Customer Ratings & Reviews

Account security is (or should be) on the mind of everyone using the Internet these days. It seems like every day there is news of a new breach, a new huge set of accounts and passwords leaked on the dark web, or even personally having an account compromised. As a defense against these kinds of attacks where a single password can grant access to an account, many service providers are now starting to offer multi-factor authentication. This can be as simple as a text message or an e-mail with a code to verify that you are who you say you are. The most advanced methods are called “passkeys” – an ultra-secure method of creating a trust between a device, such as a Yubikey, and the website or service being accessed. Passkeys typically require something you have, such as the Yubikey, and something you know or are, either the account password or a PIN, or a biometric authentication with a fingerprint or facial recognition. The other advantage is that passkeys are much easier to use than long, complex passwords. One of those rare times where the more secure option is also more convenient. As the world slowly moves beyond passwords to a passkey-based method of authentication, a YubiKey may be a useful thing to have around. Hardware wise, there isn’t much to talk about. The device is a small, thin, key that has a touch sensor, USB-C, and NFC connectivity. It’s very solidly built and designed to go on a keychain in a pocket. Setting it up was also very simple – I signed into a google account, went to account security settings, and added it using an iPhone and the NFC feature. I then went to a Windows 11 PC that had never been signed into that account, and used the key as the second factor to prove who I was by plugging it into a USB-C port and touching the touch sensor when prompted. It’s easy to use. The real question is, do you need it? For enterprise use, a Yubikey can provide a way for a company to secure their services without having to force employees or contractors to install apps on a personal phone or issue a company phone, so there is a big commercial market. As a home user, most of the services now supporting passkeys can also use your phone or PC as the passkey, instead of needing to carry the Yubikey around. The big advantage of a Yubikey is that it isn’t tied to any single device, and since it is offline and unplugged most of the time it is extremely secure. It can also be a great backup passkey in the event that you lose your phone or it breaks and you need to get into your accounts while getting set up on a new device. It is an inexpensive extra layer of security as the world continues to move beyond passwords and into a more secure (and convenient) world of passkeys.

I’m not sure why, but I’d always been a little intimidated by the thought of switching over to a hardware based security key. Now that I’ve tried the Yubikey, I realize I shouldn’t have been afraid of doing so. The procedure to add a Yubikey as an authentication method largely depends on what service (Google, Microsoft, Facebook, Coinbase, etc…) you’re adding the security key to. So far, I’ve only added it to a couple of services, but it has been extremely simple. If you’ve ever added something like Google Authenticator as a 2FA to a service, adding a Yubikey will be similar, and even simpler in most cases. Yubico highly recommends having a second Yubikey, and also adding that as an additional 2FA method when you add the first key, just in case something happens to one of your keys. Although this sounds a bit daunting (expensive), every service I’ve added the Yubikey to so far has also let me keep my prior 2FA method as a backup. Granted, in order to take full advantage of switching to a hardware security key, you should disable other 2FA methods. But that’s going to be a personal choice. Using the key as 2FA to access a site/service is very simple. Just login with username/password, insert your key when prompted, then touch the key when prompted. Done. Some sites will also prompt you for your security key PIN, but it’s still very simple. And if you’re logging in from a mobile device that supports NFC, you don’t even need to plug the Yubikey in - just tap it to your device. The only thing that somewhat concerns me about this particular key is that the USB-C connector is exposed. Not sure how much pocket crud it’s going to collect, but we’ll see. So, if you want to take the next step in securing your accounts, Yubikey is a good choice.

This security key is more or less the standard in this space. It is compatible with most sites and services that support security keys. I have a couple of older keys from Google, but given my hardware these days I really needed some keys that worked with USB-C. That, along with its NFC capabilities, means I should be covered more or less with whatever devices I have going forward. Further, I just didn’t like the form factor, look, and build of the Google keys. This key is built well, sturdy, should last over time, and is a nice compact size. Beyond that, however, it provides a more robust range of supported authentication protocols. There is also plenty of on device storage, at least for my needs. All in all, with both the hardware and firmware being offered, I expect I should be worry free for some time. Getting everything set up was rather straight forward for me, but I have been using keys for some time. The process is not overly difficult, but definitely familiarize yourself with everything a little before going in, and definitely head to the Yubico website for a little guidance. I mainly use this for 2FA (two-factor authentication) for some of my more important accounts, as well as for some log-ins. Everything has been perfect for me so far and I don’t think there will be any issues going forward. In the end, I like this key. It is very well built, it works very well, it does everything advertised, and it comes from a respected name in the space. As always, check your use case, as this key could be overkill for some, but if your needs match up this is the key you want. Full stop.

