Yubico YubiKey 5 Nano – Two Factor Authentication USB

Yubico YubiKey 5 Nano – Two Factor Authentication USB Security Key, Fits USB-A Ports – Protect Your Online Accounts with More Than a Password, FIDO Certified USB Password Key, Extra Compact Size


yubikey 5 series

Key features

Hardware security key The strongest form of two-factor authentication (2FA).
Securely manufactured Made in Sweden and USA and packaged in tamper-evident, safety sealed packaging.
Asymmetric cryptography Uses public and private key cryptography.
Yubico OTP Simple & strong authentication mechanism that works with Yubico Authenticator.
Durable (IP68 rated) Injection molded, crush resistant and water resistant body.
Configurable Easily configure multiple protocols across computers, networks, apps and services.
Multi-protocol WebAuthn, FIDO2, FIDO U2F, smart card (PIV), Yubico OTP, OpenPGP, OATH-TOTP.
Password managers Increase the security of your password manager with the support of a YubiKey.

Highlights

yubikey 5 nanoyubikey 5 nanomicrosoft, google, dropbox, apple, salesforce, duocryptocurrency coinbase binance kraken evercoin blockchain.com bitfinexyubikey 5 nanoyubikey 5 nanohealthcareenergy

Finance

Packed with modern cryptography and security protocols, YubiKey secures banks, employees, and their customers’ accounts.

Healthcare

The healthcare industry and other regulated industries use YubiKeys to secure accounts and IT infrastructure in Cerner and other EHR technologies.

Developers

Developers keeps their projects safe with the FIDO2 protection in YubiKey 5 – the only security key endorsed by GitHub.

Energy

The energy sector uses YubiKey 5 to secure authentication for applications, data, and infrastructure to withstand cyber threats.

Technical specifications

Connector USB-A
NFC-enabled No
GTIN 5060408461457
Authentication methods Passwordless, strong two factor, strong multi-factor
Design & durability Water resistant, crush resistant, no batteries required, no moving parts
Device type FIDO HID Device, CCID Smart Card, HID Keyboard
Manufacturing Made in Sweden and USA


Dimensions: 1.3 x 1.19 x 0.3 cm; 5 Grams
Model: Y-240_SML
Manufacture: Yubico
Dimensions: 1.3 x 1.19 x 0.3 cm; 5 Grams

77 Responses

  1. Anonymous says:

     United Kingdom

    Golden Review Award: 4 From Our UsersThis little key is must have this days to keep all your accounts secured against hackers.
    – Easy to setup
    – Small form factor so easy to carry anywhere
    – Works flawlessly with NFC on mobile devices
    – Supported by tons of applications

  2. Anonymous says:

     United Kingdom

    The openPGP interface is fantastic. It works very well with it being impossible to extract the private key from the card, it’s PIN protected and the card is wiped if you get it wrong.
    Key can be used for 2FA but it’s worth it just for OpenPGP.

  3. Mackenzie Frazier says:

     United Kingdom

    Golden Review Award: 2 From Our UsersPassword managers, face and fingerprint authentication became “must have” to protect devices, accounts and applications. Yubico adds an important protection layer. It took me less than a minute to add to my primary account. I am going to order a second one, following the best practices.

  4. Anonymous says:

     United Kingdom 🇬🇧

    Great extra layer of security to manage all your password. Very easy to setup up and easy to manage all your passwords. I do like the fact to link a cold device to validate important and sensitive accounts. I do recommend it.

  5. Anonymous says:

     United Kingdom 🇬🇧

    Is pretty good. Was hard to set up though (I did read the instructions on the back of the project packaging)
    But overall good value of security and decent price.

    The yubikey(great product)

  6. Kelly Hendricks says:

     United Kingdom 🇬🇧

    I am really pleased with my YubiKey and now my Bitwarden, Google, Microsoft and Tutanota accounts are protected.

    I also wanted to secure my Facebook, Insta, EBay and Reddit accounts. Until I discovered that I would also have to download an authentication App to use along side my Yubikey. I did try to use the Yubikey app but I am not tech savvy and was scared I would be locked out of my account.

  7. JonnaT94upaeyii says:

     United Kingdom 🇬🇧

    The idea behind a security key is a solid idea. To access an account you activate 2FA, enroll your security key and any future logins require your username, password and security key (or backup key). However upon purchasing two keys, I soon discovered that not that many sites allow the use of a security key.
    I have used 2FA for a few years now. Most sites offer the ability to use an Authenticator app like Authy or Duo. However, some either only allow 2FA via an SMS or the SMS is the ONLY backup option. If you’re here and reading this, you probably already know that this is a security flaw or vulnerability.
    Herein lies the problem with security keys. Firstly, not that many sites allow the use of security keys. The list on Yubico’s website include sites that use the Yubico authenticator app. Granted, the Yubico authenticator app is pretty decent and does allow tokens using your Yubico Yubikey but the fact you have to use an authenticator app is defeating the purpose.
    Secondly, some sites force you to sign up to SMS 2FA backup or download backup codes. I would prefer to avoid both of these methods, hence why I paid for TWO security keys. Personally I would rather use an Authenticator app than SMS codes but I’d rather not use either.
    Summary; I fully understand that this is out of Yubico’s hands. The 2FA security services websites offer, including authenticator apps or SMS codes, is the choice of the website. Whether it’s convenience, ease of use for the end user, or not caring about their users security. Yubico’s hands are tied. Having said that, they aren’t very transparent about that information. Maybe it’s my fault, maybe I should have researched more.
    To close. The Yubico Yubikey is a fantastic piece of idea and security assurance. The Yubico Authenticator app is decent and works well. It’s just all let down by lazy non-caring websites. Including Amazon and PayPal.

