In today’s world of technology and internet security, there always seems to be a website being hacked and personal details being compromised. A password, even a complex one, isn’t really enough. Luckily there are a few options out there to make our data a bit safer. You can use two-factor authentication with software (using an authenticator app on a mobile phone, for example) or using a hardware key, such as Yubico’s YubiKey. Two-factor authentication (2FA) adds an extra layer of security to your account that you, and only you, can access in order to prove your identity. Let’s take a look at how the YubiKey 4 and 4 Nano work.Note: Images can be clicked on to view a larger size.
Different services use different types of security protocols. YubiKeys are capable of performing multiple protocols, so you can use the same key for almost an unlimited number of services. U2F is a popular open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers, or client software needed.
YubiKey 4 Series comes in multiple form factors. Each option includes the same internal components, functionality, and capabilities. I was sent the 4 and 4 Nano.
The YubiKey 4 fits on a keychain and plugs into a USB-A port such as on my 2015 Macbook Pro
The YubiKey 4 Nano is good for semi-permanent installation and also plugs into a USB-A port. I have put mine on a lanyard for convenience.
Benefits of the YubiKey
- Prevents unauthorized access by requiring the physical presence of the key to log in on that device
- Easy to use: Plug it in and touch the gold button or edge; no codes to type or apps to install
- Affordable: The same YubiKey can be used with nearly unlimited services
- Durable: Crushproof and water-resistant, no batteries or moving parts
- Everywhere: Use it on Microsoft Windows, Mac OS X, Linux, and Chrome OS for Chromebooks
- Convenient: Fits on a keychain, in a wallet, or inside a USB port
The YubiKey 4 Nano is on the left, and the YubiKey 4 is on the right. For size reference, I’ve included an US dime coin.
YubiKey works with tons of online services and applications such as Google, Facebook, Dropbox, Windows, MacOS Sierra, and password managers such as LastPass, Dashlane, KeePass, etc.
For LastPass, it was very easy to set up the YubiKey. In account preferences, it will ask you to insert your device into the USB port and touch the gold plate on the key itself.
It then acts as a keyboard and types a long string of characters into the YubiKey slot. You can add multiple keys for extra security, which is really nice to have. (This is a feature of LastPass Premium.)
The same process goes for adding it to any of your favorite online services. Look into account preferences for an option along the lines of “set up a hardware key”. Then insert your YubiKey, follow instructions, and all is set. The YubiKey 4 and 4 Nano work exactly the same by touching the gold plating on the device to activate the key when logging in. It’s given me peace of mind knowing that I have an extra layer of security on top of my two-factor authentication mobile app and password. To note, you aren’t stuck if you lose your YubiKey or don’t have it near you. You can still log in with a mobile authenticator token, or old-fashioned password.
- Very easy to set up
- Very easy to lose unless attached to keys or a lanyard
I highly recommend investing in a second or third round of protection for your most used and important websites. The YubiKey is available at a discount for education, GitHub users, and also available in bulk trays for businesses.