This security key is very easy to use, and I really appreciate that about it. It doesn't even necessarily need any special software to be set up unless you're using an Apple device. It's pretty much plug-and-play. To make things even simpler, YubiCo's instructions are very clear and easy to understand. They're very detailed, so even someone who's never set up a security key before would be able to do so by just following the step-by-step guide. The only thing really lacking about their instructions was a warning that Windows Hello would default to itself as a security key, and a note that I'd have to manually select each time. As for the key itself? It's lightweight without being flimsy. I've never encountered an error while using it, so the hardware seems functional enough. After I got the key set up, I used it to log into accounts on a computer I had just factory reset; and I had no trouble. I didn't even install the key management app on that machine, it just worked. Adding the key to my accounts was also incredibly easy, and never gave me an issue. Overall, it just kind of works. While a lot of things let you use your phone as a security key, some places don't permit phones and sometimes you'll run out of battery. This is perfect for those situations. And honestly, it feels a lot better to use than punching in rotating 2FA codes from an app. It's just so simple and easy and a lot less fiddly. I would absolutely recommend getting one or several of these.

The YubiKey 5C was simple to use on both my Pixel 7 Pro and my Microsoft Surface Tablet. I was able to add it to my Google Account and my Microsoft account for added security. You do have to also provide a PIN code when the YubiKey is inserted into your device or tapped with NFC followed by having to touch the sensor on the key to be able to log in to your accounts. For me, this is the best way to secure your device but Yubico does advise to get 2 of these in case you lose one. If you have other 2FA settings turned on, you can technically log in to your accounts with those methods as well. At this point, both Google and Microsoft offer various 2FA methods that it makes this product less of a need unless you really want to be absolutely secure. In this day and age, I really like having the key as an option to secure my account especially when using someone else's computer or mainly using for my work accounts. Being able to secure my Microsoft and Google accounts to this level gives me piece of mind that only I will have access to sensitive information.

First off I have to say that I am super impressed with the YubiKey 5 NFC’s superior performance in regard to the security of my computers. Like so many others, I am really concerned about keeping the information on my computers safe from intrusion. We have seen some of the largest systems in the world hacked recently and witnessed just how seriously important it is to have steps in place to prevent hackers and others from gaining access to our computers. Before acquiring the YubiKey, I wasn’t very familiar with how such devices work. After a lot of research, I became a little more at ease with letting something so small and inconspicuous “take control” of the security of my computers. However, I was not yet comfortable enough to use any of my primary computers, so I opted to test the YubiKey on a computer that “didn’t matter” very much. The initial setup was both simple and easy. Users are instructed to go to YubiKey’s start page to both learn about the YubiKey, and how to begin using it. This is where the process can become a bit tedious. If you want to secure individual services, you have to register the YubiKey with each one. Pretty much the same as registering a user name and password like we do now. But once the YubiKey is registered with that service, about all that is required is touching the YubiKey and you’re all set to go. So all that is the easy part. Like any 2FA or other security measures, more is required than a simple password. YubiKey is simply a very sophisticated additional layer that keeps unwanted people from accessing your computer or phone. YubiKey supports multiple protocols including FIDO, FIDO2, U2F and others. In other words, this guarantees that it will work with a whole host of services and apps. But as I learned, it is important to invest some time in understanding some basic (and some advanced) authentication protocols. I say that only to reiterate that even though YubiKey is compatible with a wide range of services and applications, each of those services and applications have their own protocols in place for registering YubiKey. In short, if all you all looking for is making sure your friends, co-workers or certain family members can’t gain access to your cell phone, tablet or computer, the YubiKey is probably more advanced than you need. But if you are wanting to protect sensitive data, social media accounts, work accounts, etc, then by all means, YubiKey is the perfect solution. It’s an extremely powerful tool that is relatively easy to use, it is amazingly durable and although not waterproof, it is extremely water-resistant. But the elephant in the room… What happens if the YubiKey is lost, stolen, or damaged? First of all, YubiKey recommends having at least one backup key, preferably more. If it has been simply damaged or lost, it would be next to impossible for anyone to associate the key with any of your devices as no such information is stored on the YubiKey. The only concern would be if it is stolen, and the person knows which device(s) you use with the key. Thankfully YubiKey’s customer service is top-tier, and they are more than willing to help anyone who happens to find themselves in the horrible situation of having lost access to their key. All in all the YubiKey is the perfect solution of superior levels of device/data protection. With such a wide range of compatibility across so many applications and services, it will practically guarantee a whole new level of peace of mind. The YubiKey is something I most certainly will be recommending to not just my friends and family, but to businesses as well.

