REVIEW – In a previous YubiKey review, I mentioned how we now live in a world where many websites are being compromised. Along with mobile authenticator apps available, using a hardware device such as the YubiKey is great for extra login security. I had the opportunity to take a look at the newest of Yubico’s hardware keys; the YubiKey 5 NFC. Let’s take a look!
What is it?
The YubiKey 5 NFC is a hardware-based authentication device that provides extra authentication over NFC (Near Field Communications). It also supports FIDO2, allowing organizations to enable passwordless login on a computer that supports FIDO2 open authentication standards.
- Dimensions: 0.7 in x 1.8 in x 0.13 in
- Weight: 0.04 oz
What’s in the box?
- YubiKey 5 NFC along with paper documentation
Design and features
The YubiKey 5 NFC looks much like any traditional USB device, but is flat and with a gold disk in the center of the key. It also has a keyhole to keep it on a lanyard with your EDC gear. I find it useful to keep in my backpack since I have it with me every day and keep it separate to my cell phone that I carry in my pocket.
Just like with the YubiKey 4 and other series, you can add this hardware key to tons of online services that support two-factor authentication. You can look into account preferences for an option along the lines of “set up a hardware key”. Then insert your YubiKey into your computer’s USB port, follow instructions, and all is set. When logging in, you touch the gold plating on the YubiKey to activate log on.
With this YubiKey 5 NFC, you can simply touch the key to the back of your phone (if your supports NFC). I have the Google Pixel 2 XL, and was able to set up my second Google account easily. I touched the key to the back of my phone shown above. It buzzed and then logged me in. It’s a little bit easier than using my mobile authenticator app, copying the password, and then logging into the site directly.
The software and services that support two-factor authentication with YubiKey are listed on their website. You can also use the YubiKey Authenticator for desktop or Android to generate OATH credentials on your YubiKey. Note: Since I already use the Authy Authenticator app with all my online services, I didn’t test this out. It’s also possible to log onto Windows 10 and all Microsoft accounts using the YubiKey. (Windows 10 version 1809 update and Microsoft Edge need to be installed for this to work.)
What I like
- Extra security for most online services such as Google, Dropbox, most social media sites etc.
- Durable, waterproof, and crush resistant
- Fits on a key chain for portability
What needs to be improved
- If you lose your YubiKey, then you’ll need to reconfigure all of your apps to use another authentication method
- Expensive for a small usb device
Overall, as someone who appreciates an extra layer of security in her web apps, I really love using my YubiKey. It puts my mind a bit more at ease when logging onto my laptop, work machine, or phone. I think it’s very much worth grabbing one if you can!