  8. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 2 From Our UsersThe idea behind a security key is a solid idea. To access an account you activate 2FA, enroll your security key and any future logins require your username, password and security key (or backup key). However upon purchasing two keys, I soon discovered that not that many sites allow the use of a security key.
    I have used 2FA for a few years now. Most sites offer the ability to use an Authenticator app like Authy or Duo. However, some either only allow 2FA via an SMS or the SMS is the ONLY backup option. If you’re here and reading this, you probably already know that this is a security flaw or vulnerability.
    Herein lies the problem with security keys. Firstly, not that many sites allow the use of security keys. The list on Yubico’s website include sites that use the Yubico authenticator app. Granted, the Yubico authenticator app is pretty decent and does allow tokens using your Yubico Yubikey but the fact you have to use an authenticator app is defeating the purpose.
    Secondly, some sites force you to sign up to SMS 2FA backup or download backup codes. I would prefer to avoid both of these methods, hence why I paid for TWO security keys. Personally I would rather use an Authenticator app than SMS codes but I’d rather not use either.
    Summary; I fully understand that this is out of Yubico’s hands. The 2FA security services websites offer, including authenticator apps or SMS codes, is the choice of the website. Whether it’s convenience, ease of use for the end user, or not caring about their users security. Yubico’s hands are tied. Having said that, they aren’t very transparent about that information. Maybe it’s my fault, maybe I should have researched more.
    To close. The Yubico Yubikey is a fantastic piece of idea and security assurance. The Yubico Authenticator app is decent and works well. It’s just all let down by lazy non-caring websites. Including Amazon and PayPal.

  9. Anonymous says:

     United Kingdom 🇬🇧

    The small tabs on the side light up when inserted you push them to authenticate the device

  10. GeorgettaIqbal says:

     United Kingdom 🇬🇧

    It’s quite brilliant, I love the concept, since it’s a physical USB it’s never gonna be hacked as it requires a physical touch and it’s interesting to learn about the new technology involved, I’ve secured my Google and Binance. Granted it doesn’t work for free on every service. BitWarden charge a subscription to open the feature for example, not all websites offer YubiKey protection as well, but those 2 are important to me. Adds another layer of security to 2FA and account recovery options. I won’t lose it because it doesn’t leave my room, it has key chain hole if you do want to travel with it, I haven’t needed to, but a professional employee might find it useful to have 2 instead of 1, for the workplace, also it could benefit from wider adoption to even securely login to devices without an onscreen password, like a key card type function, keeping the USB as it is so stolen hard drives, USB sticks and laptops prove useless to physical thieves and set option to lockout for some time or data wipe if wrong YubiKey is used, a little bit pricey but I think the technology has a lot more scope and potential than just Internet accounts to protect from physical theft and sale of stolen devices as well. It lives up to the hype imo well worth it. I’m glad to have it.

  11. Anonymous says:

     United Kingdom 🇬🇧

    I bought this as I was looking to test out FIDO2 authentication.

    For all things considered the unit works great and whilst it is dependent on the services you use supporting it the key itself is very robust and even has some extra features where it can be used to unlock a TOTP app for iOS and Android.

    The app element itself could use some work however it is a nice added extra.

    Would definitely recommend if you need a FIDO2 key

  12. LucaFerrell says:

     United Kingdom 🇬🇧

    This is a really simple but effective security key that does the job that is expected. However, due to not many companies currently supporting 2FC Security Keys it can not meet it’s full usefulness. The company, Yubico, has made a workaround via an Authenticator app which allows you so store and access 2FC security codes which ca be unlocked by using the key.

    Currently, this is a better to have to future proof your accounts.

  13. PansyHoadfjn says:

     United Kingdom 🇬🇧

    After a dodgy encounter with a scammed online, i decided to beef up my security. Its comforting to know that my yubikey is the only way to access all my data now. The product arrives quickly and works exactly as intended. I just wish my laptop had NFC!

  14. Anonymous says:

     United Kingdom 🇬🇧

    I picked up a couple for some additional security, one for daily use and a backup sync’d to all the same accounts which is kept in another location just in case the daily one is lost, broken or the house burns down.

    The software was easy to install on Win10, Linux and Android, the authenticator app is easy to use after a quick bit of research.
    So far I’ve been able to integrate them with my password manager, mail accounts, hosting accounts, some accounts that allow 3rd party authenticators and some servers I SSH into.

    Super impressed with how easy it was, just wish my banks would catch up and allow them over SMS messages.

  15. OtiliaHeyer says:

     United Kingdom

    The only problem with this solution is that you need redundancy and backups, 3 Is the way to go, i would like to see the price more in line with the competition as you are paying a premium which is not justified.

  16. Anonymous says:

     United Kingdom

    A short while of working out how to use this and the app with my computer and phones has rewarded me with some peace of mind. Having been told by an app to check if my email had been compromised I was told the password was available online. I changed the password and bought this. Now i have no fear of my email being stolen, 2 factor authentification means having my password is the easy part. Now even my amazon account is protected with this device. Being bluetooth version when asked i just touch it up to my phones or can plug it into a usb on my compute

  17. Anonymous says:

     United Kingdom 🇬🇧

    Works very well, delivers an additional level of security which gives peace of mind.

