How to Choose the BEST 2FA Key for Security (Yubikey)

00:00

Yubikey is considered the best security key on the  market right now, and no, they’re not paying me to  

00:05

say that. But one of the most common questions  I get from people who are looking to buy a 2FA  

00:09

security key is this: which one should I buy? Do  you need the Security Key Series or the 5 Series?  

00:15

Do you need NFC? Fingerprint authentication?  What about the 5C, the 5C Nano or the 5Ci?

00:22

If you’re confused, you’re not alone, but by  the end of today’s video, I promise you’ll know  

00:26

exactly which 2FA key is right for you and more  than likely, you’ll save a bit of money as well.

00:35

My name is Josh, this is All Things Secured,  

00:37

and I’m going to assume you already know  what a 2FA key is and what it’s used for.  

00:41

The point of this video is strictly to help  you choose the right key for your situation.

00:46

And in the case of Yubikey, we’re talking about a  choice among the entry level Security Key series,  

00:51

the Bio Series, the 5 Series and the highest  standard 5 FIIPS Series. And spoiler alert  

00:57

if you’re the kind of person who  doesn’t watch a video to the end,  

01:00

you’re probably going to want  to purchase one of these 4 keys.

01:03

Ok, this shouldn’t take long,  

01:05

but let’s break it down into three simple  questions you need to answer for yourself.

01:09

First, do you need the ability to create or use  secure one-time passcodes? While every Yubikey  

01:16

can be used as a hardware security token, only  the Yubikey 5 and 5 FIPS series allows you to  

01:22

use the key to store codes that you would  normally get from an authenticator app.

01:26

Why does this matter? Well, let’s say that you  have an account you want to secure that only works  

01:30

with authenticator apps, not physical security  keys. And believe it or not, there’s still quite  

01:37

a few companies out there who don’t yet support  2FA hardware keys. For example, I can’t use this  

01:43

key to secure my ProtonMail account, at least  at the time I’m recording this video, but they  

01:48

do allow me to secure with a time-based one-time  passcode from an app like Google Authenticator.

01:55

What most people don’t know is that Yubikey also  has its own authenticator app and certain keys  

02:00

can store these one-time passcodes or OPT that  the app then decodes. I can either plug it in or,  

02:07

if it’s an NFC key, just tap it on my  phone and the codes appear like magic.  

02:12

Like I said, this only works with the Yubikey 5  series, not the Bio or the Security Key series,  

02:18

but if you’re one of those people  who fears that Google might be using  

02:21

their authenticator app to link your mobile device  to your identity, this is a solution that works.

02:27

Do you need to create secure one-time passcodes?  

02:30

Then go with the 5 series. Are you  ok still using Google Authenticator,  

02:34

Authy or some other authenticator app? Then save  some money and go with the Security Key series.

02:40

Second question: do you need extended  authentication support? Usually this only applies  

02:46

to businesses, with stuff like smart card support  or to those who are incredibly privacy conscious  

02:52

with the OpenPGP for email. If none of that makes  sense to you, then you probably don’t need it.

02:57

Or if you fear somebody stealing your key and  using it without your permission, extended  

03:02

authentication in the form of a fingerprint  sensor might be appealing to you. That’s where  

03:06

this Bio series comes in handy. Unlike pretty  much any other 2FA key on the market, the Bio  

03:10

series from Yubikey allows you to configure your  fingerprint so that only you can use your key.  

03:15

It’s like setting up 2 factor authentication  on top of your 2-factor authentication.

03:20

Honestly, it’s overkill for most individuals  

03:23

but possibly a very attractive  option for business enterprise use.

03:26

So hopefully by now you understand which series  is right for you. Generally speaking, the  

03:31

Bio, 5 series and 5 FIPS series are meant for  businesses to use, while the Security key series  

03:37

is for individual consumers. You would probably  do great using the Security Key series if you  

03:41

want - and it will save you some money. I use the  5 series personally, but that’s only because I  

03:48

care about being able to store one-time passcodes  and OpenPGP. I realize that might not be you.

03:55

Well that leads us to our final question:  Where will you be using your security key?

03:59

Take a moment to consider all the places where  you might use 2 factor authentication. Your phone.  

04:04

Your laptop. Your spouse’s laptop. Your tablet  device. Which plug covers you on the most devices?  

04:11

And remember, you can always carry around an  adapter as well. Do you prefer an old-school USB,  

04:19

which is formally named the USB-A and looks like  this? In my case, I need a USB-C, which is quickly  

04:25

becoming the standard for all newer computers,  along with the NFC or near field connection, which  

04:30

I use on my mobile device. When you see those  letters NFC, just know that this is the technology  

04:35

that allows you to tap the key on the back of your  phone instead of plugging it in. The NFC works on  

04:41

iPads, iPhones, Samsung, Google Pixel…pretty  much any modern mobile device out there.

04:45

The Bio series is the only one that doesn’t  offer an NFC version, so for this reason  

04:50

I’d only seriously be considering one  of these four options highlighted here.  

04:55

You should already know whether you need  the 5 series or the security key series,  

04:59

so now just choose either USB-A or USB-C, and they  all have NFC capability for your mobile devices.

05:06

As a side note, you could purchase the Yubikey  5Ci, which gives you a lightning plug for Apple  

05:11

devices, but not only is this significantly  more expensive, I’ve also found that it’s  

05:16

just as easy if not easier to simply tap my NFC  key on the phone instead of plugging the 5Ci in.

05:22

The 5 series also sells these smaller nano  versions that are meant to stay plugged into your  

05:26

computer at all times, but I gotta say, this just  doesn’t seem like a good idea to me. If somebody  

05:32

breaks into your home or steals your laptop or  something like that, keeping your 2FA security  

05:37

key permanently plugged into your computer seems  to negate the purpose of having a 2FA key in the  

05:42

first place. So unless I’m missing something,  I think it’s best to stay away from these keys.

05:47

In the end, unless you’re purchasing for a  business, I advise you to choose between USB-A  

05:51

or USB-C and then decide whether it’s  worth the extra 20 or so dollars for you  

05:55

to be able to have addition support by way of  one-time passcodes or smart card capabilities.

06:01

If this video was helpful, the best way you can  support me is by using the affiliate links you’ve  

06:05

seen in this video or in the description below.  Yubikey did not pay me to say anything in this  

06:09

video, but they will give me a commission if  you choose to purchase their key using my link,  

06:13

and this is what I use and recommend to  my own family and friends, I promise.  

06:17

Once you’ve received your key,  check out this video next that  

06:20

goes step-by-step into how you set  up your first 2FA key. Take care.