I'll do my best to answer any questions in the comments here. Get the latest deals on Yubico security keys using this link (affiliate): geni.us/yubico-store
To me If my Yubico key got stolen how on earth are they going to know it's mine? For the Bio Yubico key what makes you think they can't just copy your fingerprint off the key? In reality hackers are not going to guess your password but bypass whatever security it has. In reality the hardware key isn't 100% random, but it could be good enough. What happens if I can't find either of my 2fA keys? Am I just out of luck?
I originally thought l needed the Yubikey Bio to take with me so if I lost it or it were stolen the Bio feature would keep it locked. It turns out you can set a PIN on any of the Yubikey 5 series so every time you use it, you have to enter the PIN. This means that if you lose your Yubikey, it is useless to anyone without the PIN. If you enter the wrong PIN too many times the key locks and must be Factory reset. This also means you can leave a Yubikey nano or micro plugged into your machine and it is still secured by the PIN. You will, of course, have to remember the PIN and you will want to store it in a safe place in case your forget. The MOST important tip: Buy 2 security keys so you can keep one as a backup in a safe location. You MUST plan for how you will recover you accounts should you lose a key or forget a password. A second key that is also keyed to all your accounts, is the best way to recover. A failure to plan, is a plan to fail.
This video helped me. However I was still left scratching my head at the end. I watched it 3 times but never heard anything that talked about what the difference was between the 5 series and the 5 FIPS. I’m going to have to find other videos for that info. You’re videos are always very informative and to the point. I do feel like you go a little fast sometimes and miss opportunities to provide just a little more info. I only recently found your channel and have been binging all videos for over a week now. Thank you for all you do.
I was just about to order such a device from Amazon but decided to watch ONE MORE video (yours) on the topic, and I was very happy to discover you offered an affiliate link. Having been a fan of yours for some time now, I am more than happy to give your channel the credit for the sale than Amazon.
@@AllThingsSecured Ordered 2 ... one for me and my best friend (a Vietnam vet and retiree ... and who wrote and led the tours --- back in the day --- for the Washington Monument interior stairs and the basement tour of the Lincoln Memorial ) BUT who was recently scammed and lost significant funds. EVEN SO, he cut the scammers and their threats off and indeed called his bank and the police. PLEASE -- EVERYONE --- DO ---NOT --GIVE IN - TO THE THREATS. CALL YOUR BANK AND CALL THE POLICE
@@AllThingsSecured I am confused, I will be working from home and sometimes my local library. I also have a Editor (limited) for my channel. Which one do I need?
@@AyCee21 if i buy from amazon but through the yubikey store...would you still consider that from the vendor? or do you still think thats a bit sketchy?
I think the idea behind the nano is that it makes it more appealing for those who focus on preventing hacks. For example I'd rather have a small almost unnoticeable key plugged in my laptop that stays at home 24/7 instead of having a pen-drive sticking out of my port
That's where I am. I'm more worried about crackers and compromised passwords than anything else. As I'm a smartphone refusenik, yubikey makes a lot of sense - but the number of sites that directly support yubikey is VERY small. Most of the sites I use that even allow 2FA are all about the PHOOOOOONNE, which is a complete non-starter for me.
That's VERY true, one of my clients had her laptop stolen. As her backup drive was with it, it was stolen too. But - a desktop at home is far less likely to be stolen, AND you can unplug the yubi when you're not home.
NFC stands for Near Field Communication. Not Connection. It was created in 2003 by merging contactless payment systems by NXP and Sony that were used by Moscow Metro, Japan Rail East and Hong Kong MTR.
This Yubico YubiKey 5 NFC review is fantastic! Two-factor authentication is a must these days, and this security key seems like a top-notch solution. Your comprehensive review and demonstration really helped me understand how it works and why it's so important for online security. It's great to know that it supports NFC, making it even more convenient. Thanks for shedding light on this essential tool for safeguarding our digital lives! 🔐💻👏
One use case for the nano is a desktop computer that stays at home. You would probably plug it in to a USB hub so you could reach it easily from your desk, and that way, even if someone were to break in to your home and steal your computer, they probably would unplug all of the cables from the back and wouldn't take the key.
NFC DOES NOT WORK ON IPADS! And the fingerprint does not make the 5 bio series anyway more secure than the 5 series because it can always be bypassed by a pin. You can also add a pin to the 5 series, making it as safe as the bio.
You are missing something - yubikey does not have to protect against physical attacks. It can be used as a key and then it will do so, but even if you keep it permanently connected it perfectly protects you against phishing websites, which is the only danger that nothing else can protect us nearly as great as yubikey.
If it doesn’t have to protect against physical attacks, then the Bio would have never been developed. We agree, however, on the fact that whether it’s permanently plugged in or kept on your keychain, it is an exceptional protection against phishing attacks.
@@AllThingsSecured The FIDO2 standard requires a login before the key is even queried, then you still need to enter a PIN to unlock the key before you tap. Leaving a regular key plugged in all day can damage the USB port because of the leverage of pushing down on the key. That's why enterprises push the mini keys where you are tapping into the port which prevents damage. In order for the stolen key to be an issue, The attacker would have to have the login for the computer, login for the specific websites in question because there is no way to pull the website straight from the key, then enter the pin for the key. And they have to do all of that before the Enterprise or user realizes that their computer got stolen and revokes the key. Realistically, The use of any key eliminates the risk of phishing and basically reduces the attack surface from the entire internet in general to a man on the ground who stole your computer and key.
@@williamwchuang Many people use a short USB extension to prevent the USB port leverage problem. That also saves on USB port wear if a person's use case requires plugging/unplugging it daily or more often. That's not to say there isn't real value in the very small keys also. It's great there are several options to cover the different needs.