  18. M. Lance Lusk says:

     United Kingdom 🇬🇧

    Its a really good implementation of a 2fa bit of kit, I’d be lost without it, always on my keyring I am only replacing my last one as I lost my keyring it was on.

  19. StewartDrummond says:

     United Kingdom 🇬🇧

    I bought this as I needed this for my password manager for 2FA. It is fine and works correctly. But there are not too many companies that allow you to use a security key so this is a little expensive.The main problem I have is with the PC which is windows 11. It will only work if you change you account to a local rather than miscrosoft account. Hopefully, in future, more companies will allow you to use security keys for 2FA (especially the banks!)

  20. Anonymous says:

     United Kingdom

    I have a few of these, but this one sits in my Mac constantly. There’s a real peace of mind that comes with using a device like this as it completely locks down the account that you are using with it, in my case I use it with a number of different services, the main one being BitWarden where I store my passwords.

    I’ve not had any issues with the device, you touch it and it types the OTP as if you’d entered it yourself.

    Well worth the money, especially this USB-C version if you’re a laptop user.

    Works well

  21. Elisha65Youo says:

     United Kingdom 🇬🇧

    Works great for USB. I use it for Windows logon and for Yubico Authenticator app for sites that have OTP codes. It’s also supported by Lastpass and Google.

    Of course, you’ll probably want to get two of these as a backup in case you lose one. I have one permanently at home and the other on my keyring for mobile/laptop use when out and about.

    The one slight drawback as by design, many sites that support 2FA, only allow you to register one code.
    Ideally, you would register separately for each Yubikey, rather than having to set up the same on both Yubikeys at the same time, this way, if a Yubikey is lost, you can revoke the 2FA only for the lost key.

    One small drawback is you’ll need both Yubikeys to hand every time you set up or remove a 2FA, to update both, as may sites/apps don’t let you see the QR code again once it’s been set up.

    This is perhaps offset by the useful ability to plug the Yubikey into any device, securely use your 2FA/auth, and then unplug it, rather than having to set it all up again for every device.

    It takes a bit of time to set up and get used to, but you’ll be in a much more secure once it’s done.

    The NFC feature never worked on my Huawei/Honor Play phone, despite all sorts of fiddling around with the NFC settings, so I had to use an adapter to USBC to use the YubiKey with this phone, but I just upgraded to a Google Pixel 6 and it works pretty well once you get the technique of how to hold it behind the phone. (doesn’t need to physically make contact, just hold quite close to the back)

    I haven’t got SSH/PGP working with it yet as this seems quite complicated to do on Windows and the documentation is somewhat lacking in this area.

  22. JackieIKJG says:

     United Kingdom 🇬🇧

    I bought this for my mum who has no mobile signal at home. Many sites now require 2fa normally using OTP via SMS. This device allows her to authenticate without SMS OTP.

  23. LaurelSymes says:

     United Kingdom 🇬🇧

    This small USB C Yubikey is awesome, perfect to take your 2 factor offline improving your security many times over. Pretty much stops the possibility of being able to be hacked if you get sim swapped. You can have a password on it as well. The issue I have is with the price especially because you pretty much have to buy 2 in case you lose or damage one. Overall. I won’t go back to using a phone authenticator and I don’t really use the touch log in feature because it doesn’t work with everthing. You have to download the yubico authenticator app and physically plug in the yubi key to your phone and type an optional password in before your 2 factor codes will appear in the app. You have to also redo all your 2 factor codes with all your logins on both ubikeys which it pretty easy using QR codes on all your online accounts. Overall again, this is a great product to protect your accounts online but they price should be lower.

  24. Anonymous says:

     United Kingdom

    Works great for extra security, and easy to use just stick it in and touch it!

  25. Sara Kay says:

     United Kingdom 🇬🇧

    So good I purchased two. Mainly as a backup if I lost the first one as I’ve managed to set it up as a mandatory requirement to a) login to my Windows desktop computer and b) decrypt my hard disks with a certificate stored it using Windows bitlocker.

  26. KathaleRaymond says:

     United Kingdom

    So easy set up and to use and I am really happy I have a second layer of protectio

  27. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 2 From Our UsersGoogle issued all their staff with this hardware key and it 100 % stopped phishing attacks among their staff. They make there own now called the Titan key (I think) This Yubikey is great and I have peace of mind knowing my accounts are secured with it
    I don’t understand some of the poor reviews, I can only imagine that some people may not know how to use it properly

  28. Anonymous says:

     United Kingdom

    Not a lot to say. Needed for my bank account and it works. Expensive but I thought it was worth getting the best.

  29. IngeborOHara says:

     United Kingdom 🇬🇧

    I like how the yubikey has allowed me to use more security features to login into many of my usually visited websites

  30. SibylLanexet says:

     United Kingdom

    This thing is tiny – very easy to use – a must have if you want to lock down your google. window, twitter etc etc account – as good as using 2FA authentication apps –

  31. DominicChamberl says:

     United Kingdom

    This thing is tiny – very easy to use – a must have if you want to lock down your google. window, twitter etc etc account – as good as using 2FA authentication apps –

  32. MichelleMadigan says:

     United Kingdom

    Really easy to set up, Yubico website has a lot of information to help. Little hole on the USB stick makes it easy to attach to a chain or lanyard to carry with you.

