The YubiKey 5 series has been around for about 2 years, and back then I did a review of the products. For the uninitiated, YubiKeys are basically hardware security keys to achieve secure 2-factor authentication. As we progress in the digital era and with so much concerns about cybersecurity, owning a YubiKey makes sense especially people who high stakes in safe-guarding their online identity, for instance, influencers, celebrities, brand owners.
I have done a detailed explanation on my earlier article, but if you decide not to click and read the article, here is a summary of features:
- Supports the following protocols: FIDO2/ WebAuthn, FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and challenge-response.
- Replaces other 2-step verification methods like mobile phone SMS OTP.
- Supports hundreds of popular brands, platforms and services like Windows, MacOS, Google, Facebook, Dropbox, Instagram, Twitter, WordPress, RSA, LastPass and others.
- Works with online services, developer tools, computer logins, remote access, password management, encryption tools.
Similar to other YubiKey 5 Series, the YubiKey 5C NFC supports multiple authentication protocols. This multi-protocol support enables one key to work across a wide range of services and applications such as email clients, identity access management (IAM) solutions, VPN providers, password managers, social media platforms, collaboration tools, and many more.
The most popular model is the USB Type-A, but clearly with more laptops using USB-C, Yubico has released the new YubiKeys 5C NFC variant. It is the world’s first multi-protocol security key with smart card support, designed with both near-field communication (NFC) and USB-C connections on a single device.
With one simple tap or touch, the YubiKey 5C NFC can be used to authenticate across all leading platforms — iOS, Android, Windows, macOS and Linux — and on any mobile device, laptop, or desktop computer that supports USB-C ports or NFC. YubiKey authentication is definitely faster than logging in with conventional one-time passcode issued over the mobile network.
Yubico also released stickers called YubiStyle Covers to personalise your YubiKeys. I have been using the YubiKey 5 NFC for all these years to authenticate some of my online login accounts and it is more reliable than SMS or email because it does not depend on mobile network availability to send the one-time authentication code. On several occasions, I have encountered issues because I was unable to receive SMS messages on time. Since it does not send the 2FA through networks, it eliminates the possibility of hackers intercepting the code.
I would love to use YubiKey for all authentication but not all platforms support YubiKey, so I had to use a mix of 2FA, like Google Authenticator app which admittedly works rather well too. Still, the ability to use software authenticator assumes you have access to your smartphone, which is not always the case, for instance, if it gets misplaced or stolen. Having an alternative authentication like YubiKey is critical and essential. Many platforms like Google and Facebook already support multiple authentication methods, so one of them should be a YubiKey in case others fail.
Ironically, another advantage of YubiKeys is the ability to share the authentication token to another trusted party easily. If you are using other authentication modes like SMS or email, you would have to change the mobile number to another person, or provide access of your email account to receive 2FA, which is definitely not a good idea.
The YubiKey 5C NFC comes at a time when COVID-related phishing attacks continue to surge in the context of remote work, and millions of corporate-owned devices are now shared with families and home networks, making it critical for companies to secure users from any location and machine.
Yubico was founded in Sweden 2007 and expanded to USA in 2011. The core invention is the YubiKey, a small USB and NFC security key. They pioneered the design of the first one-time password authenticator to work with a simple touch and with no client software. They also co-created the FIDO Universal 2nd Factor and FIDO2 open authentication standards in collaboration with Google and Microsoft. Their work also contributed to open identity standards organisations W3C, IETF, FIDO Alliance and OpenID.
YubiKey is is distributed in Singapore by DT Asia Pte Ltd, available from Lazada Mall.