@@williamwchuang if attack planned and targeted, any keylogger should be able to collect all your pin codes before theft. Having key separate from device will add protection layer from that kind of attack
@@timezonewall Yeah, I originally bought a Yubico key with the wrong usb interface port so I had to get a usb A to usb C conversion extension anyways but yeah I was worried that if I plug/unplug the key too much I might wear it out. I don't worry about wearing out the usb ports on my computer because my computer has like 6 ports.
I emailed yubico asking them what the difference was between Yubikey Personalization Tool and Yubikey Manager. they said the YPT is no longer under active development, whilst the manager is. The manager looks like a dumbed down version though. With the personalization tool, you can auto program keys one after the other if you plug them in back to back.
Thanks for your video! Can I ask. Is it possible to have a 5 series and then a Security Key as back up (to save a bit of money) linking them both to 1password?
I think you should have elaborated more on the OTP aspect. I did not get that at all. Why would you store a time sensitive code on a key? Very confusing to me! Good video though!
My assumption was that the yubikey itself generates the codes on a rolling basis, and by the looks of it you access the keys by scanning the yubikey through the app. An alternative hypothesis is that this is another app that generates OTPs that is not google or Microsoft and by pairing it with the yubikey you can streamline the login somehow. Not sure tho - just speculating
Wow thanks for explaining all of this. You really broke it down. I do have a question on 2FA if anyone could give me some insight. I watched another of Josh’s videos where he states that as backup to losing your key you could have a second key with the same info on it(obviously). I don’t know if Josh, or someone in the comments said the following: as a back up to losing your key (assuming you don’t have a 2nd key) you could have the 2FA settings to allow for a key and and the second option being sms. If you couldn’t Authenticate via key and selected the sms option wouldn’t that defeat the whole purpose of the key? Couldn’t a scammer/hacker have your passcode and then choose the sms option (assuming he had found a way to breach the sms authentication process? I assume I’m forgetting or not understanding a step in the 2FA process. Any info would be much appreciated, thanks in advance.
Out of all 2FA options, sms is the worst. You don't even have to go the passcode and look at your phone. If the person has enough info on you, they can potentially go to your carrier and get a sim card with your number and get the message themselves without having your phone. I would say the 2nd option should be an authenticator app if you don't have a second key.
Another reason to not keep the key plugged into your computer at all times is to prevent accidentally bumping the key and breaking it, since it sticks out of the computer. Hopefully the NFC function would continue to work if that happens.
Appreciate the detailed breakdown! 🧐 Just a small off-topic question: 😅 I have a set of words 🤷♂️. (behave today finger ski upon boy assault summer exhaust beauty stereo over). Not sure how to use them, would appreciate help. 🙏
Great video. I do however disagree with your opinion of using the Flush USB-C key. Since I use my key ALL THE TIME, it would be too inconvenient to use a key that I have to constantly keep plugging into my computer. The Flush key is awesome and stays out of the way. I don't think the purpose of the key is to protect from someone breaking into my house and stealing my computer (with the key installed). I view it as more of a Physical device needed for logging into websites, etc which are all EXTERNAL threats. The convenience is a tradeoff I'm willing to take because the likelihood of someone breaking into my house and stealing my computer is so small that it is worth the risk. Of course, I am on a laptop and it goes with me everywhere I go so that is a factor as well. But thats me.
I get that and I'm willing to be wrong. To me, it makes sense to keep the key plugged in while you're using the computer, but if it stays plugged in the whole time, doesn't that make the whole point of a 2FA key worthless?
@@AllThingsSecured I guess it all depends on each persons individual use case. Thats why there is no single answer. Just giving my perspective to explain why I LOVE the flush USB-C Yubikey. I have all of them but I love the Flush one because I do keep it in my computer ALL the time. But my computer (laptop) is with me everywhere I go. I use it as much as I use my phone. Therefore it is most convenient to use that key. Is there Risk if my laptop were to get stolen (say from my vehicle? YES. There is risk in everything. But as I said previously, I see that risk as minimal because of all of the other steps I have put in place THANKS to you -- Like Double Blind passwords, etc. There is no single answer. I LOVE the yubikey (and maybe place too much trust in it's ability to protect me) but its just one of several layers. I have several laptops all with yubikeys, etc so if one were to become compromised, I can always delete that yubikey from any of my accounts that utilize it. Security is a huge thing for me but SO difficult to maintain. Sun Knudsen has a great channel and he is working on some things that I have been thinking about for several years for more privacy/protection. I am really looking forward to what he is working on. There needs to be a single way to protect all of ones data behind cryptography and I think it can be done. I think it is imperative that people use a combination of A password manager, 2FA, Double Blind passwords, Yubikeys and even secure hard drives such as the Apricorn Aegis Fortress L3 FIPS 140-2 Level 3 Encrypted Portable Hard Drive. I have multiple backups in case one fails. But THANKS to people like you who are always providing ideas to help the rest of us!!!!!!!!
For a computer that never leaves the house, I can understand it. I still wouldn't since I'd like something that works on my phone as well. I wouldn't leave it permanently in. For laptops that you take along I'd personally find it a bit too fishy. I'm hoping for a nano bio version with a sensor similar to the fingerprint sensor of smartphones who have it on the on/off button.
Perfectly reasonable based on your own risk assessment. Granted, most of us don't need the likes of a hardware security key in general. That being said when I worked uniformed security I'd see, on a fairly regular basis, computers unlocked, unattended, and with security keys in place. I used to just lock the screens and move on and sometimes wait for the owner to return and remind them to secure their screens. It'd take very little for a competent thief to see such and make off with said laptops but that never happened , thankfully.
