Yubico - Security Key NFC - Basic Compatibility - Multi-factor authentication (MFA) Security Key, Connect via USB-A or NFC, FIDO Certified

Works fine. Makes online login secure. Need a couple of backups, because if something goes wrong, you'll be locked out of your account!

Saved me from having to upload new software which saved lots of money! Easy to use!

Side note - I use the open-source BitWarden password manager, which supports Yubikeys. BitWarden is free on multiple devices like PC, Mac, Linux, and your smartphone - for some of the bells and whistles like supporting a YubiKey you have to upgrade to their $10 a year plan, totally reasonable and you should support this company, they are great and my favorite password manager. Now - on to the Yubikey itself. One of the great selling points is that you cannot log on to services that support Yubikey (e.g. your bank, Facebook, Twitter, etc.) if you do not have physical possession of the Yubikey. If someone happened to obtain your User ID and password somehow, they still wouldn't be able to log in thanks to the Yubikey, so that is peace of mind. Speaking of peace of mind, do yourself a favor and buy 2 because you're going to want to store the backup key somewhere safe and easily accessible in case you ever lose your primary key. It is not technically necessary, but it would be an extra hassle to try and prove to the bank or other service that you are the actual client because you won't be able to log in without the key, so there is no easy password reset that you might be used to. Each company has different procedures if you have to call them if you lost your only Yubikey, for all they know you might be a leet hacker trying to social engineer them, so having the backup key gives peace of mind and you can avoid that problem if you are prone to losing things. In a digital world filled with passwords as long as the Great Wall and security measures more complicated than a Rubik's Cube, finding a solution that balances convenience and protection is a quest worthy of a tech-savvy knight. Enter the YubiKey 5 NFC – a pocket-sized guardian that brings a touch of magic to the realm of online security. At first glance, the YubiKey 5 NFC may seem like a humble USB stick, but beneath its unassuming exterior lies a treasure trove of security features that would make even the most paranoid IT guru grin like a Cheshire cat. With support for a myriad of authentication protocols, including FIDO U2F and FIDO2, OTP, PIV, and smart card, this little key unlocks a world of possibilities for safeguarding your digital kingdom. But what truly sets the YubiKey 5 NFC apart from its peers is its Near Field Communication (NFC) capabilities. With a wave of your hand (or a tap of your phone), you can seamlessly authenticate with your YubiKey using compatible mobile devices, turning your smartphone into a digital Excalibur that vanquishes would-be hackers with ease. Setting up the YubiKey 5 NFC is as simple as pie – even for those whose tech skills are as rusty as an ancient server rack. Just plug it into a USB port or tap it against your NFC-enabled device, follow the prompts to register it with your accounts, and voila! You're one step closer to digital invincibility. The YubiKey 5 NFC is a game-changer in the world of online security – a trusty sidekick for the modern-day digital hero. So, whether you're a code-slinging developer, a data-wrangling sysadmin, or just someone who wants to keep their online accounts safe and sound, the YubiKey 5 NFC is here to save the day (and your passwords). Final note - regular 2FA (two-factor authentication) of the type that sends you a text message with a ~6-digit code can be compromised by "SIM jacking" i.e. a hacker calls and socially engineers your cell phone plan provider like T-Mobile, AT&T, etc., and convinces them that the hacker is you, and you want to transfer your cell service to a new SIM card because you lost yours. The cell providers don't always do a great job in this situation and have been known to transfer your account to the hacker and their SIM card. I guess you would have to be a high-value target for something like this to happen, but it's good to know that the Yubikey protects you from this type of attack and has your back.

While this key is cheaper, its functionality is slightly limited in comparison to some other Yubikey models. I didn't realize this at the time, and got a bit lost in all the product reviews and comparisons. This one serves as a second factor authentication method for many popular websites, but does not support the Yubikey Authenticator app. I'm keeping it anyways, because it serves my main objective, but I can't help but be a bit disappointed that for a little more money I could have added a bunch more features. It's also a bit confusing to get started, but the Yubico tech support responded to my question within a couple hours, which was nice.

Works great!

