Here

YubiKeys are the de facto standard for hardware authentication devices. They are found everywhere, from big businesses to the keychains of security-savvy professionals. They’re one of the biggest upgrades you can make to reduce your risk profile for all sorts of online attacks. While not as affordable as some other alternatives, they’re durable and long-lasting, and will easily serve you for many years. Here are some of the reasons why we think you should get a YubiKey.

A YubiKey will upgrade your security

YubiKeys and FIDO2 are practically immune to phishing attacks

Source: Yubico

This is fundamentally the biggest reason to get a YubiKey. Your online security will be improved by adding one to your workflow.

YubiKeys use strong public-key cryptography to provide second-factor and passwordless authentication using FIDO2 and U2F. What this means in most cases is that your physical key works as your second way of identifying yourself, and is required for authentication in addition to your password to login. There are different standards for two-factor authentication (2FA), and the most common (though basic) is the QR code you can scan to generate TOTP time-limited two-factor codes. A YubiKey can improve the security of these significantly, either by storing the data required to generate a key on the YubiKey’s hardware, which makes it far more difficult to access, or by skipping the code altogether in place of a two-factor standard that requires the physical key to be plugged in (like U2F and FIDO2).

All these acronyms can be confusing, but in practicality, it’s relatively easy to set up. On sites that support hardware keys, you’ll just be asked to insert your key and press the button to authenticate (after you’ve entered a password). For sites that don’t support hardware keys, you’ll need to use a separate app called the Yubico Authenticator to generate your codes. This app will require your key to be plugged in and unlocked (via a six digit pin) before you can use it. Then simply touch the key and generate a code.

YubiKeys complement other best-practices.

Something else we recommend at XDA is the use of a password manager to generate random, secure passwords for each website you visit, and also avoid reusing the same set of passwords over and over. A YubiKey can complement this nicely, adding an extra physical layer of security to your password manager.

Most popular password managers support FIDO2 natively, meaning that you’ll be using some of the strongest possible authentication methods to secure your password manager. This makes it essentially impossible for someone to access your secured passwords without having physical access to your key. FIDO2 is also effectively phishing-resistant, as the credential itself never leaves your YubiKey. While this isn’t unique to YubiKeys, a FIDO2 credential needs to be physically present in the machine to authenticate, requiring a malicious actor to both have access to your physical key and its PIN in order to authenticate in your place.

YubiKeys speed up your workflow

No more reaching for TOTP codes on your phone

Source: Yubico

A second benefit of using a YubiKey is the ability to drop authenticator apps and store your TOTP codes (i.e. the QR codes you scan to setup 2FA) directly on your YubiKey. If you’ve got a YubiKey 5, you can use it as a TOTP generator right on the device, something we’ve covered previously. This means that even if a service does not natively support U2F or security key authentication, you can still make use of your key to store your codes in the Yubico Authenticator app.

This also has tangible workflow improvements. While adding a TOTP code to your YubiKey and backup keys will normally take longer than setting up a TOTP code on your phone, once it’s there, accessing it is far easier. There’s no need to reach for a second device like a phone, and the physical touch required to generate a key means that the same level of security applies. A malicious user who has completely compromised your computer and has access to your passwords would still have difficulty generating a TOTP code as they would be unable to provide a physical touch, and any code you generate is only valid for a maximum of 30 seconds.

We’d generally advise against having multiple factors of authentication stored on the same device, but with a YubiKey it’s far more secure.

YubiKeys work with your mobile phone

NFC-supported keys can be used on your phone too

YubiKeys can also be used with your mobile, provided you’ve got a supported YubiKey. Whether you’ve got an NFC key or a key with a connector that fits your phone, you can use your key natively as a FIDO2 key on both iOS and Android. You can use this for authenticating with services that support hardware keys and with TOTP codes. You have the option of either inserting your key into a supported port for lightning or USB-C keys, or using NFC to simply bring your key near your phone.

YubiKeys are great bits of hardware

Ten years of iterative design are at work

Source: Yubico

Whether you’ve got a tiny Nano key designed to be slipped into your laptop, or a larger USB-A key, YubiKeys are rugged and durable. They can be easily carried on a key ring, around your neck, or just about anywhere else on your person. Since they are not powered, YubiKeys are also waterproof (just let them dry before inserting them into a device of course). They’re generally x-ray proof, so you don’t need to worry about traveling with them. YubiKeys have been around since 2007, and while the hardware hasn’t changed, there’s a legacy of reliable and iterative design that gives modern YubiKeys a variety of functional, rugged, and portable designs.

It should be said though that, unlike some alternatives, Yubico doesn’t standardize the waterproof and dustproof specs for their keys. While there’s plenty of anecdotal evidence that these keys are extremely durable and this shouldn’t be of concern, this is an area they could improve for added peace of mind.

Hardware keys are increasingly widely supported

While the road to hardware key support with U2F and FIDO2 has been a long one, support is getting better all the time. Many popular services now support YubiKeys natively, and there’s a great list of supported services and tutorials for setting them up over on Yubico’s website. You can even use your key to authenticate with your Mac or Windows.

There are some caveats to using YubiKeys. The big one is that it’s essential to keep backups of your keys or codes in order to avoid losing total access to your accounts if you were to lose your key. But the benefits are huge for your online security. Support for this type of device is only going to get better, and these keys remain one of the easy wins to keep yourself secure online.