I can see a use for those nanos. If you have a very low crime rate where you live, and you only really have 2FA to protect your accounts from getting hacked from other sources, then that seems ideal to me. This isn't me, but I know people who this would apply to. People who are annoyed that they need to use their auth app while not having any high risk accounts.
I use a pc and an iPad on pretty much a 50/50 basis. The way Yubico configures its range means that, practicably speaking, I need two Yubikeys (AND two backups!). At £80 pounds each, that’s waaaaaaaayyyyyyyyy too much money. Will need to stick, for now (actually, for quite a while, I think) to the ol’ email code confirmation method of 2FA.
@@AllThingsSecured you can change the key on it, you should make a video on it for the people that would like to save money and have the best security. theres also yubikey genuine check.
Hi, thanks for the informative video. I have some questions about the 5 Series and the Security Series. I'm not at all tech-savvy. As an Apple user mainly (laptop and Iphone), if I get the Security Key NFC, I should go for the one with USB-C right? As USB-C should fit the thunderbolt port? Does the YubiKey 5Ci not come with NFC? Why is it the most expensive in the 5 series but with fewer functions? I assume that the lightning connector is helpful to plug into the iphone, but why would I need to plug it in when I can get the cheaper 5C NFC version? I'm kinda confused. Thanks!
Please can you do a single video ONLY about how to use the "YubiKey 5C" key? Every video that I've seen rushes along without focusing and giving direct advice. The YubiKey product range is too convoluted and confusing. I just need one video about this one item.
REALLY small point, but you have the USB's the wrong way around for the Security Key's at 4:54. Great video as always - appreciate the emails you send through too. They're not spammy at all, they're always interesting and I always take the time to read them.
I’m still somewhat confused. Can I use the same key on multiple devices and can I have multiple keys for all those devices? If I heard you correctly, you said that NFC Security Keys work with iPads, yet Apple says iPads don’t support NFC. My iPad has a lightning port but I may not always have a tablet with that type of charging port. So, future port compatibility is of concern to me. Thanks for your security information.
That is a big NO 😂 There is no way on earth I would trust a Chinese brand not to be required by the government to monitor and keep some kind of back door on the key. For those reading this comment…DO NOT buy a Feitian key, period.
@allthingscsecure Would the Yubikey 5 nfc work with an nfc reader plugged into my PC via USB? This would allow me to just tap the Yubikey on the nfc reader and not have to plug the key into my computer.
NFC = Near-field communication. The C is communication, not connection. Connection here also is the completely wrong term to use since nothing connects, there is just a simple communication. Especially when it comes to security the small details matter a lot so you should get the basics right!
Hi Josh thank you for the great videos. I have a question, should I keep all the 2FA (like 2FA app. and sms otp) options in my accounts if I have a physical security key (Yubikey) or should I delete them and only have physical security as 2FA?
Hey Josh Great video! I have a question - do you think it is worth it to transfer all my 2fa codes from authy to the yubico authenticator app, for the benefit of using the yubikey on services that does not support it natively? I have been using authy for a few years now, but since I bought the yubikey I have been thinking of making the move... What would you do?
If you’re using and enjoying Authy, then I don’t see any benefit to changing unless it’s just important to you. You could also set it up on both Authy and Yubikey as a backup.
My wife and I have 2 iPhones. Each phone has its own Apple ID. Can we use the same hardware keys? 2 total. Or do we need to buy 2 for Each phone? 4 total? Thanks
I'm still confused about the Security Series vs the 5 series with the OTPs. I have accounts that send a OTP. So only the 5 series will work with that? I don't use authenticator apps at this point (still learning). I'm looking to secure some financial accounts, my Google and Microsoft account, and phone (which doesn't have NFC). Will the Security Series do that?
Living in Thailand (other questions about that) and about to order direct from Yubikey and saw the SiamBC dialog box that carries Yubikey but also see the comment below that buy direct and not third party? Thoughts on SiamBC?
Would be interested to know where the data goes from the bio series... by the looks of this video, the bio series works through an app. Could they be harvesting that data??
Very informative, thank you! There are things I really don’t understand. I would’ve liked the FIPS variant but reading it only has firmware 5.4 (today) makes it impossible to store more than 32 potp sites at once. The Yubikeys with firmwares 5.7+ can store up to 100 (if I remember the amount correctly). Why isn’t there a FIPS variant with firmware that allows for more mobile authenticator based password storage?
I saw from Reddit that people saying that the baseline security key from yubico is more than enough for most users. Is that correct? I’m looking to get couple of these but in tight budget, maybe I should just go for the baseline first?
What if you have a Yubikey and you lose/break it? Do you have to reset all your 2FA logins, or can it be recovered to a new, blank key? And on a related note, can you have two Yubikeys at the same time (one that you use and one for backup purposes) that are interchangeable?
People who choose a Fido key typically have more than one, and register at least two with each service that supports them. If you lose or break one, you can use the spare instead. Log in and remove the lost/stolen/broken key from the service, and purchase a replacement. If you only have one Fido key, then make sure the service allows alternative ways to log in without the key. Google, Twitter, Microsoft, and others let you generate a one-time-use emergency password. Keep that on file should the worst occur, and you can still get in and remove Fido key functionality until you can get a replacement. In my opinion, a TOTP authenticator app is cheaper and less of a hassle. Fido keys are more secure, but they have unique drawbacks which can hamstring things even if there is no theft involved.
Always back up your key with another key or a different kind of 2FA backup (codes, authenticator, etc). And yes, you can use the same key for as many accounts as you want.
Almost all websites will allow you to register multiple security keys. I believe that Twitter only allows you to have one. All websites will give you the option to print out one time backup codes that will get you in the door. You should keep those passwords somewhere safe either at your office in your car or at home. You should also use a backup key or set up OTP.
