyboard input. This hardware key works with basically every hardware key standard currently out there. How its implemented is really dependent on the service provider. It could be used as a passwordless verification (e.g. the key is your password), or it could be used as a 2nd factor in addition to a password. Since most services, once a key is setup, require it for all future logins, Yubico recommends getting a 2nd backup key, and setting that up at the same time. That way if you lose one, you'll still have the backup (like a spare car key). That sounds like a good idea, and if you're going the security key route, I would suggest the same. Unfortunately some websites implementation of security keys is lacking, but at least if you have this, your accounts will still be more secure than without it. I just wish all the different protocols and how to set them up was a bit clearer.

The YubiKey 5 NFC was easy to setup the pin and get device ready for use. The reason why I gave 3 out of 5 stars is because the YubiKey website was not helpful; after pin setup and my Windows recognizing the device, I had no idea how use the device to log into Windows. After about 30 minutes trying to figure it out, I gave up. Later, I had to search for videos on YouTube and various sites to finally figure it out. I had to download additional software from the YubiKey website to log into Windows. So I think that the YubiKey website needs to be more informative and user friendly to the users because the video at the home screen did not help. Another drawback is the instructions ask that users have a backup key as well, so this caused some second guessing if I wanted to use it without a backup YubiKey. In the end, after being able to use the YubiKey to login, everything was OK. I will still recommend this to friends and family as it seems very secure because the YubiKey must be plugged into the system for login as extra security. If I had not lost an hour or more on setup, I think I would have given 5 stars.

I was surprised to find out that this product has existed in multiple previous forms and this was the first time I had heard of it. Now that these have become a bit more mainstream some services like Gmail are letting you set them up directly. Requiring the need to be plugged into the device AND have a physical touch to log in adds that extra layer of security many are looking for. This was fairly straightforward for me to set up but you’re unlikely to set one of these up and give it to your grandma. It’s a bit too techy for that. I almost wish these came in a two pack as Yubico themselves recommend you have a backup or second key. I did also encounter a few instances where I couldn’t set it up at all and had to work around it. The NFC portion was a little finicky for me when using it on a mobile device. Overall this is well made and I recommend one for anyone attempting to add more layers of security to their life. The form factor is great and the key itself lends very well to every day carry.

I really wanted to like the YubiKey 5 NFC that I was given to evaluate. I'm a big fan of multifactor (or two factor) authentication (MFA or 2FA in the jargon). Multifactor authentication relies on something you know (like a username/password pair) as well as something you have (for example, a phone to receive an SMS message or a phone app to generate a time based one time password - TOTP). I have several TOTP authenticators on my phone for various websites (e.g. OTP Auth, Norton VIP Access, or Google Authenticator). They all work pretty much the same - you enter your username/password pair, pull out your phone and bring up the proper app, and enter the six digit code that it generates (which typically changes every minute). Yubikey can automate this process, but as a big improvement, it supports FIDO2 (a very secure challenge response protocol) as well as the one-time password world. That's a big win. The problem is that it's really best used with a phone (for NFC) or a laptop (to plug in). If you're a desktop user like myself, then there's often something else plugged into the easily accessible USB port and you still have to touch the key to authenticate which involves serious contortions. Also, a single Yubikey isn't a good idea - you need two so that you have a backup. I have no idea why they don't sell these as pairs since a single Yubikey is very vulnerable to loss and you often (depending on the website) cannot use an alternate authentication method to get in if you lose your Yubikey. At any rate, I'm a bit paranoid so I never log in to finance sites using my phone or laptop connected via wifi. As a result, Yubikey isn't a big win for me.