    Easy Account Protection!

  33. GennieGilbreath says:

     United Kingdom 🇬🇧

    Works well with browsers and LastPass. Solid construction and while its expensive, gives another reliable multifactor option. Just needs to be half the price…

  34. WilliamStawell says:

     United Kingdom 🇬🇧

    Golden Review Award: 11 From Our UsersI think some of the 1 and 2 star reviewers need to take more time to understand exactly what it is they’re buying.

    Firstly, it’s a MULTI-FACTOR device, it’s not supposed to replace passwords (yet), hence the term MULTI-FACTOR, there are MULTIPLE FACTORS to your login procedure, the first one being your username and password, the second being this key.

    Secondly, it doesn’t type out your password on screen, it types a cryptographically-calculated string which changes each time and is specific to the hardware key itself. The interaction of touching the device is in place to work with your chosen software when it prompts for a U2F device, where you need to press the key to activate it. This is to stop automated log ins when the key is connected, it requires a human to physically activate it. Pressing the key at any other time will output a meaningless code onto your computer, which means nothing to unconfigured software, so this is not a security risk.

    Thirdly, not all services support hardware keys yet. New hardware and software takes a VERY long time to be supported by all platforms and always starts with the biggest (Google, Microsoft, Amazon, Facebook, etc). You should check that the services you want to use this for actually support hardware keys.

    Lastly, this is supposed to be small. If you’re complaining about it’s size when there are other options available like the standard Yubikey 5 or Yubikey 5C, then that’s your problem not the product’s. This is supposed to be a static key that can be removed if necessary, such as for a personal laptop, and should be used in conjunction with another 2FA method as a fallback e.g. mobile authenticator app.

    This is a great product that does the job it’s designed for. It’s working well with Yubico Windows login software and a number of online accounts.

  35. Attila Tomaschek says:

     United Kingdom

    Golden Review Award: 3 From Our UsersIf you know what it is you don’t need to hear me going on about it, Amazon was the best place to purchase as Yubico dispatch from EU so buying from Amazon avoided delays which may have been caused by customs checks etc

  36. EmilioO36chv says:

     United Kingdom 🇬🇧

    It is as you would expect. Does exactly what they tell you it does. Excellent.

  37. AidaMonson says:

     United Kingdom 🇬🇧

    Great for password safes, just don’t lose it.. my is attached to my keys, hopefully I don’t lose those!

  38. KathrynNicastro says:

     United Kingdom 🇬🇧

    If you want to use this on the iPhone (mine is a 12) it works absolutely great. I originally had the older blue security key but had to send that back as the NFC would not work on the iPhone. This Yubico 5 was a breeze to set up and works flawlessly on NFC on the iPhone. Great level of extra security for the major password managers

  39. Anonymous says:

     United Kingdom

    So ill start this by saying the yubikey is fine and super easy to set up and works exactly as intended.

    The issue i have and something iPhone users should be aware of is the usual Apple restricting certain access which can mess up your workflow

    I got this mainly to increase the security on of my password manager vault. The set up of that was easy and works perfectly on mac and pc with my browser.

    For iOS i want to use autofill but have it periodically require yubikey auth. This is a feature that is restricted in iOS the password manager works perfectly with yubikey but autofill doesnt work. The work arounds are all a ballache so i have set it to just lock and require master password.

    This obviously makes the yubikey a bit pointless for my use case

    As i say the product is perfectly good but wanted to let others know of a feature that isnt currently workable

  40. Anonymous says:

     United Kingdom

    Golden Review Award: 2 From Our UsersTake your personal online security to another level with a hardware encryption key – even if your passwords are compromised, this key still locks intruders out.
    Unfortunately the concepts are a bit mysterious to the average user as there is no discussion in the vendors site about the different types of protection this device can offer (FIDO2/U2F, etc) or how they differ.
    Even if you only use it to replace Google Authenticator it’s an improvement as it takes the keys off your phone and onto this device, meaning it’s no longer such a nuisance to swap phones.
    Do some research before you take the dive, and then you will be more likely to make best use of this.
    Warning – does not work with iPad, but works great with Android via NFC, touch the key to the back of your phone to activate.

  41. Anonymous says:

     United Kingdom 🇬🇧

    I purchased one of these to test out increasing the security for all of my online accounts. After checking out many Youtube videos and writeups, Yubikey seemed like as good a product as many and slightly better as they were one of the leaders in creating this technology. I would say that is fairly easy to set up if you have a little computer skill although not so simple that you could give it to someone as a gift and expect them to thank you 😉
    The software that you need to enable using it (a bit like the google authenticator app) works well and better than the app because it auto copies the generated code to your clipboard so you can paste it without mucking about. However the separate software needed for altering the settings on the Yubikey is quite old and feels neglected. One big caveat as mentioned in the title, once you have locked up your data using this key, if it ever gets lost, destroyed or stolen, you will be locked out for good! (If you have done it properly 🙂 so always get a second key and once they are cloned, store that in a secure place physically distant from the main one. That way if the unexpected happens, you can get your life back on track.

  42. Anonymous says:

     United Kingdom

    This little device pushes all my buttons. OTP? check. Auth? Check. 4096-bit GPG private key? *excited shudder* check.
    Imagine teenages with real hentai girls. That’s what it is like for us ultra paranoid security nerds.