@@neuideas a security key is so much easier to use than OTP. I just have to plug in the key and just keep tapping for the rest of the day instead of having to keep pulling out my phone and entering the key codes.
@@williamwchuang I disagree. A Fido key can be misplaced, malfunction, physically break, or the USB port on the computer could be buggy or nonfunctional. Maybe you simply left the key somewhere else, and you can't get to it right now. This can make things very inconvenient. TOTP codes, on the other hand, can be generated in a variety of ways, and don't necessarily require you to have a tablet or phone handy. They are cheaper to back-up, and they are more ubiquitous than Fido key functionality. If you require the level of security a Fido key provides, then have at it. Just be aware of its shortcomings, and be prepared for the worst.
I already use 2FA from having set up an authenticator app. I am in the process of getting important accounts set up with OTP. So, is there any point in adding another layer via Yubikey? I travel a lot and am a computer nincompoop. Please make a video on this context.
Hey great video, I have a question though: I don't own a smartphone and don't have access to apps. Some websites that I have an account with are requiring MFA now and so I am looking into getting a Security key. Which one do you recommend I buy out of the one's that you have talked about?
Hi. I have a Serie 5C NFC and am looking to buy a backup one but preferably less expensive. I only work on Apple ecosystem (Mac Mini, iPad Pro M1 2021, iPad Pro 2020 and iPhone 13). Which model would you recommend? I want it to work with the new Apple ID feature on iOS 16.3 (main reason why I’m buying a second one). Love your videos. Thanks!
Cool, perfect. That explains why their Security Key, which was blue, is now black and as “coming soon” in their website. Do you know what will change? Or will it be more or less the same?
I’m glad you made this video. Could you help me out, which one should I get? Since it would be for social media/ blog, and Android/ iOS devices. Is there one key that can support iOS, and Android devices? So can you kindly share with me the Amazon link. P.s. How different is OTP? Compare to other options it offers, since I got a bit confused, when you where trying to explain…
I’m not sure if this’s what you meant by OTP, as in one time you authenticate the social media handle, and other devices, and you don’t need to login every time. And if someone tries login; they would need the security key in order to login?
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
I'll do my best to answer any questions in the comments here. Get the latest deals on Yubico security keys using this link (affiliate): geni.us/yubico-store
how many devices can I use the security key and 5 series?
Thanks! Just ordered 2 of the 5 series.
To me If my Yubico key got stolen how on earth are they going to know it's mine? For the Bio Yubico key what makes you think they can't just copy your fingerprint off the key? In reality hackers are not going to guess your password but bypass whatever security it has. In reality the hardware key isn't 100% random, but it could be good enough. What happens if I can't find either of my 2fA keys? Am I just out of luck?
Great video! Check this affiliate link - it may be broken.
I originally thought l needed the Yubikey Bio to take with me so if I lost it or it were stolen the Bio feature would keep it locked. It turns out you can set a PIN on any of the Yubikey 5 series so every time you use it, you have to enter the PIN. This means that if you lose your Yubikey, it is useless to anyone without the PIN. If you enter the wrong PIN too many times the key locks and must be Factory reset. This also means you can leave a Yubikey nano or micro plugged into your machine and it is still secured by the PIN. You will, of course, have to remember the PIN and you will want to store it in a safe place in case your forget.
The MOST important tip: Buy 2 security keys so you can keep one as a backup in a safe location. You MUST plan for how you will recover you accounts should you lose a key or forget a password. A second key that is also keyed to all your accounts, is the best way to recover. A failure to plan, is a plan to fail.
This video helped me. However I was still left scratching my head at the end. I watched it 3 times but never heard anything that talked about what the difference was between the 5 series and the 5 FIPS.
I’m going to have to find other videos for that info.
You’re videos are always very informative and to the point. I do feel like you go a little fast sometimes and miss opportunities to provide just a little more info.
I only recently found your channel and have been binging all videos for over a week now.
Thank you for all you do.
same question here
@@daneshskater101the FIPS key is basically the best key only for people working in (US) government, for everyone else non-FIPS is the way to go.
What @@vidareggum6118 said 🙂
I was just about to order such a device from Amazon but decided to watch ONE MORE video (yours) on the topic, and I was very happy to discover you offered an affiliate link. Having been a fan of yours for some time now, I am more than happy to give your channel the credit for the sale than Amazon.
Thanks so much!
@@AllThingsSecured Ordered 2 ... one for me and my best friend (a Vietnam vet and retiree ... and who wrote and led the tours --- back in the day --- for the Washington Monument interior stairs and the basement tour of the Lincoln Memorial ) BUT who was recently scammed and lost significant funds. EVEN SO, he cut the scammers and their threats off and indeed called his bank and the police. PLEASE -- EVERYONE --- DO ---NOT --GIVE IN - TO THE THREATS. CALL YOUR BANK AND CALL THE POLICE
Always buy directly from the vendor and not a 3rd party.
@@AllThingsSecured I am confused, I will be working from home and sometimes my local library. I also have a Editor (limited) for my channel. Which one do I need?
@@AyCee21 if i buy from amazon but through the yubikey store...would you still consider that from the vendor? or do you still think thats a bit sketchy?
I think the idea behind the nano is that it makes it more appealing for those who focus on preventing hacks.
For example I'd rather have a small almost unnoticeable key plugged in my laptop that stays at home 24/7 instead of having a pen-drive sticking out of my port
That and form factor is a consideration. Some people prefer to have a laptop bag form factor.
That's where I am. I'm more worried about crackers and compromised passwords than anything else. As I'm a smartphone refusenik, yubikey makes a lot of sense - but the number of sites that directly support yubikey is VERY small. Most of the sites I use that even allow 2FA are all about the PHOOOOOONNE, which is a complete non-starter for me.