It seems like a new data breach is reported daily on websites. In almost all cases, attackers were able to gain access to usernames and passwords to steal data, or worse, steal money. Unfortunately, it’s been extremely difficult to thwart the attackers because the password ecosystem is so weak. Passwords often have many points of weakness such as being easy to guess, or being stored in unencrypted files that can be read. Now the industry is trying to fight back by getting rid of the need for websites to store IDs and passwords. So instead of authenticating to a website using an ID and password that’s stored on the site, you authenticate to a physical device in your possession — and that device lets the website know you’ve been authenticated. In this process, passwords are never stored on the website. In order for the physical device to let the website know you’ve been authenticated, the device and site use a mutual protocol like FIDO2 to create a passkey that’s stored on the device. So when you login, the site will ask you for a passkey instead of a password. And the passkey is only presented when you’ve authenticated to the device. That’s a simplified explanation of what’s going on behind the scenes. So what physical device should you use? Here’s where Yubico comes in. Yubico has a line of devices like this YubiKey 5C NFC. This authentication key can be used in a USB-C slot or with devices that support NFC (there is also an NFC version that supports USB-A). The setup and use of the key varies depending on the site. Some sites always require you to use the key to authenticate, while others require the key only when logging in from an unknown device (like a new phone or browser). With my Gmail account, for example, the YubiKey is a way for me to authenticate on a new browser, phone, computer, etc… Instead of asking my for my password, Google asks me to insert the key and enter the PIN that was created in setting up the YubiKey with Gmail. Since my iPhone is NFC enabled, I can also just hold the key near the top of the phone instead of inserting it. Once that’s done, Gmail does not ask me to login again with my key on that browser. Physically the device is simple to handle, high quality, crush resistant and IP68 water and dust resistant. It can also be attached to a key ring. The most challenging thing about the key is Yubico has no real control over how passkeys are implemented on a website. That’s up to the website, which means some sites are easier than others to setup and use. Also, some password managers can create software passkeys, which complicates the experience because the UI can get messy. But if security is important and you’re willing to understand the processes of using passkeys, then the YubiKey 5C NFC is a 5-star choice.

The YubiKey is a neat little gadget, but I believe it’s really for people that already know quite a bit about security and multi-factor authentication (MFA). Setup may be easy for a site like Google, but other sites aren’t as straightforward and have caveats to watch out for. The 5C NFC model has all the bells and whistles for security but be prepared to do some searching and digging into details to figure out how to use those features. Oh, and you’ll want (and possibly need) to buy two YubiKeys. A lot of sites now days use MFA with TOTP (time-based one-time passwords). A common way they implement it is to send you a text message or email with a code that’s good for a few minutes. This is pretty good security because you need to physically have your phone or control of your email account. However, hackers can sometimes get into your email, or even go to the extreme of “SIM jacking” to take over your phone number. The YubiKey thwarts both of those by requiring physical possession of the key to authenticate. Another method a site might use is a 3rd party authentication app like Google or Microsoft authenticator. These generate a time-limited code that you enter for authentication. However, hackers have learned to create “phishing” pages to make users think they’re logging into a real site, but they enter their credentials and the authentication code into the fake site, giving the bad guys access to their account. Finally, another method some sites use, particularly financial institutions, is to use their app on the phone for authentication without having to enter any TOTP codes. For example, if you login to Vanguard on a desktop you’re able to select authentication via the Vanguard app on your phone. After you enter your credentials, it then sends a push notification to your app. You authenticate yourself on the phone app (thumbprint, face ID, etc.) then acknowledge the push notification. This communicates back to the site and your desktop session is then logged in. This is a very similar level of security to using a YubiKey and depending on how you normally access everything, might even be an easier option to use. In fact, Vanguard doesn’t support security keys with the mobile app (only the desktop web interface) and they say, “if you usually access your Vanguard accounts on a mobile device, security codes or mobile app verification would be more convenient for you.” So, you just have to do some research and figure out what’s best for your use case. One consideration for me is I very rarely carry keys with me anymore. I’m a little worried that a) I'll not have the YubiKey with me when I need it or b) I’ll misplace it if I’m not using it all the time. I don’t go anywhere without my phone, though, so I’m a lot more confident in using it for authentication. Yes, I could get phished on my SMS or authenticator app accounts, but at least my most important accounts now use the mobile app authentication which is pretty secure. I’m going to continue using the YubiKey on some of my accounts and plan to do a lot more reading about it. I expect to find more uses for it as time goes on and, given all the protocols it supports, I think it’s well positioned for the future. The bottom line is this: If you’re someone who doesn’t mind going the extra mile to be super secure, then I think you’ll love this YubiKey. If you’re an average user that just wants to be as secure as possible, there may be better alternatives that are easier and still secure.

