Yubico - YubiKey 5 NFC - Multi-Factor authentication (MFA) Security Key and passkey, Connect via USB-A or NFC, FIDO Certified - Protect Your Online Accounts

I have used a YubiKey for authentication at work for the past 3 years and while reviewing hardware MFA security keys did quite a bit of research of the various keys out that and the compatibility of the key with different solutions including the ability to authenticate with Windows Hello login, using passkey instead of BIO authentication and this one is one of the few recommended. Additionally, I liked the idea of using it with my cell phone as well and have setup many sites to use passkey authentication including ones like "login.gov" which supports and advocates for passkeys. Tonight I took the YubiKey out of my laptop and authenticated to a web site I had previously setup from my laptop with my mobile phone. I chose "passkey" for authentication then placed the YubiKey against the back of my cell phone with my finger on the touch pad and it immediately authenticated and logged it successfully. Now I can key from both devices once a key pair is setup for a web site so completely portable. You do have to enable NFC from your phone as it is likely off by default. I would buy this again and it works better and is a much easier and more way to login (authenticate) than passwords which are easily compromised. If I knew it was this easy and worked so well before I would have bought it long ago as the FIDO 2 keys have been available for a long time, it is just that many people do not know much about them.

It's a yubikey, what's there to explain? It plugs into your usb-c port or can be used with NFC and supports a number of protocols to secure your digital life. No install required, easy to remove, and more functions than you'd think possible. An incredible value for digital denizens! I personally use it as a backup key to my primary one (the USB-C model) and actually find it a bit easier to insert and remove.

The Yubikey USB token is a game-changer for anyone serious about online security. This small device provides an incredibly simple and powerful layer of protection against phishing, hacking, and identity theft. Unlike two-factor authentication that relies on codes from your phone, the Yubikey uses public key cryptography, meaning even if a phisher gets your password, they can't access your account without physical possession of the key. What makes it so great is how effortlessly it works. You simply plug it into a USB port or tap it with your NFC-enabled device, touch the gold disk, and you’re instantly authenticated. There's no battery, no software to install, and no codes to type. The peace of mind this little device provides is priceless, securing everything from your email and social media to your password manager. It's an essential, robust, and user-friendly security upgrade that makes your digital life much safer.

Works exactly as described. Helps upgrade my security on a number of websites. Easy to setup and use.

NOTE: If you buy a YubiKey and don't know where to begin, search for the YubiKey Manager GUI from Yubico. There are numerous tools that work with YubiKeys, but some are outdated or overly complex. The manager has a simple, clean interface. In short, I think it's a really neat device, which can help improve your digital security, if you're willing to invest the time/energy to research it. I bet your identity is worth more than $45. Pros: * Very versatile, lots of features * Cutting edge security, WebAuthn is now a web standard (March 2019) * Backed by significant tech players * NFC wireless connectivity * Should work with most Android devices * Durable build Cons: * Documentation is limited and scattershot, you will need to teach yourself * More expensive than some alernatives * Limited FIDO2/WebAuthn support right now (April 2019) * Limited iOS/iPhone support right now * Many overlapping, confusing tools available * Only some functionality exposed in GUI tools, there is much, much more on command line and via APIs * No firmware upgrades * Can't backup or copy a YubiKey * Closed source, proprietary design -- no possibility of independent audits The documentation is admittedly scattershot, so here is a summary of what I've learned. Think of the YubiKey 5 NFC as having three separate, built-in apps: 1) FIDO, 2) CCID, 3) OTP. Each of these apps has multiple functions. --1) FIDO app-- * FIDO2: The newest standard, supported by most web browsers now, expect to see more websites transitioning to FIDO2/WebAuthn logins in the coming years. DropBox and Google are two notable websites that support it today. * U2F: The old pre-FIDO2 approach, partially supported by some browsers and websites. --2) CCID app-- * OATH: Install the Yubico Authenticator to configure this. Similar to Authy, Google Authenticator, etc. TOTP provides time-based one-time passwords, HOTP provides counter-based one-time passwords. More secure replacement for the SMS- and email-based 6-digit login codes you may be receiving now, if you have 2FA enabled on your accounts. * PIV smartcard: Can be configured for logging into some computers. * OpenPGP: Useful for email encryption, signature verification, SSH logins. --3) OTP app-- * You get two configurable slots, they can be: Yubico OTP, challenge-response, static password, or OATH-HOTP. To summarize, you get FIDO2, U2F, OATH, PIV, and OpenPGP apps out of the box, plus you can choose how to configure two *additional* slots to suit your needs. One of them is pre-configured with Yubico OTP, which requires internet access and registration with Yubico. The most useful feature to the average user will be the FIDO app, although currently (April 2019) there is almost nowhere to use it. Buying this today is like being on the bleeding edge, although Yubico contributed to the FIDO2 standards. WebAuthn means websites don't store passwords anymore (not even encrypted), and phishing becomes far more difficult, as your authenticator device is only associated with a single website. The idea is to use devices like the YubiKey, an optional PIN, as well as biometric data (fingerprints, iris scans, etc) to identify the user, instead of relying on a shared password. The YubiKey can store "unlimited" FIDO credentials. The second most useful feature is the OATH app. To use this, you must install the Yubico Authenticator app on your computer or mobile device. When you insert the YubiKey, you will see the list of one-time passwords. However, there is a limit of only 32 slots. NOTE: OATH-HOTP uses a counter and will eventually roll over, so it has limited uses, but TOTP is time-based and should work indefinitely. Equally useful is the static password option, which you can enable in an OTP slot. This lets the YubiKey "type" in a password on your computer, in many situations where other authentication isn't possible. For example, you can type your own easy-to-remember password, and then add the YubiKey static password at the end. This should work universally on devices supporting USB input. The other options are more specific and for the advanced or power user with some IT background. Configuring OpenPGP properly is not trivial, nor is it likely to be used by the average person. However, if you are in IT or need the added security, you can add your encryption, signing, and even authentication keys to the YubiKey (once stored, they cannot be retrieved). I've successfully logged into SSH servers and committed to GitHub using this technique -- it works perfectly. You will need GPG or similar installed to configure this. If you don't know what PIV smart cards are, you likely won't have a use for them, however you can configure Linux and Mac boxes to take advantage of this for logging in, as well as on Windows domains. I imagine this is more useful in large organizations. The downsides are not inconsiderable. You are essentially trusting a closed, proprietary device, but it has been proven time and again that "security through obscurity" doesn't work. If there's a critical bug in the design, you are stuck with it, as there is no way to upgrade the firmware. You cannot retrieve secret data from the YubiKey, but this means you can't make a backup or copy once it has been configured. You need to duplicate the key *during* configuration, or save a record of all the secret data. Keep that in mind. A final note is that the YubiKey has both USB and NFC connectivity. If your smartphone supports NFC, you can simply hold the YubiKey against it to authenticate. If you can't use NFC or don't want it, you can disable it with the YubiKey Manager. You can selectively disable USB and NFC for each app. NOTE: you can buy a cheap USB OTG adapter and still use your YubiKey with your smartphone, to an extent.

I received this this is value for money product I live in Ludhiana build quality is nice it is plastic but strong plastic

المنتج ممتاز، مغلف بشكل جيد، توصيل سريع من البائع أقل من الوقت المتوقع شكراً جدا.

Chave de segurança perfeita. Funciona exatamente como anunciado

Actually, nothing more to add. Good quality build. No additional software needed to operate with iOS, Google, Dropbox, Windows etc. I was surprised that I received the key in 2 variations of packaging. But both keys work equally well.

Good