So if your laptop is stolen the nano is stolen as well.
That's VERY true, one of my clients had her laptop stolen. As her backup drive was with it, it was stolen too. But - a desktop at home is far less likely to be stolen, AND you can unplug the yubi when you're not home.
@@KrypteiaXi Doesn't matter much as long as the thief doesn't know your passwords
NFC stands for Near Field Communication. Not Connection. It was created in 2003 by merging contactless payment systems by NXP and Sony that were used by Moscow Metro, Japan Rail East and Hong Kong MTR.
Thanks for that. Was about to post a comment saying the same thing. A year late.
I’m reading this even later. That is good info!
Great video. As an accountant 2fa keys are an important part of my workplace information security plan. I highly recommend them to all accountants.
brilliant video! I have 2 Yubikey 5-series and will also use them now for 1-time codes where platforms don't allow for keys!
Yes! It’s a great system. Glad it was helpful!
This Yubico YubiKey 5 NFC review is fantastic! Two-factor authentication is a must these days, and this security key seems like a top-notch solution. Your comprehensive review and demonstration really helped me understand how it works and why it's so important for online security. It's great to know that it supports NFC, making it even more convenient. Thanks for shedding light on this essential tool for safeguarding our digital lives! 🔐💻👏
Very informative. I had no idea which to choose. Thanks!
One use case for the nano is a desktop computer that stays at home. You would probably plug it in to a USB hub so you could reach it easily from your desk, and that way, even if someone were to break in to your home and steal your computer, they probably would unplug all of the cables from the back and wouldn't take the key.
Really? This still makes not much sense.
Keys are keys, they belong in a safe place. 😉
@@Waldemar_la_Tendresse Yes, my home is a safe place.
@@GraysonCarr
That's probably weveryone thinks. 😅
Nice to hear that you feel safe though.
NFC DOES NOT WORK ON IPADS! And the fingerprint does not make the 5 bio series anyway more secure than the 5 series because it can always be bypassed by a pin. You can also add a pin to the 5 series, making it as safe as the bio.
@@jjmmfi
What is the maximum length of the PIN (in characters)?
I mean, I could read the 160 pages of the spec document, but this seems simpler. 😆
Thank you for your videos. Just ordered the simple 2FA authentication through your link. Best Wishes to you.
Your communication skills are marvelous.
Thanks, Ryan.
You are missing something - yubikey does not have to protect against physical attacks. It can be used as a key and then it will do so, but even if you keep it permanently connected it perfectly protects you against phishing websites, which is the only danger that nothing else can protect us nearly as great as yubikey.
If it doesn’t have to protect against physical attacks, then the Bio would have never been developed.
We agree, however, on the fact that whether it’s permanently plugged in or kept on your keychain, it is an exceptional protection against phishing attacks.
@@AllThingsSecured The FIDO2 standard requires a login before the key is even queried, then you still need to enter a PIN to unlock the key before you tap. Leaving a regular key plugged in all day can damage the USB port because of the leverage of pushing down on the key. That's why enterprises push the mini keys where you are tapping into the port which prevents damage. In order for the stolen key to be an issue, The attacker would have to have the login for the computer, login for the specific websites in question because there is no way to pull the website straight from the key, then enter the pin for the key. And they have to do all of that before the Enterprise or user realizes that their computer got stolen and revokes the key. Realistically, The use of any key eliminates the risk of phishing and basically reduces the attack surface from the entire internet in general to a man on the ground who stole your computer and key.
@@williamwchuang Many people use a short USB extension to prevent the USB port leverage problem. That also saves on USB port wear if a person's use case requires plugging/unplugging it daily or more often. That's not to say there isn't real value in the very small keys also. It's great there are several options to cover the different needs.
@@williamwchuang if attack planned and targeted, any keylogger should be able to collect all your pin codes before theft.
Having key separate from device will add protection layer from that kind of attack
@@timezonewall Yeah, I originally bought a Yubico key with the wrong usb interface port so I had to get a usb A to usb C conversion extension anyways but yeah I was worried that if I plug/unplug the key too much I might wear it out. I don't worry about wearing out the usb ports on my computer because my computer has like 6 ports.
I emailed yubico asking them what the difference was between Yubikey Personalization Tool and Yubikey Manager. they said the YPT is no longer under active development, whilst the manager is. The manager looks like a dumbed down version though. With the personalization tool, you can auto program keys one after the other if you plug them in back to back.
Thanks for your video! Can I ask. Is it possible to have a 5 series and then a Security Key as back up (to save a bit of money) linking them both to 1password?
Great video. I have been trying to figure out the differences in keys and they was a nice summary. Thanks.
My pleasure, Mike!
I think you should have elaborated more on the OTP aspect. I did not get that at all. Why would you store a time sensitive code on a key? Very confusing to me! Good video though!
agree-- I was confused on that
My assumption was that the yubikey itself generates the codes on a rolling basis, and by the looks of it you access the keys by scanning the yubikey through the app.
An alternative hypothesis is that this is another app that generates OTPs that is not google or Microsoft and by pairing it with the yubikey you can streamline the login somehow. Not sure tho - just speculating
Not stored! Generated.
Simple and easy to understand, the best video on this topic!
Glad it was helpful!
Wonderful. Finally I found a video that expose the info clearly. Tks, obrigadooo
Bro, thanks for the clear and concise explanation. The best!!!!
My pleasure!!
Very properly comprehensive video. Well done!
Need to read all the 1 Star on Amazon before ordering.
Really informative vid💯. Dont think usb A will be elimated from laptops for now as most accessories use it
Wow thanks for explaining all of this. You really broke it down.