What – Hardware security key that includes both NFC and USC type-C interfaces Why – Hardware security keys offer a physical mechanism for authenticating to your online accounts providing additional protection. TIPS - Buy two. You will want a primary and a backup that you can keep in a safe place. - Download the computer app so that you can set a pin for your key for additional security I chose the USB-C version because I think it will be the most useful long term vs Lightning or USB-A versions. You can easily buy adapters to convert from USB-C to USB-A if you need the flexibility. The plastic body of the key feels really solid and I have no concerns keeping this on a keychain. Since it is USB-C there is a chance lint or stuff in your pocket gets into the connector long term. I wish they included an attached cap or something that could help keep it clean. There are several strategies and ways that you can use a hardware key and here are some that I would consider - Directly with the service or account as an multifactor authentication mechanism (MFA) if they support it. This is great for primary accounts and financial institutions as it provides the most security. - As a MFA method for your password manager. - As a MFA method for your authenticator application. Yubico provides great documentation/instructions for setting up a variety of different accounts. I was able to easily follow these instructions for setting up MFA utilizing the keys for my Apple and Microsoft accounts, though I did have some issues getting my iPhone to scan the NFC tag initially. It’s important to not do a quick tap a hold hardware key to correct area of your device until you receive confirmation that it was scanned. I also set up my Yubikey as a MFA method for my password manager as an additional layer of security there as well. Yubico also offers an authenticator application which has built-in capability for their hardware key, but I haven’t utilized that yet. Overall, very happy with the functionality and additional security that this hardware key provides!

The Yubikey 5C NFC is the latest version of the security key, featuring multiple security protocols, a touch interface, and NFC support. The setup process, as outlined by Yubico, is moderately challenging, requiring a step-by-step approach. Users must download either the Yubico Authenticator or Yubico Manager, each with distinct functionalities. For Yubico Manager, once installed, plug in the Yubikey to see the firmware and serial numbers. The simple interface has tabs for home, applications, and interface. It displays key information and supports OTP, FIDO2, and PIV protocols for both USB and NFC. The first crucial step is to set up a PIN for authentication by changing the default PIN in the applications tab. The Yubico Authenticator offers more features, including tabs for home, accounts, passkeys, and certificates. It provides additional details, like the number of accounts and passkeys stored, accessible via a PIN. This ensures unauthorized users cannot access the key's information without the PIN. If the key is lost, the Manager allows deletion of the key from your account, though you lose stored keys and OTPs. Yubico recommends having a backup key set up simultaneously and stored safely. Setting up two-factor authentication with the Yubikey is service-dependent. For Google and Microsoft accounts, enable two-factor authentication first, then add the security key via the Authenticator app on your phone. Simply touch the key to register it. Logging in thereafter requires the hardware key and PIN. Overall, the Yubikey 5C NFC provides superior security compared to app-based or OTP methods, ensuring control even without network access. The Yubikey authenticator offers additional support if the physical key is unavailable. The device works reliably, providing robust two-factor authentication, making it highly satisfactory.

Unboxing this there was no documentation. I tried to enroll this via the online video on yubico’s website and that option was not there. Ultimately I needed to download a Yubikey manager and click on slot 1 to get a serial, private and secret key. The. i needed to provide my companies admin to add to our Duo account. Then they added it for me. When I authenticated it was plugged into my computers usb-c port and nothing happened. Then I thru trial and error learned that I had to hold the gold circle down for 2-3 seconds to authenticate. I can see the value of this device but it is way too complicated for setup and from the online instructions I found to setup to authenticate to my Iphone it requires 2 keys not 1. This would only be something useful if you had it or Geek Squad to setup for you. They should provide better instructions or an app with guided setup. I think this would be scary if you did not have help setting this up in thinking that you can lock yourself out of your device or computer if done incorrect.

Awful, and terrible service, It was schedule to be delivered in 2 days but never arrived from OnTrack. Still waiting for my refund.