Security and authentication are big, complicated problems that lots of companies are trying to improve. It’s not good enough to just set a password on something – passwords can be shared and compromised. Provision and use of two-factor authentication systems have seen a big rise in recent years after high-profile hacks, and Yubico – one of the longest-standing companies serving this area – today launched a security key designed to work across PCs, Macs, Android and iOS devices.
The YubiKey 5Ci features a USB-C connector at one end that’ll work in most modern laptops and Android devices, and an Apple Lightning connector on the other. It’s tiny – the size of a small USB flash drive, and not much wider than the ports it plugs into – and supports all the major security key standards and protocols. If you’re moving between platforms a lot, the dual connector will be a godsend.
YubiKeys are great options for adding to your keyring. They’re water- and crush-resistant, and they’re designed to live on your keyring for years (I’ve had an older model on my keyring for years and only recently retired it). You can use them with your social accounts, your Google account, and most password managers can be configured to require them. Ubico also has its own one-time password generator app that hides the generated codes until the key is inserted.
If you’ve ever used a security key before, the experience is the same – you’ll authenticate to whatever service for which you’ve set the key up, and then you’ll be asked to insert it. If you lose the key, you’ll need to obtain a new one and go through the enrollment process with your services again. Yubico recommends purchasing two keys to provide a bit of redundancy on this front, and they have a good point – you keep spare keys for your house and car, so why wouldn’t you do the same for authentication?
On most devices security keys are supported at the OS level via USB, but on iOS the apps need to integrate an SDK to use the YubiKey inserted in the Lightning port. Yubico says they hope that this will be easier over time with Apple tightening up and doubling down on personal security for its users, but an SDK is just as good a solution for now. Brave Browser is one of the first browser apps on iOS to support second-factor authentication using YubiKey.
If you’re not using a security key to provide two-factor protection for your major accounts and services, you really should consider getting one and setting it up as an extra option. Part of taking responsibility for securing your accounts is anticipating the methods you’ll use to get into your accounts under normal circumstances and then exceptional (if something’s wrong). If you were to lose your phone you’d still be able to log in to your accounts and services on a compatible device, and if you lose your UbiKey then you’d probably still be able to get an SMS.
Speaking of which, Yubico says there’s a LOT of Australians interested in securing their accounts, with around 100,000 personal keys shipped into the country over the years. A much larger number have made it into enterprises, with the company finding favour amongst higher education and government. Yubico also says there’s a couple of local clients working with their iOS SDK as well.
YubiKeys are available from Yubico’s website with a variety of different connectors according to your needs – head over to yubico.com/store. The new YubiKey 5Ci is USD$70. If you don’t need the Apple Lightning connector, you might be more interested in the UbiKey 5C with only the USB-C connector at USD$50, or the more classic-styled YubiKey 5 NFC (NFC with a USB-A connector) for USD$45 – you can use it on anything with an adapter (and remember to add an extra USD$5 for delivery).