I do have a question on 2FA if anyone could give me some insight. I watched another of Josh’s videos where he states that as backup to losing your key you could have a second key with the same info on it(obviously). I don’t know if Josh, or someone in the comments said the following: as a back up to losing your key (assuming you don’t have a 2nd key) you could have the 2FA settings to allow for a key and and the second option being sms. If you couldn’t Authenticate via key and selected the sms option wouldn’t that defeat the whole purpose of the key? Couldn’t a scammer/hacker have your passcode and then choose the sms option (assuming he had found a way to breach the sms authentication process?
I assume I’m forgetting or not understanding a step in the 2FA process. Any info would be much appreciated, thanks in advance.
Out of all 2FA options, sms is the worst. You don't even have to go the passcode and look at your phone. If the person has enough info on you, they can potentially go to your carrier and get a sim card with your number and get the message themselves without having your phone. I would say the 2nd option should be an authenticator app if you don't have a second key.
Very useful thank you. I now know which one to get. Thanks!
Your video answered my question. Thank you!
does your advice still stand up for 2024 or there is other better updated security key? good video btw. your fan now. thanks
Thank you a lot for clear explanation, because I got lost in their variety 😂
Glad I could help!
Another reason to not keep the key plugged into your computer at all times is to prevent accidentally bumping the key and breaking it, since it sticks out of the computer. Hopefully the NFC function would continue to work if that happens.
Appreciate the detailed breakdown! 🧐 Just a small off-topic question: 😅 I have a set of words 🤷♂️. (behave today finger ski upon boy assault summer exhaust beauty stereo over). Not sure how to use them, would appreciate help. 🙏
Great video, thank you very much for explanation ❤
Great video. I do however disagree with your opinion of using the Flush USB-C key. Since I use my key ALL THE TIME, it would be too inconvenient to use a key that I have to constantly keep plugging into my computer. The Flush key is awesome and stays out of the way. I don't think the purpose of the key is to protect from someone breaking into my house and stealing my computer (with the key installed). I view it as more of a Physical device needed for logging into websites, etc which are all EXTERNAL threats. The convenience is a tradeoff I'm willing to take because the likelihood of someone breaking into my house and stealing my computer is so small that it is worth the risk. Of course, I am on a laptop and it goes with me everywhere I go so that is a factor as well. But thats me.
I get that and I'm willing to be wrong. To me, it makes sense to keep the key plugged in while you're using the computer, but if it stays plugged in the whole time, doesn't that make the whole point of a 2FA key worthless?
100% agree on this and I have the same setup for my desktop.
@@AllThingsSecured I guess it all depends on each persons individual use case. Thats why there is no single answer. Just giving my perspective to explain why I LOVE the flush USB-C Yubikey. I have all of them but I love the Flush one because I do keep it in my computer ALL the time. But my computer (laptop) is with me everywhere I go. I use it as much as I use my phone. Therefore it is most convenient to use that key. Is there Risk if my laptop were to get stolen (say from my vehicle? YES. There is risk in everything. But as I said previously, I see that risk as minimal because of all of the other steps I have put in place THANKS to you -- Like Double Blind passwords, etc. There is no single answer. I LOVE the yubikey (and maybe place too much trust in it's ability to protect me) but its just one of several layers. I have several laptops all with yubikeys, etc so if one were to become compromised, I can always delete that yubikey from any of my accounts that utilize it. Security is a huge thing for me but SO difficult to maintain.
Sun Knudsen has a great channel and he is working on some things that I have been thinking about for several years for more privacy/protection. I am really looking forward to what he is working on. There needs to be a single way to protect all of ones data behind cryptography and I think it can be done. I think it is imperative that people use a combination of A password manager, 2FA, Double Blind passwords, Yubikeys and even secure hard drives such as the Apricorn Aegis Fortress L3 FIPS 140-2 Level 3 Encrypted Portable Hard Drive. I have multiple backups in case one fails. But THANKS to people like you who are always providing ideas to help the rest of us!!!!!!!!
For a computer that never leaves the house, I can understand it. I still wouldn't since I'd like something that works on my phone as well. I wouldn't leave it permanently in.
For laptops that you take along I'd personally find it a bit too fishy. I'm hoping for a nano bio version with a sensor similar to the fingerprint sensor of smartphones who have it on the on/off button.
Perfectly reasonable based on your own risk assessment.
Granted, most of us don't need the likes of a hardware security key in general. That being said when I worked uniformed security I'd see, on a fairly regular basis, computers unlocked, unattended, and with security keys in place. I used to just lock the screens and move on and sometimes wait for the owner to return and remind them to secure their screens. It'd take very little for a competent thief to see such and make off with said laptops but that never happened , thankfully.
Outstanding explanation. Thanks for sharing.
Good info
Thanks 🙏
Thank you. Great info!
Glad it was helpful!
I really have to get one
thanks for the details.
Great video!
To the creator: At 5:00 the graphic you are showing has the blue ones on the left mislabeled (A vs C).
I can see a use for those nanos. If you have a very low crime rate where you live, and you only really have 2FA to protect your accounts from getting hacked from other sources, then that seems ideal to me. This isn't me, but I know people who this would apply to. People who are annoyed that they need to use their auth app while not having any high risk accounts.
I keep my key on me at all times and I don’t get asked to plug it in but once a month, so it’s not too inconvenient to me.
Very helpful! Thanks.
I use a pc and an iPad on pretty much a 50/50 basis. The way Yubico configures its range means that, practicably speaking, I need two Yubikeys (AND two backups!). At £80 pounds each, that’s waaaaaaaayyyyyyyyy too much money. Will need to stick, for now (actually, for quite a while, I think) to the ol’ email code confirmation method of 2FA.