There are other more exquisite models of Yubikeys (eg. Yubikey 5, Yubikey FIPS) along with different sizes of each model, however this basic Yubikey (Model) Security is all most people will ever need. The "Yubikey Security" includes basic FIDO/WebAuth, for verifying your identity with many popular Internet sites when using Two Factor Authentication (2FA). The "Yubikey 5" is more so for those (likely tech savy guys) using PGP/GNUPG on a daily basis, such as signing Emails or source code commits. Includes OpenPGP (GNUPG) and SSH key support, as well as some other exquisite authentication methods. Most documentation workflows mandate destructively moving/copying the keys to your (USB) security device token (Yubikey 5), with PGP/SSH keys are primarily contained on the security device token with only stub key files remaining on the computer. If you're a user simplifying your security routine rather than complicating your security workflow, probably not wise with the existing paranoid coded tools or workflow! The "Yubikey FIPS" is likely only for actively employed Government employees requiring Federal Information Processing standards (FIPS). Certainly, as of this date July 2024, does not include civilians logging into the basic Federal Internet sites for receiving benefits; and likely will never include civilians. FIDO/WebAuth is primarily used with external security device tokens, such as Yubikey. FIPS likely requires key extraction/copying from official Government keys, and likely requires the assistance of the system's administrator... a task not for the "faint of heart", even for seasons computer programmers. YUBIKEY SECURITY PROS 1) It is a larger key, unlike the nano sized USB keys, so users can visibly see their key is still attached and can remove the key when not in use. 2) Basic FIDO/FIDO2/WebAuth security, can greatly simplify most Internet sites using pain in the butt Two Factor Authentication. (eg. Google, ...) 3) More feasible $20-25 each, rather than greater than $50 for each for more exquisite Yubikey 5 models. 4) Key is in a form factor much smaller than the credit card sized security device tokens. CONS 1) If kicked, knocked or dropped, the larger keys can likely break or break USB ports. 2) Most banks still do not make use of external security device tokens (eg. FIDO2, WebAuth, ...), such as the Yubikey Security USB key. 3) Only one form factor, large basic and very visible. (eg. No nano sized USB keys for Yubikey Security.)

After reading that even with 2-factor authentication [2FA] or one-time password [OTP] cyberthieves can gain access to your online accounts through a sim swap I thought I should get a physical security key. This little device stores information and generates one-time numbers for you to log in to a site, but you have to register it once, for each online account you use. A bit of online search suggested Yubikey 5 as an affordable, dependable and easy-to-use physical key. One was advised to buy two, with one as a back-up: if you lose one, you still have a second one. After the two keys arrived I tried it out. The first challenge: the key needs a USB-C port for connection to a laptop. My laptop has two USB-C ports. One is used for power, the other for the mouse receiver. So I bought a USB-C splitter. I should have checked online – I found out you can’t plug the power USB-C connection into a splitter [it does not charge], and the Yubikey is not recognized when sharing a spitter with the mouse receiver. However the biggest drawback is that mainstream financial institutions are not set up for use of a security key. One bank uses a security token [which is not the same as a security key], another only goes for two-factor authentication. Basically the only two common online sites for me were Microsoft and Google. Even that was not simple. When you plug the Yubikey into a working USB-C port, you apparently need to set up a pin but if that already exists or if you need to set up a new one is unclear. There is no ‘easy set-up’ or’ set-up for dummies’-something really simple that guides you through a Yubikey set-up even for Microsoft. The Yubikey instructions consist of a 130 page PDF filled with jargon. You apparently have to go into your computer’s Microsoft account settings to include a security key. Also did you know that for Google your pin [4 numbers] is not the same as your Google password? I locked myself out from including the Yubikey on the Google account because I could not understand what the pin was Google was asking for. In addition, I don’t think a security key solves the problem of a sim swap for the average person. Although you could use it to log into Gmail or Microsoft [provided you got that going] on your cell phone using near-field communication [NFC], people don’t usually log in to those accounts separately anyway on a cell phone. Once the phone is off the lock screen, most apps are ready to go without additional authentication. Maybe I am less smart than the average person but in the end, my two Yubikeys and the USB-C splitter will end up on the electronics trash pile.

This is a good security key if you just need a base key. There are more expensive ones with more features, but this does what you need.