The first line of defense to an online account is a username and a password. However, malicious actors sprawling the internet have made the traditional account security combo unreliable and risky per se.
Therefore, SMS-based two-factor authentication (2FA) has been heavily utilized to provide another layer of security. Unfortunately, skilled hackers can still find a way to intercept SMS codes.
To detach account security from the monopoly of software-focused methods, universal second-factor (U2F) authentication was developed. The technology uses open standards under the Fast Identity Online (FIDO) Alliance.
Check out our video explaining what is YubiKey, and its pros and cons.
What is YubiKey?
FIDO works to reduce the reliance on passwords when securing internet accounts. YubiKey is a U2F-enabled hardware key developed by Yubico to secure web-based services. Businesses, individuals, and developers can use it.
The key is available in different shapes and connectivity functionalities. While earlier versions only support physical insertions into USB ports on a host device, the YubiKey five series accommodates connection through near field communication (NFC).
NFC allows interaction with the device without physically plugging it into a port. However, the key and the host device must be near each other.
YubiKey Reviews on Amazon
From the reviews left by buyers on Amazon and other platforms, it is evident that the key is a must-have for security-conscious internet users. In fact, over 80% of buyers left a five star score for the YubiKey.
One of the reviewers recommended the Yubico YubiKey to developers, IT pros, and “security-minded users.” Furthermore, they praised its manufacturer for providing GUI-enabled YubiKey manager for those having a hard time on where to start.
Others attributed their happiness to the key’s support for password managers such as LastPass. YubiKey users hail it for ease of use as a smart card and its compliance to the Health Insurance Portability and Accountability Act (HIPAA).
Unfortunately, not everyone is happy with their hardware key. Although the negative reviews are minimal, some raise valid concerns.
Among the main problems is documentation, which isn’t user-friendly. Additionally, a buyer on Amazon notes that the key “is still too complicated for the average consumer, as it’s not exactly a plug and play device.”
How to Start Using YubiKey
The process of enjoying world-class security on your online accounts starts with purchasing the hardware piece from a reliable platform. After receiving a key, visit Yubico’s website, and choose your key from the list.
Specifying the purchase key from the list helps filter the services where it can be used to provide security. On the services list, select the account you need YubiKey’s hand in boosting its security.
Each service is followed by step-by-step instructions on how to connect to the hardware security key.
For example Binance lets you use your YubiKey with their cryptocurrency exchange. This means that your YubiKey is required for authentication before approving any transactions. Note however that Yubikey authentication is not supported on Binance’s Apps and mobile websites.
How to set up your YubiKey on Binance
- Login to your Binance account and click on your profile avatar.
- Choose “Security” from the options, then “Setup.” On the 2FA section, click on “Security Key.” Note that it only provides the needed extra security layer when accessing the Binance.com website.
- Read the note and hit “Continue anyway.”
- Insert the key in any available USB port and press the button at the hardware’s center to activate it.
- Activation needs to be done within one minute after inserting the key. However, it can be repeated if you miss this activation window.
- Once activated, hit “Allow” to the message “Allow this site to see your security key.”
- Next, verify your account. Note that Binance will need you to provide the authentication code from Google Authenticator if you had previously enabled this step.
- Binance will then send you an email at the registered address for you to confirm the addition of a new 2-step verification method using something you physically have.
- After verifying the email, you are done.
Examples of YubiKey-Supported Services
YubiKey works with a host of services such as cloud-based systems, password managers, email platforms, social media, gaming developer tools, cryptocurrency platforms, offline computers, among others.
Examples of cloud-based systems compatible with the security key include Dropbox, DigiCert PKI Platform, DocuSign. Cryptocurrency platforms that support YubiKey include Binance, Coinbase, Kraken, Bitfinex, and Gemini.
Social media platforms with inbuilt support for the hardware key include Facebook, Twitter, Instagram, and YouTube.
For developers and offline computer users, YubiKey is enabled for popular services such as Github and Bitbucket for developers and can be used to login into Mac and Windows computers.
Latest YubiKey Series
The hardware piece is developed in sets, with keys in one batch having additional features than those in previous models.
- Yubico YubiKey 5 Series – Keys in this group are compatible with conventional and new systems. It has enhanced passwordless, multi-factor, and 2F authentication. Also, it has a touch-to-sign button, can be inserted on USB-A and C ports, and has NFC capabilities.
- Security Key Series – Its salient features include dual NFC and USB-A connectors. Additionally, hardware security pieces in this cluster are crush and water-resistant.
- YubiKey FIPS Series – These are certified hardware security keys that can be used for regulated environments such as government institutions. This set weds different functionalities such as one time passwords (OTP), smart card technology, and U2F. Keys in this group have USB-A and USB-C compatibility.
- YubiKey 5C NFC – It has support for NFC, USB-C, and provides a fast yet secure authentication process. This series has a longer list of supported operating systems and browsers than other versions.
- YubiKey Bio – When released, this will be the latest Yubico YubiKey in the market. Its major selling-points are fingerprint recognition, enhanced security, minimal helpdesk calls, and PIN-based login.
From the reviews, it’s clear the YubiKey hardware security key is effectively guarding users against account takeovers. However, which Yubico YubiKey is best suited for your needs depends on its cluster. The newer the series, the more the features and services it can provide.
Despite some users citing complicated documentation, exerting effort to set this up can indeed give that extra layer of security that would keep your accounts safe and give you peace of mind.