Why do you need Four keys? Two Should be enough than?
bought mine on ebay used for about 55$ for two of them. well worth it. i dont think its a security risk buying used
Maybe not, but it’s not something I recommend.
@@AllThingsSecured you can change the key on it, you should make a video on it for the people that would like to save money and have the best security. theres also yubikey genuine check.
Unfortunately, iPads don't have NFC capability. This is good to keep in mind when selecting the key, and deciding on an adapter.
Thanks.
Nicely done, and thanks for publishing this with Spanish subtitles. (Like # 326)
My pleasure, Pedro!
Hi, thanks for the informative video. I have some questions about the 5 Series and the Security Series. I'm not at all tech-savvy.
As an Apple user mainly (laptop and Iphone), if I get the Security Key NFC, I should go for the one with USB-C right? As USB-C should fit the thunderbolt port?
Does the YubiKey 5Ci not come with NFC? Why is it the most expensive in the 5 series but with fewer functions? I assume that the lightning connector is helpful to plug into the iphone, but why would I need to plug it in when I can get the cheaper 5C NFC version? I'm kinda confused.
Thanks!
thank you!
Please can you do a single video ONLY about how to use the "YubiKey 5C" key? Every video that I've seen rushes along without focusing and giving direct advice. The YubiKey product range is too convoluted and confusing. I just need one video about this one item.
Thanks for the idea!
Great video..I don't own a pc..would still be able to use 5c with my phone only...ty
This is useful and narrows things down for me.
You and others often recommend getting 2 of these keys. Is it ok to get the exact same spec for both?
Yes, you can get the exact same key or a different one. It doesn't matter as long as it fits most of the devices that you use.
@@AllThingsSecured
Ta
I own 3 Titan Secure Keys from Google . 2 USB A-NFC models and 1 USB C-NFC model
I’ve used those before too. Not too bad. What do you think?
REALLY small point, but you have the USB's the wrong way around for the Security Key's at 4:54.
Great video as always - appreciate the emails you send through too. They're not spammy at all, they're always interesting and I always take the time to read them.
Ha! Sure enough - stupid editing mistake on my part.
I believe protonmail now allows hardware keys
Yes, they do now. Thanks for the feedback.
I’m still somewhat confused. Can I use the same key on multiple devices and can I have multiple keys for all those devices? If I heard you correctly, you said that NFC Security Keys work with iPads, yet Apple says iPads don’t support NFC. My iPad has a lightning port but I may not always have a tablet with that type of charging port. So, future port compatibility is of concern to me.
Thanks for your security information.
Awesome!!
2yrs on now, what would you recommend? The same thing still?
the Nano is meant for server halls where burglers dont have access too.. to easy type admin pw for root config etc.
At 4:05 all the places you would use Yubikey - how about that new product that's all the rage, I believe it's called....wait a minute....a Desktop ? 😏
BEST 2FA Key for Security I purchased a Feitian Bio and 2 ID brand and they were cheaper than Yubikey
That is a big NO 😂 There is no way on earth I would trust a Chinese brand not to be required by the government to monitor and keep some kind of back door on the key. For those reading this comment…DO NOT buy a Feitian key, period.
@allthingscsecure
Would the Yubikey 5 nfc work with an nfc reader plugged into my PC via USB? This would allow me to just tap the Yubikey on the nfc reader and not have to plug the key into my computer.
Thanks, Josh~
You bet!
Question, can you do a how to reset your Yubikey video? Mine locked me out due to forgetting the PIN.
Storing openpgp on the yubikey sounds good, how does it works! Do you have a Video about it?
Do Yubikeys have batteries or anything that may need to be replaced?
Great video
Thanks.
Why is Yubikey the best? Isn't it proprietary? Would an open source product be preferable? Why should we rely on Yubikey?
Well done, question: will a strong password suffice?
NFC = Near-field communication. The C is communication, not connection. Connection here also is the completely wrong term to use since nothing connects, there is just a simple communication.
Especially when it comes to security the small details matter a lot so you should get the basics right!
Hi Josh thank you for the great videos. I have a question, should I keep all the 2FA (like 2FA app. and sms otp) options in my accounts if I have a physical security key (Yubikey) or should I delete them and only have physical security as 2FA?
I deleted the SMS/Phone yes
@@DgamesJ I delete it to but I was wondering about Authenticator App OTP, should I delete this one to from every account or not?
Good video
hi...If im not mistaken one time passcodes are 2FA for sites such as crypto exchanges...that would eliminate the base level key...?
I am confused, I will be working from home and sometimes my local library. I also have a Editor (limited) for my channel. Which one do I need?
Hey Josh Great video! I have a question - do you think it is worth it to transfer all my 2fa codes from authy to the yubico authenticator app, for the benefit of using the yubikey on services that does not support it natively? I have been using authy for a few years now, but since I bought the yubikey I have been thinking of making the move... What would you do?
If you’re using and enjoying Authy, then I don’t see any benefit to changing unless it’s just important to you. You could also set it up on both Authy and Yubikey as a backup.
My wife and I have 2 iPhones. Each phone has its own Apple ID. Can we use the same hardware keys? 2 total. Or do we need to buy 2 for Each phone? 4 total? Thanks
You can use two. I would set it up where you keep one and your wife keeps one, each having a backup for each other.
I'm still confused about the Security Series vs the 5 series with the OTPs. I have accounts that send a OTP. So only the 5 series will work with that? I don't use authenticator apps at this point (still learning). I'm looking to secure some financial accounts, my Google and Microsoft account, and phone (which doesn't have NFC). Will the Security Series do that?
