Yubico - YubiKey 5 NFC - Two-factor authentication security key, fits USB-A ports and works with NFC supported mobile devices

I purchased the YubiKey 5C Nano to enhance the security of my MacBook Pro and online accounts. Its ultra-compact USB-C design allows it to remain plugged in without obstructing adjacent ports, making it ideal for portable setups.The device supports multiple authentication protocols, ensuring compatibility with a wide range of services and various password managers. Its build quality is robust and it operates without the need for batteries.

The Yubikey is a very good very secure device but like anything in the IT security world, it takes a while to learn how to use it and set it up and of course the methods vary, depending on your device types. And buy two, you need a spare just in case you lose one.I use Windows and Android so I have the Yubico authenticator app on my phone and use that to access many of my accounts in the traditional way, by adding an authenticator app to whatever account I want to use the Yubikey to access. When the QR code is presented, with the Yubico app open on the phone and in the accounts page, I press the 3 dots top right then add account, scan the QR code and save the account by re-scanning the Yubikey. I DONT input the presented code to the account yet though, I REPEAT the process for my spare YubiKey's first then when I do the last key and the account is added to all the keys, then I complete the process by adding the one time passcode as requested. Easy!On my PC I plug the key into my USB port and input the pin that I setup using the Yubico authenticator app from Windows store, this way I have to physically touch the copper contact on the key to log into whatever account I have setup using FIDO in this case versus NFC that the phone uses.There are plenty of videos on YouTube showing how to set these keys up, it just takes a day or so to get your head around it if you are new to passkeys, but what's a day or so of learning for the extra security these keys give you?Lastly, some of the reviews are concerned about vulnerabilities in the older firmware but the two keys I purchased have firmware 5.7.1 which is the latest firmware. As for one reviewers post about a criminal running a program on your device, that assumes they have stolen the device AND KEY, can get past the device sign in security and also know the pin number for the key too which you should set for NFC and FIDO. If somebody has your phone, can access it, has your key and knows the pin to it, has your accounts and knows the usernames and passwords, vulnerabilities are already a moot point.These are very good devices adding a level of security that is just not possible with other 2FA methods.

Really good security and simple to use

The yubikey is small, thin and seems robust enough not to worry it dangling from your house keys. I heard mixed views on just how much or little you should look after it so I bought a case (just in car). I bought the USB C connector with NFC and a couple of adapters so that I could use it with my Android and my PCs. Despite my current version iPad with type C connector the key will not work with it (you’ll have to get the Lightening key and spend a further £30 on a Lightening to C adapter from Apple to get it working (how ridiculous is that?). They are, however, easy enough to set up but this varies with the service you’re using. Amazon was the easiest, followed by Google. Don’t think eBay support a physical key (despite Yubico stating they are compatible). Paypal definitely don’t (shame on them).The bad news is that I received the older firmware version (which cannot be updated). The new firmware was released in May 2024 and allows for 100 passkeys rather than a measly 25 for the previous version. There are other significant improvements too, so it’s not worth paying the same price for the old firmware. I contacted the seller after I received the keys to find out that they ship whichever version they happen to have. I then contacted Yubico via Amazon to confirm that they WILL supply the latest version via Amazon.Otherwise, I think this is a great product and wish more services would support it over software 2FA. It’s a very slow take up and some companies (including banks) do not support physical security keys. Some banks do have their own versions (HSBC) but Starling and ANNA Money rely on OTP via text (not secure). Paypal and eBay doesn’t support them either.There is a question of implementation by many services. Most insist on a backup to access your account should you lose your key. That’s great except it’s straightforward enough to just select that less secure option on login.I hope take-up will accelerate though as breaches seem to be on the increase. At least I’m covered when that happens.

A great way of applying 2 factor authorisation on phones & computers etc. No trying to remember anything or wait for codes or emails to log in.

It's quite brilliant, I love the concept, since it's a physical USB it's never gonna be hacked as it requires a physical touch and it's interesting to learn about the new technology involved, I've secured my Google and Binance. Granted it doesn't work for free on every service. BitWarden charge a subscription to open the feature for example, not all websites offer YubiKey protection as well, but those 2 are important to me. Adds another layer of security to 2FA and account recovery options. I won't lose it because it doesn't leave my room, it has key chain hole if you do want to travel with it, I haven't needed to, but a professional employee might find it useful to have 2 instead of 1, for the workplace, also it could benefit from wider adoption to even securely login to devices without an onscreen password, like a key card type function, keeping the USB as it is so stolen hard drives, USB sticks and laptops prove useless to physical thieves and set option to lockout for some time or data wipe if wrong YubiKey is used, a little bit pricey but I think the technology has a lot more scope and potential than just Internet accounts to protect from physical theft and sale of stolen devices as well. It lives up to the hype imo well worth it. I'm glad to have it.