    If you are looking at this item, why havent you bought it yet?

  43. Anonymous says:

     United Kingdom 🇬🇧

    It ideally (if not really) needs to be run on a (mains) powered USB 3.0 hub, otherwise it wouldn’t (really) have enough power it requires in order to detect your finger (if not other things it does internally as well inside the nanochip, beneath the gold-colour-coated USB interface surface), bearing in mind that the YubiKey is a ‘Nanocomputer’ of its own.

  44. AdolfoMarden says:

     United Kingdom 🇬🇧

    I didn’t and assumed that the USB-C compatibility would work with my iPad Pro 2018 but it doesn’t! Likewise with the 5Ci (lighting & USB-C connectivity) so if you REQUIRE a Yubikey to work with a USB-C iPad then this isn’t it (I don’t think there even is one but haven’t checked exhaustively).

    It seems to be working well on my 2018 MacBook Pro though so far.

  45. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 2 From Our UsersA must have for securing your digital life. Not the easiest to get set up, but one email to yubikey customer service and I was all set. Recommended for anyone who cares about their online security.

  46. jean says:

     United Kingdom 🇬🇧

    Golden Review Award: 69 From Our UsersI’m a technologist and consider myself far more technically capable than the average consumer. Before purchasing this, in my mind, I thought I could use it for everything and simply tap the button when logging into anything I wanted. This is but a dream that may never materialise because it requires various parties to standardise authentication flows and practices. I’ve listed a few use-cases below and how they work in the real world;

    WINDOWS 10 LOGIN – You can add several Yubikeys which is nice. You still have to type in your Windows username and password, if an enrolled Yubikey is not present in one of your USB ports, Windows 10 won’t log you in (which is cool). However, it only works with local accounts, not domain accounts or Microsoft ID. So if you login to your laptop or PC with your Microsoft Account (email address) then you’ll have to convert your account to local (which is actually really easy and it just means your wallpaper and stuff won’t sync to other Windows 10 machines). Secondly, you’ll need to install the Yubico Login Configuration tool to set this up.

    AMAZON SHOPPING/PRIME – You can add several Yubikeys which is great but you can’t just login by having the key plugged into a USB port and touching the button. You still put in your credentials and then use the MFA code from the Yubico MFA app (which lists the codes associated with your key). So basically, I ditched the Microsoft Authenticator app, the Google Auth App and another one I was using, installed the Yubico auth app and enrolled MFA again for my critical apps and services.

    PAYPAL – You can only add one MFA method at a time and have Mobile SMS as a backup. So you have a choice, risk a single Yubikey and if you loose it, you’re stuck. Or, use a weak mobile secondary text message service as a recovery option! – Bit pointless in my opinion!

    LINKEDIN – You can only have one MFA method – Again, single Yubikey and it’s not a case of plugging it in/tapping it on your phone via NFC. You still have to enter your creds, unless auto-saved/populated by the app or device or browser and then copy the MFA code from the Yubico MFA app (desktop or mobile).

    FACEBOOK – The most accommodating and best experience, second only to Windows 10. You can several keys and it’s just a touch to login. You must have an MFA auth app setup as a backup which can be anything, but as I was using the Yubico MFA app I just used that for FB too. You’re not force to use a weaker mobile SMS as a backup/recovery option and you’re not asked for creds all the time.

    RECOMMENDATION – Use in conjunction with a great credential manager like LastPass or KeePass – Thank me later!

    I hope that all makes sense, in summary it does add security but that comes with complexity. The amount of security you get depends on what website, app or service you are looking to integrate this with. I think these are over priced to be honest, you would get much better value from having LastPass + LastPass MFA app, having a different robo-generated password for each thing you use and ditching mobile recovery options and all other MFA apps, plus you can’t miss-place a password keeper solution.

    IMPROVEMENTS NEEDED;
    1) Prompt, yes/no, allow/deny in the Yubico MFA app(s).
    2) Better integration and awareness with common third parties.
    3) Further simplification, although easy for me, my mum would give this 5 minutes of effort and throw it in the bin.

  47. Carrie says:

     United Kingdom

    Though durable and exactly what you need to keep your digital self an extra measure of security.

    Used by Google to secure access to their engineers.

    Buy minimum of 2 so you register both and the keep one for spare if you lose one.

  48. Child Products Research Center says:

     United Kingdom

    Fantastic item, feels easy to use and did not take that long to setup. I have 2 of them and keep one in a secure place incase of damage or loss for the 1st, would not want to get locked out of my accounts. Definatly recoment for anyone who wants to improve there security.

  49. Anonymous says:

     United Kingdom

    The only downfall is that it’s still not accepted by all applications. It really does get me that banks haven’t adopted this technology. I love my yubikey and I also have a backup in case I loose one. It’s super great for setting a one-time password and using it in-conjunction with a master password.

    This is typically the type of key it prints.

    cccccckvtkrttgvgkeenrncfjtlgjjkklrgrdivdvlhc

    I recommend using this with LastPass or another password management tool.

  50. webteam-np says:

     United Kingdom 🇬🇧

    Very easy to setup. Great quality and certainly won’t break easily if you look after it! I would recommend buying another key as a backup incase you misplace your original key! Remember to add the backup key to your accounts as well.

  51. Anonymous says:

     United Kingdom 🇬🇧

    Way better than I expected it to be. Easy to install (even on Ubuntu) and easy to use. The Yubico website helps you set up with your device and each of the services you wish to use.