Living in Thailand (other questions about that) and about to order direct from Yubikey and saw the SiamBC dialog box that carries Yubikey but also see the comment below that buy direct and not third party? Thoughts on SiamBC?
Would be interested to know where the data goes from the bio series... by the looks of this video, the bio series works through an app. Could they be harvesting that data??
Very informative, thank you!
There are things I really don’t understand. I would’ve liked the FIPS variant but reading it only has firmware 5.4 (today) makes it impossible to store more than 32 potp sites at once. The Yubikeys with firmwares 5.7+ can store up to 100 (if I remember the amount correctly).
Why isn’t there a FIPS variant with firmware that allows for more mobile authenticator based password storage?
Now Proton supports Yubikey
I know! That’s awesome.
What other brands could I buy something similar, or what other cheap options do I have?
I DID NOT WATCH THE WHOLE VIDEO BUT CAN YOU USE THESE KEYS WITH MULTIPLE THINGS LIKE ALL IN ONE ?
I saw from Reddit that people saying that the baseline security key from yubico is more than enough for most users. Is that correct? I’m looking to get couple of these but in tight budget, maybe I should just go for the baseline first?
Can I use both a yibikey security key USB and usb C together for all my accounts? Keep one for backup.
muy bien explicado
Gracias 🙏
As of 24 June 2021, Bank of America now permits YubiKeys to be used for 2FA.
What if you have a Yubikey and you lose/break it? Do you have to reset all your 2FA logins, or can it be recovered to a new, blank key? And on a related note, can you have two Yubikeys at the same time (one that you use and one for backup purposes) that are interchangeable?
People who choose a Fido key typically have more than one, and register at least two with each service that supports them. If you lose or break one, you can use the spare instead. Log in and remove the lost/stolen/broken key from the service, and purchase a replacement.
If you only have one Fido key, then make sure the service allows alternative ways to log in without the key. Google, Twitter, Microsoft, and others let you generate a one-time-use emergency password. Keep that on file should the worst occur, and you can still get in and remove Fido key functionality until you can get a replacement.
In my opinion, a TOTP authenticator app is cheaper and less of a hassle. Fido keys are more secure, but they have unique drawbacks which can hamstring things even if there is no theft involved.
Always back up your key with another key or a different kind of 2FA backup (codes, authenticator, etc). And yes, you can use the same key for as many accounts as you want.
Almost all websites will allow you to register multiple security keys. I believe that Twitter only allows you to have one. All websites will give you the option to print out one time backup codes that will get you in the door. You should keep those passwords somewhere safe either at your office in your car or at home. You should also use a backup key or set up OTP.
@@neuideas a security key is so much easier to use than OTP. I just have to plug in the key and just keep tapping for the rest of the day instead of having to keep pulling out my phone and entering the key codes.
@@williamwchuang I disagree. A Fido key can be misplaced, malfunction, physically break, or the USB port on the computer could be buggy or nonfunctional. Maybe you simply left the key somewhere else, and you can't get to it right now. This can make things very inconvenient.
TOTP codes, on the other hand, can be generated in a variety of ways, and don't necessarily require you to have a tablet or phone handy. They are cheaper to back-up, and they are more ubiquitous than Fido key functionality.
If you require the level of security a Fido key provides, then have at it. Just be aware of its shortcomings, and be prepared for the worst.
After you set your security key app, you need this to unlock your phone or is it just pass code?
Great video. Thanks!
We have a computer on factory floor that is shared. Can one key accomodate multiple users?
If all those users have access to the same key, then yes. You can also configure multiple keys to sign into the same account/device.
I already use 2FA from having set up an authenticator app. I am in the process of getting important accounts set up with OTP. So, is there any point in adding another layer via Yubikey? I travel a lot and am a computer nincompoop. Please make a video on this context.
If that have add pad manager built in it was super but it is too much priced though
Hey great video, I have a question though: I don't own a smartphone and don't have access to apps. Some websites that I have an account with are requiring MFA now and so I am looking into getting a Security key. Which one do you recommend I buy out of the one's that you have talked about?
Hi. I have a Serie 5C NFC and am looking to buy a backup one but preferably less expensive. I only work on Apple ecosystem (Mac Mini, iPad Pro M1 2021, iPad Pro 2020 and iPhone 13). Which model would you recommend? I want it to work with the new Apple ID feature on iOS 16.3 (main reason why I’m buying a second one). Love your videos. Thanks!
If you wait for a bit, they’re coming out with a new version of their cheaper Security Key series which should be exactly what you need.
Cool, perfect. That explains why their Security Key, which was blue, is now black and as “coming soon” in their website. Do you know what will change? Or will it be more or less the same?
Is fingerprint more or less secure than having to put in a code and touch a button???
How about securing password managers like Keepass / Bitwarden, will the standard ones work or is a YubiKey 5 series necessary as well?
No, a 5 series isn’t required. You can secure any password manager with their lower cost Security Key series.
I have an NFC yubikey. when I use it it just wants to open Safari instead of authenticating Yubico Authenticator like I see on you video. Any ideas?
I worked it out.
So I can use a usb c key w an adapter in my pc (usb a) ?
I’m glad you made this video. Could you help me out, which one should I get? Since it would be for social media/ blog, and Android/ iOS devices. Is there one key that can support iOS, and Android devices? So can you kindly share with me the Amazon link.
P.s. How different is OTP? Compare to other options it offers, since I got a bit confused, when you where trying to explain…
5:11 is this one end for IOS, and the other end for Type-C aka for Android devices, and laptop? Is this one key device for both mobile brands?
I’m not sure if this’s what you meant by OTP, as in one time you authenticate the social media handle, and other devices, and you don’t need to login every time. And if someone tries login; they would need the security key in order to login?