Home » Multi-Factor Authentication » Security Keys » What if I lose my Yubikey?

What if I lose my Yubikey?


Table of Contents

I have lost my YubiKey recently, and my heart sank when I realized that I could lose access to my most important accounts. Luckily, that feeling lasted only a few seconds as I knew that I had taken the necessary steps to prevent this from happening.

I follow a few rules every time I secure my accounts with YubiKey or any other form of authentication like 2FA, for example.

These simple rules allow me to access my accounts in the event of losing or damaging my Yubikey or losing access to my Authenticator app, like when I lost my phone with Google Authenticator on it.

To regain access to your account after losing your YubiKey, check if the application or service supports an alternative method of authentication. For example, you can use a code generated by your Google Authenticator app to regain access to your account. Alternatively, you can use your Backup Codes or authenticate via SMS if this is the option you have configured. Once you log in, make sure to de-associate the lost YubiKey and register a new one.

You may also like: How to use YubiKey with NordPass?

If all the above has failed, there is a big chance that the service or application you are trying to use offers a credentials recovery method. Contact their customer support service, and be patient. The process may take a while.

Can someone else use your Yubikey?

If you lost your YubiKey, there is a chance that someone will find it and try to use it.

Keep in mind, though, that the Security Key is not enough to log in to your account. Your login and password are also needed.

Most importantly, the person who found your YubiKey will face an almost impossible task to figure out who that YobiKey belonged to, not to mention knowing the account associated with it and of course your credentials.

You may also like: Should I buy a YubiKey Security Key?

That doesn’t change the fact that you should de-associate any lost YubiKeys with an affected account as soon as you regain access and register a new spare one.

If you planning on buying another one, make sure to take a look at the YubiKey 5C NFC. This is my favorite YubiKey which not only supports the latest USB-C port but also NFC connectivity. With NFC support you will be able to log in to your accounts on your mobile device by simply tapping your NFC antenna.

If you are looking for something smaller, make sure to check the YubiKey 5 Series selection on the Yubico website. The YubiKey 5 Series provides a range of authentication choices including strong two-factor, multi-factor, and passwordless authentication, and seamless touch-to-sign.

Can you have a backup Yubikey?

I bet you have a spare set of keys to your house.

Well, you should treat your Security Key the same way and get a spare YubiKey which you can then use as a backup.

You may also like: Secure Your Coinbase account with YubiKey – A Complete Guide.

Many applications and services allow for multiple Security Keys registration.

The list below is by no means comprehensive, and you have to check your service or the application if they support more than one YubiKey.

You can also check on the Yubico website if the service or an application supports your YubiKey.

Service or application supporting U2F Security Keys.Multiple Security Keys supported?Link to support page.
1PasswordYes – Unlimited.Use U2F Security Key with 1Password
LastPassYes – Up to 5 Security Keys.Use YubiKey Multifactor Authentication.
DashlaneYesUse U2F with Dashlane.
BitwardenYes – Up to 5 Security Keys.Two-Step login via YubiKey.
KeeperYes – Up to 5 Security Keys.Add Security Key.
CoinbaseYes – Up to 5 Security Keys.Using and managing Security Keys.
GoogleYesUse Security Key for 2FA.
MicrosoftYes – Up to 10 Security Keys.Setup Security Key as your verification method.
FacebookYesSetup Security Key
TwitterYesHow to use Two-Factor Authentication.
List of popular services and applications which support multiple YubiKey registrations.

You may also like: How to use YubiKey with NordPass?

If the application or service does not support multiple Security Keys registration, make sure to enable an alternative authentication method that will serve as a backup.

For example, by default, your YubiKey cannot be the only authentication method on your Google account. You can use your YubiKey, but you will also need to set up another alternative way so you can still access your account in case your Security Key is lost or stolen.

Google offers a wide range of Two-Factor Authentication methods, including codes generated by the Google Authenticator app or Microsoft Authenticator, for example.

You can also use the Backup Codes, which you hopefully saved during the initial setup. Another way is to use another device where you have already logged in to generate a one-time security code that you can then use to access the account.

You may also like: Popular Password Managers that Work with YubiKey.

Typically each service or application offers a range of alternative Two-Factor Authentication methods. If you are not sure what they are, visit the support page for more information or ask the customer support service.

By simply canceling the browser request to authenticate using your Security Key, Google will offer an alternative method that you have set.

Google Touch your U2F Security Key dialog
Canceling the dialog box when authenticating using YubiKey.

Press the ‘Try another way’ link once you cancel the request.

Google Two Step Verification - Try another way link
Viewing an alternative Google 2FA method.

Finally, select the alternative Two-Factor Authentication method to access your Google account.

Google account Two Step Verification alternative authentication method.
Alternative Two-Factor Authentication methods for Google account.

I have said earlier that this is a default setup because Google also offers an Advanced Protection Programme, which will allow you to use your YubiKey as a single authentication method, among many other advanced security features.

Google Advanced Protection Programme enrollment link.
Google Advanced Protection Programme enrollment link visible during the initial Security Key setup.

The Advanced Protection Programme has been created for users with high visibility, politicians or celebrities, for example.

Users who can possess sensitive information and have an elevated risk of being a target of a cyber-criminal.

Does YubiKey need to stay plugged in?

You don’t need to have your YubiKey to stay continuously plugged in into your device. Every time you try to log in to the account protected by the Security Key, the browser or the application will ask you to insert or touch the NFC antenna for the authentication process to begin.

Insert your Security Key into the USB port dialog window.
Request to insert the YubiKey into the USB port for the authentication process to begin.

Once logged in, you can safely remove your YubiKey from the USB port.

Where should I keep my Yubikey?

It would be best if you kept your spare YubiKey in a safe but easily accessible place. Use the other Security Key as a daily driver.

I have my YubiKey 5C NFC attached to my car keys if I need to access an account on my mobile phone.

As I have explained earlier, losing your YubiKey can be stressful, but as long as your credentials have not been exposed, there’s no danger that someone will access your accounts.

Make sure, though, to log in to your affected accounts using your second YubiKey and de-associate the lost one.

Once you do this, repurchase a second YubiKey and register with that account, so you don’t have to use an alternative authentication method again when you lose that one too.

My Favorite Software and Hardware.

I appreciate your visit to my blog. I trust that you found the information helpful. To help you further, I'd like to share the software and hardware that I personally use and find valuable. These links are affiliated, meaning that if you make a purchase, I will receive a small commission without any additional cost to you. For more details, please refer to my Disclosure. To be transparent, the software listed is what I have installed on my computer, and the hardware mentioned is what I use to secure my online accounts and store my passwords.

1Password Manager - After three years of use, I can confidently say that 1Password is the best password manager available. Its user-friendly design and robust security features make managing your passwords and personal information a breeze. If you're interested in trying it, head to the 1Password website, where you can start a free trial or take advantage of the latest deals. I assure you, you won't regret switching to 1Password.

YubiKey Security Key - Enhance the security of your digital assets with a hardware authentication device, and I suggest the Yubikey 5C NFC. This is the device I personally use, and it provides additional convenience through its NFC compatibility with your phone. If you're an Apple user, the YubiKey 5Ci is a solid choice and my go-to recommendation.