I have started using YubiKey 5 after receiving a media kit in 2018, and while I have not experienced any security breach on my online accounts, the hardware token has kept me safe from potential cyber attacks. Given the increasing adoption of multi-factor authentication (MFA) by social platforms, products like YubiKey have become even more essential, just like how you would want a hardware crypto wallet to store your blockchain NFT products.
Currently, when signing up online services, the more common forms of multi-factor authentications include SMS, email, authentication apps like Google Authenticator, WhatsApp. What these have in common is that they are all stored within the smartphone, making it the single point of failure. Simply put, once the smartphone security is breached, the scammer will get absolute control and can take over access to your SMS, email, and even your authentication app. There has been increasing incidents of shopping scams in Singapore that make the user sideload malicious apps that are disguised as part of an online order process. Once these malware are installed in your smartphone, it will take over the control of the smartphone and perform all kinds of transactions without you knowing.
This is why hardware security keys offer greater benefit, because hackers can never get hold of your hardware device remotely to proceed with the authentication. Of course, hackers could still access your account if they physically steal the hardware from you, but that would mean you are someone important or holds some really important information. For the rest of us, it probably isn’t going to happen like the spy movies.
You might think that such breaches may not happen to you, but there are a lot of hacking attempts out there that are simply trying their luck to break in. Having 2FA or MFA will reduce the possibility of them succeeding, but adding a hardware security key will further improve the chances of regaining control over your online account. Hackers might be able to replace your mobile number or email address, but they cannot remove the security key unless they can plug in the physical token for authentication. I highly recommend securing your most important online accounts like Google or Microsoft with a hardware security key like YubiKey.
YubiKeys are available in USB-A, USB-C, Lightning and NFC. Visit this page to compare the different YubiKey products.