If you’re looking for a quick, easy, and affordable way to protect your Google account, Facebook, GitHub, Dropbox, Salesforce admin account (and much more), or looking for a way to harden your Mac or Windows login credentials, then you need to take a look at YubiKey.
OK, first off, what is YubiKey?
YubiKey is a small authentication key manufactured by Yubico that can be used to securing access to a wide range of applications, including remote access and VPN, password managers, computer login, FIDO U2F login (Gmail, GitHub, Dropbox, etc.) content management systems, popular online services, and much more.
Basically, Yubikey gives you a way to activate two-factor authentication on your accounts without having to mess about with text messages or third-party authenticator apps. You just plug the Yubikey into a USB port, tap the button, and you’re authenticated. You still require a username and password, but the key gives you the second-step and added security.
The wide range of support makes YubiKey a great choice for personal use, business, enterprise, or even developers.
Physically the YubiKey looks like a small USB flash drive, although there is one that also incorporates NFC for use with Android devices. The keys range in price from $18 for the basic FIDO U2F key (which will work with online services that support FIDO U2F, which include Facebook and Google), to $50 for keys that in addition to FIDO U2F also feature strong crypto, touch-to-sign, plus one-time-password, and smart card.
A chart detailing the available keys along with their specific functionality can be found here.
Now, rather than outlining how you protect your accounts with YubiKey (the instructions on the Yubico website are detailed and will guide you through the myriad different services you can secure with your YubiKey more efficiently than I can) I’m going to look at the pros and cons of that I’ve come across over the past few months.
- Cheap (starting at $18)
- Easy to use (if you can figure out two-factor authentication, you can understand YubiKeys)
- Keys are incredibly robust and totally waterproof (one of mine lives on my keyring and gets bashed about a lot, the other I wear around my neck on a chain most of the time)
- Pretty indistinguishable from USB flash drives so the keys don’t attract attention
- Scalable (customization tools and custom programming options available for business)
- Support for Open PGP encryption and code signing
- Offers a really easy way to secure a Windows, Mac or Linux computer
- Ideally, you need two keys in case one gets lost, stolen, or damaged in some way.
- Not all browsers support U2F so you must be running Google Chrome version 38 or later, or Opera version 40 or later (this is not a YubiKey limitation but a FIDO U2F limitation)
- No iOS support, which means having to fall back on other two-factor authentication methods
- Big gaps in services that use FIDO U2F (no support for Yahoo!, Microsoft online services, PayPal, banks, etc.)
- Some of the documentation can be a little intimidating
- The quickest, simplest way to speed up an old, tired PC
- AMD is making PCs and servers exciting again
- Apple selling outdated 32-bit iOS apps that will soon stop working
- How to securely erase hard drives (HDDs) and solid state drives (SSDs)
- Hidden iOS 10.3 feature highlights apps that will soon become obsolete
This USB thumb drive is one serious and secure business tool: