Home » Multi-Factor Authentication » Security Keys » Should I buy a YubiKey Security Key?

Should I buy a YubiKey Security Key?

DISCLOSURE: THIS POST MAY CONTAIN AFFILIATE LINKS, MEANING I GET A COMMISSION IF YOU DECIDE TO MAKE A PURCHASE THROUGH MY LINKS, AT NO COST TO YOU. PLEASE READ MY DISCLOSURE FOR MORE INFO.

Table of Contents

The popularity of Security Keys exploded within the last few years. As a result, you can use your YubiKey with more services than ever, including, of course, the well-known giants like Google, Facebook, or Twitter, to mention a few.

You should buy a YubiKey if you like to take the safety of your online accounts to the next level. Unlike authenticator applications, which are vulnerable to malware and hacker attacks, YubiKey is a hardware device with secrets stored on a secure chip inside the YubiKey. With YubiKey having no internet access, your secrets cannot be copied or stolen.

Most popular services already support authentication using YubiKey, and it’s just a matter of time before everyone else will follow.

I have over 300 online accounts, which is twice what an average internet user may have, according to the Dashlane research. In addition, many of my accounts are secured with Two-Factor Authentication using either Microsoft or Google Authenticator apps.

You may also like: Google Authenticator vs. Microsoft Authenticator – Which one is better?

However, some of these accounts are critical to me. Therefore, I wanted to secure them using the latest and most secure authentication method available, which meant I had to buy a YubiKey Security Key.

I would recommend my personal favorite YubiKey 5C NFC, a very versatile Security Key with the latest USB-C and NFC technology, allowing you to use it with your NFC-enabled devices just by tapping it.

If you are an Apple user, the YubiKey 5Ci is the best next choice, in my opinion. Although it lacks NFC connectivity, it has a dual connector with support for USB-C and Lightning.

You may also like: Secure Your Coinbase account with YubiKey – A Complete Guide.

Of course, you can also check the whole range of YubiKeys on the Yubico website and pick the one which suits you best.

If you are unsure which one to select, make sure to take the Yubico quiz, which will help you choose the best option.

Why do you need a YubiKey?

Convenience – Quick and Reliable.

The idea that I no longer have to search for my phone and rely on the Authenticator app to generate a code which I then have to use within 30 seconds was one of the main reasons I decided to buy a YubiKey.

You may also like: Popular Password Managers that Work with YubiKey.

Now, I can simply either plugin and touch my YubiKey or tap the back of my NFC enabled device to authenticate access to my most critical accounts without relying on the app installed on my phone.

Touching the YubiKey 5C NFC inserted into the laptop USB-C port..
Authenticating with my YubiKey 5C NFC inserted into my laptop USB-C port.
Tapping the back of the phone with a YubiKey 5C NFC.
Authenticating with my YubiKey 5C NFC by tapping the back of my phone NFC antenna.

Although I’m still using Microsoft and Google Authenticator on accounts that do not yet support the YubiKey, I was never a fan of both.

The Google Authenticator app does not even offer a backup option, although you can transfer your 2FA codes to a new phone if you have to.

You may also like: Google Authenticator vs. Microsoft Authenticator – Which one is better?

On the other hand, although Microsoft Authenticator provides a complete cloud backup, I cannot say that I’m happy to rely on a third-party service to guard my 2FA codes.

However, the accounts I have secured using either Microsoft or Google Authenticator apps are far less critical. As such, I’m happy to have them secured with this type of Two-Factor Authentication.

The convenience of authenticating with a YubiKey becomes apparent when you try to log in to one of your accounts on your mobile phone using the TOTP secrets generated by the authenticator app.

You have just 30 seconds to copy the code, change the app, and paste the code when requested on the login screen.

I have no problem with that, but please explain that to my wife ;-).

YubiKey is Ultra Secure.

As you already know, any software downloaded to your phone or computer is vulnerable to malware and hackers attacks.

Unlike Authenticator apps, the YubiKey is a hardware device, and your secrets are stored on a secure chip inside the YubiKey. Furthermore, as the YubiKey does not have an internet connection, your secrets cannot be stolen or copied.

You may also like: Secure Your Coinbase account with YubiKey – A Complete Guide.

However, you should treat your YubiKey like any other key and get a spare one to act as a backup if you lose your primary YubiKey.

I will again recommend my favorite YubiKey 5C NFC if you are a PC or Android user and YubiKey 5Ci for a macOS or iOS user.

What can YubiKey be used for?

As I said earlier, the number of services and applications currently supporting the YubiKey is growing rapidly.

Below is just a few examples of some of the services or applications which support YubiKey.

However, if the service or the application you are interested in is not listed below, make sure to visit Works with YubiKey catalog on the Yubico website.

Supported TechnologyService/Application
Computer LoginWindows, macOS, Linux
Online ServicesGoogle, Microsoft, Facebook, Dropbox, Amazon, and more.
Password Managers1Password, LastPass, Dashlane, KeePass, Sticky Password, and more.
Remote Access & VPNSymantec, DUO, RSA, AuthLite, and more.
Developer and Encryption ToolsGitHub, GitLab, Docker, Fedora, Debian, CentOS, and more.
Examples of services or applications which support YubiKey.

How safe is YubiKey?

According to Google’s research paper “Security Keys: Practical Cryptographic Second Factors for the Modern Web” the Security Key, like YubiKey, protects the users against password reuse, phishing, and man-in-the-middle attacks while maintaining high usability and deployability.

In short, Security Keys offer similar usability to just passwords while being much more secure.

Google, Security Keys:Practical Cryptographic Second Factors for the Modern Web.

The excerpt table below summarises the benefits of the Security Keys over other security schemes like Authenticator apps or authentication via SMS text message.

Table showing Comparative evaluation of Security Keys to similar schemes  based on Google research paper.
Comparative evaluation of Security Keys to similar schemes – Source: Google, “Security Keys: Practical Cryptographic Second Factors for the Modern Web.”

It is also worth mentioning that according to Yubico, in the last 11 years, there was no single account takeover secured with a YubiKey.

If this is not enough to convince you, I don’t know what is.

How much does YubiKey cost?

The price of each model of YubiKey varies widely and depends on the application, connector type, or form factor.

Below is a summary of the categories or applications each YubiKey model falls into and the corresponding price range.

For the latest price, full descriptions, and pictures, please visit the Yubico store page.

Category/ApplicationDescriptionConnectors – Form FactorSupported Security FunctionsPrice Range
For Business and Professionals – YubiKey 5 SeriesWorks with the most web services and includes most feature-rich security that prevents account takeovers and offers one-tap login. USB-A
USB-C
Lightning keychain
nano
WebAuthn
FIDO2 CTAP1
FIDO2 CTAP2
U2F
Smart Card
Yubico OTP
OATH – HTOP (Event)
OATH – HTOP (Time)
OpenPGP
Secure Static Passwords
$45 – $70
YubiKey Bio SeriesPasswordless biometric authentication.USB-A
USB-C
WebAuthn
FIDO2 CTAP1
FIDO2 CTAP2
U2F
$80 – $85
For IndividualsAffordable and will work with most popular services, although to work with LastPass, a YubiKey 5 Series is required.USB-A
USB-C
WebAuthn
FIDO2 CTAP1
FIDO2 CTAP2
U2F
$25 – $29
For government – YubiKey 5 FIPS SeriesIf you need to fulfill the highest authenticator assurance level 3 (AAL3) requirements outlined in the NIST SP800-63B specification. USB-A
USB-C
Lightning keychain
nano.
WebAuthn
FIDO2 CTAP1
FIDO2 CTAP2
U2F
Smart Card
Yubico OTP
OATH – HTOP (Event)
OATH – HTOP (Time)
Secure Static Passwords
$55 – $90
For servers Self-explanatory.USB-A
Nano
$650 – $950
YubiKey models price range per application category.

Which YubiKey is right for you?

Although Yubico offers a “For Individuals” YubiKey series (See the table above), which should be entirely adequate in most applications, I love my YubiKey 5C NFC due to the NFC connectivity and its wide range of supported security functions which in my mind future proofs the investment.

If you are an iOS or macOS user, I believe your only choice is the YubiKey 5Ci with USB-C and Lightning connectors. Unfortunately, this security key does not offer NFC connectivity which is weird considering its price point.

I also own the YubiKey 5C Nano, YubiKey 5C as my backup key, and the newest YubiKey C Bio – FIDO Edition, which I haven’t had the chance to test yet.

My YubiKey gold disk flashing yellow
My YubiKey 5C NFC Security Key.
My YubiKey models for testing.
My YubiKey models for testing.

Where can you buy a YubiKey?

The best place to buy a YubiKey is the official Yubico store.

Again, make sure to check the Yubico Quiz to find out which YubiKey model is best for you, and don’t forget to budget for a second key as your backup in case your primary YubiKey was lost.


My Favorite Software and Hardware.

I appreciate your visit to my blog. I trust that you found the information helpful. To help you further, I'd like to share the software and hardware that I personally use and find valuable. These links are affiliated, meaning that if you make a purchase, I will receive a small commission without any additional cost to you. For more details, please refer to my Disclosure. To be transparent, the software listed is what I have installed on my computer, and the hardware mentioned is what I use to secure my online accounts and store my passwords.

1Password Manager - After three years of use, I can confidently say that 1Password is the best password manager available. Its user-friendly design and robust security features make managing your passwords and personal information a breeze. If you're interested in trying it, head to the 1Password website, where you can start a free trial or take advantage of the latest deals. I assure you, you won't regret switching to 1Password.

YubiKey Security Key - Enhance the security of your digital assets with a hardware authentication device, and I suggest the Yubikey 5C NFC. This is the device I personally use, and it provides additional convenience through its NFC compatibility with your phone. If you're an Apple user, the YubiKey 5Ci is a solid choice and my go-to recommendation.