YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key
This USB thumb drive is one serious and secure business tool
Looking for a quick, easy, and affordable way to protect your Google account, Facebook, GitHub, Dropbox, Salesforce admin account (and much more)? Or maybe you’re looking for a way to harden your Mac or Windows login credentials.
Take a look at the YubiKey.
YubiKey is a small authentication key manufactured by Yubico that can be used to secure access to a wide range of applications, including remote access and VPN, password managers, computer login, FIDO U2F login (Gmail, GitHub, Dropbox, etc.) content management systems, popular online services, and much more.
YubiKey gives you a way to activate two-factor authentication on your accounts, but without having to mess about with text messages or third-party authenticator apps. You just plug the YubiKey into a USB port, tap the metal button, and you’re authenticated. You still need the correct username and password, but the key gives you the second-step authentication and added security.
The wide range of support makes YubiKey a great choice for personal use, business, enterprise, or even developers.
Physically, the YubiKey looks like a small USB flash drive (with different versions for USB-A and USB-C), and there is a version that also incorporates NFC. The keys range in price from $20 for the basic FIDO U2F key (which will work with online services that support FIDO U2F, including Facebook and Google), to $50 for keys that also feature strong crypto, touch-to-sign, plus one-time-password, NFC, and smart card capability.
The keys are robust, and seem to live up to the promise of being waterproof and crushproof — I’ve had one on my keys and another on a chain around my neck for more than a year now, and while both look well worn, they both work fine. The one I wear around my neck (the one in the center in the image below, flanked by a new YubiKey Security Key on the left, and a new NFC-enabled YubiKey NEO on the right) has had a very hard life — prolonged exposure to sunlight, sweat, seawater, mud, oil, and chemicals such as sunblock — and yet still cleans up well and works perfectly.
A chart detailing the available keys along with their specific functionality can be found here.
Now, rather than outlining how you protect your accounts with YubiKey (the instructions on the Yubico website are detailed and will guide you through the myriad different services you can secure with your YubiKey more efficiently than I can) I’m going to look at the pros and cons of that I’ve come across over the past months.
- Cheap (with prices starting at $20)
- Far less hassle than using text messages or a third-party authenticator app, and speeds up logging into accounts on new devices
- The keys don’t require recharging or battery changes
- Without your username and password, even if it is stolen, it’s useless to a third-party
- Easy to use (if you can figure out two-factor authentication, you can figure out how to use YubiKeys, and if you get stuck, there are some good instructions available to guide you)
- Keys are incredibly robust and totally waterproof (one of mine lives on my keyring and gets bashed about a lot, the other I wear around my neck on a chain most of the time)
- Pretty indistinguishable from USB flash drives so the keys don’t attract unwanted attention
- Scalable (customization tools and custom programming options available for business)
- Support for Open PGP encryption and code signing
- Offers an easy way to secure Windows, Mac, or Linux systems
- Ideally, you need two keys in case one gets lost, stolen, or damaged in some way.
- Not all browsers support U2F so you must be running Google Chrome version 38 or later, or Opera version 40 or later (this is not a YubiKey limitation, but rather a FIDO U2F limitation)
- There are big gaps in services that support FIDO U2F (for example, no support for Yahoo!, PayPal, banks, and so on — come on folks, get your act together!)
- Some of the documentation can be a little intimidating at first