Home » Two-Step Verification » What if I lose my Yubikey?

What if I lose my Yubikey?

DISCLOSURE: THIS POST MAY CONTAIN AFFILIATE LINKS, MEANING I GET A COMMISSION IF YOU DECIDE TO MAKE A PURCHASE THROUGH MY LINKS, AT NO COST TO YOU. PLEASE READ MY DISCLOSURE FOR MORE INFO.

Table of Contents

I have lost my YubiKey recently, and my heart sank when I realized that I could lose access to my most important accounts. Luckily, that feeling lasted only a few seconds as I knew that I had taken the necessary steps to prevent this from happening.

I follow a few rules every time I secure my accounts with YubiKey or any other form of authentication like 2FA, for example.

These simple rules allow me to access my accounts in the event of losing or damaging my Yubikey or losing access to my Authenticator app, like when I lost my phone with Google Authenticator on it.

To regain access to your account after losing your YubiKey, check if the application or service supports an alternative method of authentication. For example, you can use a code generated by your Google Authenticator app to regain access to your account. Alternatively, you can use your Backup Codes or authenticate via SMS if this is the option you have configured. Once you log in, make sure to de-associate the lost YubiKey and register a new one.

You may also like: Yubico Authenticator vs Google Authenticator.

If all the above has failed, there is a big chance that the service or application you are trying to use offers a credentials recovery method. Contact their customer support service, and be patient. The process may take a while.

Can someone else use your Yubikey?

If you lost your YubiKey, there is a chance that someone will find it and try to use it.

Keep in mind, though, that the Security Key is not enough to log in to your account. Your login and password are also needed.

Most importantly, the person who found your YubiKey will face an almost impossible task to figure out who that YobiKey belonged to, not to mention knowing the account associated with it and of course your credentials.

That doesn’t change the fact that you should de-associate any lost YubiKeys with an affected account as soon as you regain access and register a new spare one.

If you planning on buying another one, make sure to take a look at the YubiKey 5C NFC. This is my favorite YubiKey which not only supports the latest USB-C port but also NFC connectivity. With NFC support you will be able to log in to your accounts on your mobile device by simply tapping your NFC antenna.

If you are looking for something smaller, make sure to check the YubiKey 5 Series selection on the Yubico website. The YubiKey 5 Series provides a range of authentication choices including strong two-factor, multi-factor, and passwordless authentication, and seamless touch-to-sign.

Can you have a backup Yubikey?

I bet you have a spare set of keys to your house.

Well, you should treat your Security Key the same way and get a spare YubiKey which you can then use as a backup.

You may also like: How to use Yubico Authenticator?

Many applications and services allow for multiple Security Keys registration.

The list below is by no means comprehensive, and you have to check your service or the application if they support more than one YubiKey.

You can also check on the Yubico website if the service or an application supports your YubiKey.

Service or application supporting U2F Security Keys.Multiple Security Keys supported?Link to support page.
1PasswordYes – Unlimited.Use U2F Security Key with 1Password
LastPassYes – Up to 5 Security Keys.Use YubiKey Multifactor Authentication.
DashlaneYesUse U2F with Dashlane.
BitwardenYes – Up to 5 Security Keys.Two-Step login via YubiKey.
KeeperYes – Up to 5 Security Keys.Add Security Key.
CoinbaseYes – Up to 5 Security Keys.Using and managing Security Keys.
GoogleYesUse Security Key for 2FA.
MicrosoftYes – Up to 10 Security Keys.Setup Security Key as your verification method.
FacebookYesSetup Security Key
TwitterYesHow to use Two-Factor Authentication.
List of popular services and applications which support multiple YubiKey registrations.

If the application or service does not support multiple Security Keys registration, make sure to enable an alternative authentication method that will serve as a backup.

For example, by default, your YubiKey cannot be the only authentication method on your Google account. You can use your YubiKey, but you will also need to set up another alternative way so you can still access your account in case your Security Key is lost or stolen.

Google offers a wide range of Two-Factor Authentication methods, including codes generated by the Google Authenticator app or Microsoft Authenticator, for example.

You can also use the Backup Codes, which you hopefully saved during the initial setup. Another way is to use another device where you have already logged in to generate a one-time security code that you can then use to access the account.

Typically each service or application offers a range of alternative Two-Factor Authentication methods. If you are not sure what they are, visit the support page for more information or ask the customer support service.

By simply canceling the browser request to authenticate using your Security Key, Google will offer an alternative method that you have set.

Google Touch your U2F Security Key dialog
Canceling the dialog box when authenticating using YubiKey.

Press the ‘Try another way’ link once you cancel the request.

Google Two Step Verification - Try another way link
Viewing an alternative Google 2FA method.

Finally, select the alternative Two-Factor Authentication method to access your Google account.

Google account Two Step Verification alternative authentication method.
Alternative Two-Factor Authentication methods for Google account.

I have said earlier that this is a default setup because Google also offers an Advanced Protection Programme, which will allow you to use your YubiKey as a single authentication method, among many other advanced security features.

Google Advanced Protection Programme enrollment link.
Google Advanced Protection Programme enrollment link visible during the initial Security Key setup.

The Advanced Protection Programme has been created for users with high visibility, politicians or celebrities, for example.

Users who can possess sensitive information and have an elevated risk of being a target of a cyber-criminal.

Does YubiKey need to stay plugged in?

You don’t need to have your YubiKey to stay continuously plugged in into your device. Every time you try to log in to the account protected by the Security Key, the browser or the application will ask you to insert or touch the NFC antenna for the authentication process to begin.

Insert your Security Key into the USB port dialog window.
Request to insert the YubiKey into the USB port for the authentication process to begin.

Once logged in, you can safely remove your YubiKey from the USB port.

Where should I keep my Yubikey?

It would be best if you kept your spare YubiKey in a safe but easily accessible place. Use the other Security Key as a daily driver.

I have my YubiKey 5C NFC attached to my car keys if I need to access an account on my mobile phone.

As I have explained earlier, losing your YubiKey can be stressful, but as long as your credentials have not been exposed, there’s no danger that someone will access your accounts.

Make sure, though, to log in to your affected accounts using your second YubiKey and de-associate the lost one.

Once you do this, repurchase a second YubiKey and register with that account, so you don’t have to use an alternative authentication method again when you lose that one too.

My Favorite Software and Hardware.

Thank you for reading this article. I hope you found it helpful. Here is the list of the software and hardware I am personally using, which I believe you may also find useful. These are affiliate links, so if you decide to use any of them, I will earn a small commission at no extra cost to you. But in all honesty, this is the exact software I have installed on my computer and the hardware I have been using to secure my online accounts or store my passwords.

1Password Password Manager - I have been using 1Password for the past two years, and in my opinion, it is the best Password Manager yet. You can try 1Password for free or check the latest deals on the 1Password website.

Yubikey 5C NFC - This is a hardware authentication device that you can use to protect your online accounts or even computers. If you are thinking of getting one, I will highly recommend Yubikey 5C NFC, which, thanks to the NFC, can also be used with your phone.

Bitdefender Total Security - I had tried other Anti-Virus software whenever my Bitdefender license was about to expire. However, at the end of the day, this is still my favorite Anti-Virus. You can check the latest offers on the Bitdefender site.

NordVPN - If you are looking for some privacy when browsing the web, NordVPN will have you covered. Save 72% now with a 2-year planvisit the NordVPN website for more details.

Malwarebytes - It will defend you against harmful websites and remove any malware from your computer. Make sure to check the latest offers on the Malwarebytes website.