  52. RozellaDartnell says:

     United Kingdom

    Golden Review Award: 6 From Our UsersI’m not too sure what other reviewers are doing but when I read some of the feedback on this and the other one with a few more features, I was seriously worried about all the youtube videos and how it does not have a guide book etc that others were complaining about. I bought this because I really do not like google authenticator and waiting 3 days to get into an account is not helpful when it gets reset. I went on the link on the back of the pack and clicked the provider I am using. Sure enough it got me to the same page I researched on my provider for 2FA. I had made sure it was a product that they recommended should work. I activated the 2FA, put in the key and tapped it once, then twice and before you know it, I was in. Now I log out and come back in and only have to tap the side once and there is no problem logging in. I think reading what the product recommended by the website actually helped. I just wish the product was a little cheaper so that more people could have this option at a more reasonable price. Aslo, making sure the little critter stays safe and does not get mislaid is a must. If out my laptop I pop it in a special box for all my tiny gadgets so it does not get mislaid, I don’c carry the thing around personally.

  53. Anonymous says:

     United Kingdom

    There isn’t a great deal of information on how to use when you receive it which might be a big issue for some users however I was already familiar with how these work as we use one at work. I’m really glad I bought it. I use it for everything including MFA for Google, Amazon etc and I also use it as a GPG smart card to store my secret key for authentication, encryption etc. When set up, it’s really cool that you need to physically plug something in to be able to SSH into a server or decrypt a file. You may want to consider buying 2 of these to have a backup incase you break or lose one. Although I must say it’s unlikely that you would be able to break it. But it’s not strictly necessary as most services offer a backup code as a secondary MFA method and you can just securely store them on a USB drive or similar. Definitely worth buying for the security/privacy conscious.

  54. Anonymous says:

     United Kingdom

    Use this for work and personal. NFC means I can authenticate using my phone as well. In work used with Duo and at home with various. Was a little confusing on the documentation side but as soon as I ignored that and just did it everything was easy.

    Saves on phone prompts or typing numbers in!

  55. Anonymous says:

     United Kingdom

    Golden Review Award: 16 From Our UsersI won’t mince my review of these: these are by far and away the best USB hardware crypto tokens I have every used. They can speak gnuk and ed25519, and thus can do the crypto for all your SSH logins and gpg, including git commits. Because of the hardware capacitive button, leaving them plugged in permanently is not a security risk, as even nation state actors who own your computer cannot physically activate the token. They work beautifully, without driver install, on Windows, Linux, MacOS and even Android and ChromeOS. In short, they are a one stop solution to all of it.

    That was the good. There is also the bad: unless you are doing U2P or Fido or something that the installed utility automates for you, expect to spend several hours researching the internet to figure out how to configure these properly. The documentation IS out there, but it’s spread around, and there will be a fair bit of head scratching until you figure it out for the actually far more useful use cases which these will do, but for which nobody has automated the configuration for you yet. As much as all the manual configuration with gnuk, including telling the token to enable its capacitive button per gnuk crypto operation, is a pain, once it’s done then it’s done. The tokens “just work” thereafter.

    One major tip I learned the hard way: never buy one of these, always buy at least two. Configure both, and put one of them somewhere safe. Then if you lose the other one, or one breaks, you aren’t locked out of *everything*.

  56. LillaHerrera says:

     United Kingdom 🇬🇧

    Beefing up my online security together with a 2FA app, this really is the last line of defense. I’ve had no hacks or account takeovers, but I like having the benefit of the doubt. I’ve set this up to almost anything I can, and knowing that I have that extra layer of security makes me feel a lot more confident. I wish more companies and services would integrate this. Will be buying more!!!

    UPDATE – check whether your email addresses have been pwned. I review the security of all my online accounts on a regular basis, and can see suspicious login attempts. But with those accounts linked with this Yubikey, I can safely say that the attempts have been thwarted off. Do not hesitate – buy some now!

  57. Anonymous says:

     United Kingdom 🇬🇧

    I will make no pretence, using this device is not for the feint hearted, but if you want two factor authentication and a PGP smart card then this is for you. If you just want FIDO, then you’ll probably be better served with the blue, cheaper ones, but it is great value for money

    note: I haven’t been able to get the NFC working, but i was trying on an old device, so it’ll probably be that and not the key itself
    note2: if you want to use it as a GPG smart card i reccomend drduh’s guide on github

  58. Anonymous says:

     United Kingdom

    This products brilliant security is do important in todays world and yubikey offers that. And yubikey authenticator is great easy way to use totp across devices compared to say sms or Google authenticator as you don’t have to type it manually.

    You can also use it for signing and encrypting data which is fantastic for developers etc.

    One issue is lack of support not yubikeys fault but websites and windows support for fido2 leaves much to be desired but that is getting a lot better as times going o

  59. Anonymous says:

     United Kingdom

    I am from an IT background and struggled on certain aspects in setting the key on my mobile. I don’t see anywhere mentioned at the time I purchased on their website on how to configure the key with the 2 factor authentication app “yubico authenticator” on android phone. Well there are instructions on how to install. So if you plan to add a 2 factor for any website, the first thing you need to do is to scan the QR code first on the app and not to scan the yubikey as it states in the app screen. Once you have scanned the QR code, it will prompt you to scan the yubikey. Once the yubikey is scanned, the account is set. Every time you need a code, just open the app and scan the yubikey to your phone’s NFC. Sometime it will throw the communication failure error where you have to try scanning again. I did not have issues anywhere else in setting the key.

