The Yubikey 5 NFC and Yubikey 5Ci are designed to protect your online accounts from phishing and account takeovers they use Two Factor Authentication which can be used to protect online accounts with more than a password. The Yubikey is physically strong and solid with the option to connect to your keys with the no battery or network connectivity required The quality is reinforced in the liquid and crush resistant made from reinforced fibreglass material hermetically sealed and injection moulded. The hardware keys can fit on your car keys, company swipe card to ensure your presence as required.
I had the opportunity to review the YubiKey 4 Nano, in 2017 and subsequently found many of the corporate companies in Ireland were using these hardware keys. The use of Two Factor Authentication allows access when a user can present two pieces of evidence to authentication mechanism e.g. Something you know and something you have.
Perspective:
To put this into perspective Techuzz Ireland have regularly posted scams from revenue rebates, shopping vouchers free etc. In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale. If a user has not changed their password in the last few months or reuse the same password on multiple sites, they are leaving their private life open to hacking and their company. A quick check to see if your details have been hacked in recent times can be found on https://haveibeenpwned.com/
We would normally recommend from any site/email not to click on a link rather search on the web. ( If you do nothing from this review – Change your password today ! )
Specifications
- USB Type USB-A
- NFC-enabled Yes
- Authentication Methods Passwordless, Strong Two Factor, Strong Multi-Factor
- Identity & Access Management AWS Identity and Access Management (IAM), Centrify, Duo Security, Google Cloud Identity, Idaptive, Microsoft Active Directory, Microsoft Azure AD, Okta, Ping Identity
- Productivity & Communication Google Account, Microsoft account, Salesforce.com
- Password Managers 1Password, Dashlane Premium, Keeper®, LastPass Premium
- Function WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), Open PGP, Secure Static Password
- Certifications FIDO 2 Certified, FIDO Universal 2nd Factor (U2F) Certified
- Cryptographic Specifications RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384
- Design & Durability Water Resistant, Crush Resistant, No Batteries Required, No Moving Parts
- Device Type FIDO HID Device, CCID Smart Card, HID Keyboard
- Manufacturing Made in USA and Sweden
YubiKey 5Ci
The YubiKey 5Ci is a multi-protocol hardware authenticator with dual connectors for Lightning and USB-C
Features.
- Easy and fast authentication
- Secures all major browsers and operating systems
- Reduces IT operational costs
- Multi-protocol support: smart card, OTP, U2F, FIDO2/WebAuthn
- Lightning and USB-C on a single key
Physical Specifications
- Connectors: USB-C, Lightning
Dimensions: 12mm x 40.3mm x 5mm.
Weight: 2.9g
Decision:
When deciding on Security option, the determination is required to establish what is required to protect, whether due regulatory requirements, good practise, quality standard etc. If a hardware key will fit these requirements then a referral to the yubico.com site to determine the recommended technology is recommended. The Yubico has a list of hundreds of services but doesn’t come with instructions included in the packaging but instructions are available from their site.
Setup:
The setup for each service or site can vary, Yubikey has provided clear instruction on their web site how the setup is carried out. (Some basic networking knowledge would be an advantage)
https://www.yubico.com/setup/compatible-services/#protocol=all&usecase=all&key=yubikey-5ci
Setting up a YubiKey with a Facebook account
- Using Chrome, Firefox or Opera, log in to Facebook.
- Click the Settings and Account icon, and then select Settings.
- In the left pane, select Security and Login.
- Next to Use two-factor authentication, click Edit.
- If two-factor authentication is not configured yet, click Get Started. Or if two-factor authentication is on, then skip to Step 7.
- Select the most convenient method of one-time password authentication.
- To the right of Security Key, click Setup.
- Plug a YubiKey into a USB port, when the YubiKey starts to blink, tap the button or golden edge on the YubiKey.
- Enter a name for the security key, then click Continue, and then click Done.
If you need to register additional YubiKeys, click Add New Security Key, and follow steps 7-8
Facebook setup
The instructions are very detailed but would require some technical knowledge to set up. Once set up, the user has to tap the gold contact on the Yubikey to touch contact. (This is not a fingerprint action rather mechanical action) as requested by the site.
Note: Many sites/ services do not support hardware authenticator rather via sending of SMS (text) messages with the code or via an authenticator app, e.g. LinkedIn has not the option for hardware authenticator but this can be achieved via a password manager e.g. LastPass Premium
Note: if purchased by an individual for a work Laptop on their sites, many IT departments lock the USB drives preventing its use. (IT admin can resolve)
Conclusion:
Many recent articles suggest password are dead been replaced by Software or hardware authentication methods due the complexity of the characters that are required to prevent brute force attacks by automated software. Where strong passwords are used again these may be compromised if used on several sites or not changed regularly.
The Yubikey 5 NFC and Yubikey 5Ci are stronger options as compared to a text message which can be bypassed by cybercriminals. (but are better than a password alone) The Yubikey are used in many corporate environments (and can be used as a standalone for individuals) as the reduce the password related calls to IT helpdesk. The 2FA is faster than SMS code and more secure, they have the option of using one device for hundreds of sites. The Yubico is only one form of security, IT security should constantly monitor the network. anti-virus up to date etc with no one solutions fits all.
Note: No system can give 100% security to prevent hacking (some Air gap network do a good job but impractical for most companies). Each security system used reduces the chance of the hacking to a level where only a very determined hacker, can access. The future may use
AI technology to identify abnormalities within a corporate network to pass to a human to intervene to diminish the risks.
Today The question is not to use 2FA, it’s what methodology, hardware, software etc to minimize the risk, Yubico is a trusted brand ( which is an important consideration) using global authentication standards to ensure the individual key can ensure secure access to your computer, website, networks and phones. A brand we have used in the past and confident (as anyone can be) related to Cybersecurity the risks of a compromised account has been diminished.
Yubico – YubiKey 5 NFC Price: £41.49
Yubico YubiKey 5Ci Price: £68.98