If you’re looking for a quick, easy, and affordable way to protect your Google account, Facebook, GitHub, Dropbox, Salesforce admin account (and much more), or looking for a way to harden your Mac or Windows login credentials, then you need to take a look at YubiKey.
OK, first off, what is YubiKey?
YubiKey is a small authentication key manufactured by Yubico that can be used to securing access to a wide range of applications, including remote access and VPN, password managers, computer login, FIDO U2F login (Gmail, GitHub, Dropbox, etc.) content management systems, popular online services, and much more.
The wide range of support makes YubiKey a great choice for personal use, business, enterprise, or even developers.
Physically the YubiKey looks like a small USB flash drive, although there is one that also incorporates NFC for use with Android devices. The keys range in price from $18 for the basic FIDO U2F key (which will work with online services that support FIDO U2F, which include Facebook and Google), to $50 for keys that in addition to FIDO U2F also feature strong crypto and touch-to-sign, plus one-time-password, and smart card.
A chart detailing the available keys along with their specific functionality can be found here.
Now, rather than outlining how you protect your accounts with YubiKey (the instructions on the Yubico website are detailed and will guide you through the myriad different services you can secure with your YubiKey more efficiently than I can) I’m going to look at the pros and cons of that I’ve come across over the past few weeks.
- Cheap (starting at $18)
- Easy to use (if you can figure out two-factor authentication, you can understand YubiKeys)
- Keys are incredibly robust and totally waterproof (one of mine lives on my keyring and gets bashed about a lot, the other I wear around my neck on a chain most of the time)
- Pretty indistinguishable from USB flash drives so the keys don’t attract attention
- Scalable (customization tools and custom programming options available for business)
- Support for Open PGP encryption and code signing
- Offers a really easy way to secure a Windows or Mac machine
- Ideally, you need two keys in case one gets lost, stolen, or damaged in some way.
- Not all browsers support U2F so you must be running Google Chrome version 38 or later, or Opera version 40 or later (this is not a YubiKey limitation but a FIDO U2F limitation)
- No iOS support, which means having to fall back on other two-factor authentication methods
- Big gaps in services that use FIDO U2F (no support for Yahoo!, Microsoft online services, PayPal, banks, etc.)
- Some of the documentation can be a little intimidating
This USB thumb drive is one serious and secure business tool: