For at least two years now, discerning buyers have been migrating their hardware over to USB C for anything and everything possible. For around 12 months, a not insignificant number of buyers simply won’t buy hardware unless it’s USB C and now Yubikey have hit the nail on the head. The 5C NFC isn’t just USB C, it also sports NFC for fast touch authentication making hardware-based 2FA a no-brainer.
What is it?
Yubikey is hardware-based — in this case USB C with NFC — 2FA key that has far broader compatibility than many users realise. Everything from simple Windows or Mac OS logins, to protecting your online accounts. Yubikey has continually worked with a lot of high profile providers to offer a higher level of security to your important data.
What does it do?
Yubikey offers two-factor authentication (2FA) in hardware form which — despite the cost involved — offers increased security, as well as speed and convenience. Using the example of my Google account I enter my username and password, the system then requests 2FA by plugging in the key.
The 5C NFC offers an additional feature for the current generation of hardware, aside from the USB C connection terms of connectivity. That — clear from the device name — is NFC and it’s a dimension that I honestly didn’t realise could be this darn good.
What are the risks?
Let’s take a look at a simple example with Facebook, what would happen if your account was compromised?
Let’s start with a simple fact: Login with Facebook is hugely popular because it’s easy. But do you know how many sites you’ve got linked to your Facebook account? Do you know how many of those have your credit card attached to them? If you’re on Facebook, the odds are you’ve got Instagram which means messaging history, as well as potentially very sensitive private data, is exposed.
The search trends from Google show that with so many more users at home during the pandemic, the thought of accessing other peoples data is coming into play. Specifically the term “how to hack” has been on the rise steadily with Facebook, Gmail, email, Google and Wi-Fi heading the list.
Hopefully, the need for any and all protection possible is starting to shine through.
Is the user experience worthwhile?
For my mind, this product isn’t just about the user experience with the device. But makes me think about about the — let’s be honest — terrible experience having it securing your accounts significantly decreases the chances of… account and personal data loss.
From talking to personal contacts, it seems there is a misconception that the 2FA keys generally only work with corporate accounts and niche offerings. Certainly not the case, if you want to see the ever-growing list of compatible offerings: Check out the Yubikey page to see just how many accounts you can secure.
There is of course some early work to be done to like the Yubikey to your accounts. This needs to be done one by one, which is — while quite simple — a little time-consuming. But back to my earlier point about the prevention of data loss, the reality is: If 2FA is offered on any of your accounts, you should be using it.
The fact is that using the Yubikey is simple and fast. Some would argue faster than loading an app for 2FA codes or waiting for them to be delivered via SMS and I agree. SMS or Email delivery of 2FA keys can take between a few seconds and several minutes. The use of 2FA apps like Authy or Google Authenticator is easy, is no more time-efficient than a hardware key and (while minor) has some minor flaws compared to a physical hardware key.
Once you’ve set up the key, there is a bit of adjustment to your normal workflow you’ll need to make. For me, that adjustment was as simple as adding the Yubikey to my keys which I carry anytime I’m out of the house and is within arms reach when I’m at the computer at home.
From there it’s just a case of grabbing your 2FA key when you’re prompted and either tapping it to the NFC sensor or plugging it in and touching the sensor.
Should you buy one?
Anyone that’s heavily security-minded probably already has one or is looking online for one now. Coming from an IT background and working inside some high level corporate, enterprise and health networks I tend to stress good security practice. In this case, whether it’s for personal use or within a corporate environment I can’t impress highly enough how important two-factor authentication is.
The quickest, easiest and frankly cheapest option is apps like Google Authenticator or Authy. They will 100% improve your security to your accounts, but no system is perfect. What the physical 2FA key from Yubikey offers is a quick and easy access pathway to ensure your data is secured as much as possible while minimising the impact on workflow and time lost.
In short, the US$45.00 (approximately AU$61.00) is well and truly worth the investment to protect yourself, your data and ultimately preventing you from a heap of headaches and heartache.
The cost of the device makes its return impractical for the manufacturer who has not requested its return.