  60. Anonymous says:

     United Kingdom 🇬🇧

    I bought this specifically to use with last pass password manager, although I also use it as the 2 factor for Google. I have found it works very well as usb and rfid (with galaxy S9 plus running android version 10). No problems at all.

  61. Hunter40Qstpbyk says:

     United Kingdom

    Golden Review Award: 2 From Our UsersI’m thrown by the number of people experiencing difficulties in setting up and using this Yubikey. It’s not completely intuitive to setup but there are simple enough instructions online which, if followed, get you setup without trouble.

    This is an excellent 2FA item; I wanted additional security beyond apps such as Authy (which is excellent) and a hardware solution fitted the bill for me. Yubico have an excellent and well earned reputation which is why I selected a yubikey. It’s extremely small and simple to use once setup; I have the app on my iPhone to access my codes and on my PC. I also use it (paired with some memorised alphanumerics) to input a much stronger random Veracrypt key on my PC so that is genuinely secure.

    There’s a lot of functionality in this key, more than you’ll probably be able to use right now as most providers just aren’t there yet with there security setup (Amazon insists on using SMS as it’s 2FA-the least secure method). I highly recommend this little gadget for security conscious and moderately technical people.

  62. Anonymous says:

     United Kingdom

    For a non-technical user, it’s hard to know even how to explain all the things this Yubikey does.
    You can use it for smart card authentication, additional website authentication (2FA), store PGP keys, even use SSH keys with some experimentation.

    The setup is fairly complicated, even for a technical user who understands encryption.

    Once you’ve installed the software, as long as you’re comfortable with command-line tools and GnuPG, and you’re inquisitive, it’s interesting to explore how to use this device. But you have to follow the instructions carefully, and probably make mistakes too before you get the hang of it.

    If this sounds intimidating or just incomprehensible, this device is possibly not for you.

    The black Yubikey 5 provides a lot of extra features over the basic blue one which only a minority of people would need or use.
    I’m using it to store GPG keys, as a FIDO2 authenticator and to secure LastPass.
    I love tinkering with it; it appeals to my nerd brain. And anyone who works with and understands the acronyms thrown around in technical descriptions of the Yubikey will find it useful.

    For someone less technically-minded who wants an authentication tool, it might be better to consider the cheaper blue Yubikey instead, or just stick with authentication apps from Google, Microsoft and Authy that produce a six-digit code.

  63. Anonymous says:

     United Kingdom 🇬🇧

    It is a relief to know i can now use my email account without fear of identity theft and hackers.

  64. Robert Steele says:

     United Kingdom

    I’ve been keeping my eyes on YubiKeys for the past few years whilst the technology matures and I think it’s fair to say it’s gotten to a point where they’re “mature” enough. Having ubiquitous on any NFC-support Android support and support in iOS since iOS 13 (though apps may require updating) combined with a growing web presence; now is the time to start grabbing these.

    Generally setup is fairly easy, following whatever process a website has which is typically clicking a button, tapping the gold disc and giving it a tag. I can see these easily replacing TOTP apps and SMS OTPs in the future: in some cases many businesses are already doing this, an example being Google who has issued all of their employees with a hardware security key!

    Another benefit of this key comes in a particularly unique way: it’s a physical way to identify you’re at the PC and secondly even if you were to lose this and someone were to find it – they would have no idea what sites or even what accounts it works for!

    If you’re on the fence due to price: Either nab yourself a Yubi Security Key (which is about half the price at time of writing) or question, can you really put a price on good solid security?

  65. Anonymous says:

     United Kingdom 🇬🇧

    Expensive, but worked well with Office 365 and Azure multi factor authentication, which is currently in preview

  66. Anonymous says:

     United Kingdom 🇬🇧

    Not that easy to install but I think it is the concept that makes it hard to get your head around more than the fault of the product, at least that was what I felt. Works great on Google account, also have it on my password manager which is a big plus and it also generates OTP codes for the likes of Amazon by simply putting the key to the NFC reader on my phone. Overall really pleased with what it does. I have a Google Titan as a back up but that needs a bluetooth key as well for your phone so the Yubikey 5 NFC wins hands down.

  67. Rebecca Workman Tara Lerman Sara Gagnon and Kate Butler says:

     United Kingdom

    Golden Review Award: 2 From Our UsersI had been looking at one of these MFA Keys to Enhance security for my Accounts and i decided to take the chance. Easy to install and Use you can set up the device to work on most Services and once set up your good to go. Worked on Windows 10 and Mac OS without issues. Get you and protect yourself without worrying about losing Your Phone or 2 Factor SMS codes this is the Future

  68. Anonymous says:

     United Kingdom 🇬🇧

    Very impressed with ubikey as seen some good reviews,so much I bought a second key as back up key but the only thing is letting it down is the instructions how to get setting up proper and some is not clear to understand but other than that was impressed

  69. Anonymous says:

     United Kingdom

    Golden Review Award: 14 From Our UsersKeeping passwords safe, online service 2FA, SSH, PGP (GPG), keycard and more;, use this to add another layer of protection to your online life and significantly reduce the chance of becoming a victim.

    The contemporary internet environment is hostile. Faceless criminals and malign actors seek to access and control our information for their own purposes, and seem to have access to incredibly intelligent people who assist them in their seemingly wicked ways. This activity looks to be rising commensurate to the pace that we un-wittingly intertwine our lives with technology, trading security for convenience, often in the misguided belief that service providers will provide us with sufficient protection.

    You are likely to know someone who has been a victim of some kind of remote or local attack and if like me you would like to reduce the chance of becoming a victim, the price of two yubikeys is a small price for the peace of mind that they provide.

    Configuration can be a bit tricky for the more IT illiterate of us, but well worth investing the time and effort to read-up on the matter. Yubikey could do more to provide easy to use documentation and guidance to assist those who otherwise would not take the time to learn to configure the keys correctly.

    Highly recommended even if it comes with a learning curve.

  70. Da Freebies says:

     United Kingdom 🇬🇧

    Excellant for increase your online security. Some sites like google and lastpass support it without much hassel. I use these to also secure the login to my macbook. Now even if a thief steals it and knows my password he/she still wont be able to login to it without the hardware key. For other sites that dont support YubiKey directly, you need to setup Yubic Authenticator to configure 2FA (six dig one time generated pass codes). Now that apple as opened up NFC on the iPhone’s in IOS12 and 13, just wish they launched the YubiKey Authenticator for the iPhone. At the moment, when I add the 2FA for a website on my Mac, I also add it at the same time by scanning the barcode with my phone to my IOS 2FA app (works with google authenticator and freeOTP.)

  71. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 2 From Our Userslet me start by saying I f****king hate LastPass but have to as it’s my company password manager of choice. Bought a Yubikey so I didn’t have to go through the hell of entering my long, complex initial password and then the tedious 2 factor authentication via Google. Yubikey software lets me store my initial password on the key and use it with a long press, and the 2FA with a short press. Fantastic! Set up was a breeze and it’s fairly easy for an average user to get going with. The only downside is the price, it’s pretty expensive for what it is and does.

  72. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 25 From Our UsersThe quality of the product itself is excellent. The child in me still finds it quite satisfying when I touch the button and whoosh I’m logged in, no faffing with codes – this of course after the sigh of “where are my keys” so I can log into “X” service.

    Important, you should consider factoring buying two of these, not one. They are not indestructible (though they are tough) and are generally attached to something else that often goes missing – or permanently borrowed – namely your keys. You *could* use something like a software MFA, but that defeats the point of using one of these. The other should be locked in a safe place – such as a safe – and only used when absolutely necessary.

    Everyone should be using MFA, but this method may be a little bewildering to less tech savvy people – or at least those who aren’t comfortable searching for what their new widget can do. I would start with a software MFA – such as Authy.

  73. Jaclyn DeJohn says:

     United Kingdom 🇬🇧

    I was hoping the NFC would work on paxton but on the version we have it doesnt, I can assign it a token and see it in paxton so it does apply it to the yubikey, but it just doesnt open the doors so im guessing there is different version of the NFC receiver on the doors.
    Works with 2FA fine for google.
    Short and long press still comes in handy for the touch.
    Overall worth it but could do with an update for paxton NFC.
    Bit overpriced for what it is. Good product though for sure.

  74. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 11 From Our UsersThe Yubikey 5 doesn’t come with instructions, so you’ll need to do some searching on the Yubico website to find the right resources. Following their guides, it’s hassle free. I’ve now got my LastPass account secured, as well as my Windows and Ubuntu systems. I’ve also made use of the smart card functionality and added my PGP keys to the device. After the initial setup, it’s incredibly easy to use and adds an extremely resistant level of security.

  75. Daniel Aston says:

     United Kingdom

    I’ve used MFA for a while now, mostly sticking to Google Authenticatior but I was getting increasingly frustrated with having to switch between applications on my Android devices when authenticating with LastPass (on some lower spec’d devices it actually proved impossible to switch between the apps quickly enough before the code expired).

    This little key has solved all my problems.
    I can simply hold it up to the NFC reader on my phone and authenticate with ease.
    It’s easy to tell when the key is active thanks to the lovely little LED on the front and the metal ring is a nice touch to ensure the loop doesn’t break when attached to a key ring.

    Overall great product! 🙂

  76. Anonymous says:

     United Kingdom

    Golden Review Award: 5 From Our UsersI have set it up with my LastPass account and my iPhone 7. Taken me only 5 minutes. Working really well on both Pc and iOS. Even through the phone case. I knew i had to update my iOS and LastPass account to the latest versions. When it says to touch on the left corner, it really means it. I find lining up the golden disk inline with the curve works well. Feel safe in the knowledge the YubiKey 5 NFC greatly helps secures my account.

  77. Anonymous says:

     United Kingdom 🇬🇧

    Golden Review Award: 2 From Our UsersAs an experienced computer user I know that I need to keep things secure and it was why I choose the YubiKey 5 NFC.

    This product, easy to use, but setting up was a bit of trial and error having found partial instructions for what I wanted to do.

    The best feature of this product is how seamless it is to use especially with Open PGP for signing, encrypting, authentication or certifying. I used Gpg4win to create the keys, uploaded to a key server then using OpenKeychain on an Android device I imported the public key then tapped the YubiKey against the NFC reader and the private key was linked. The great thing is that all the secrets and private keys remain on the YubiKey itself and of course the YubiKey can be protected too. I do recommend purchasing another so you have a backup just in case you loose it or its stolen.