How to Choose the BEST 2FA Key for Security (Yubikey)
Summary
TLDRIn this informative video, Josh from All Things Secured guides viewers on selecting the right Yubikey for their 2FA needs. He breaks down the decision into three key questions, addressing the necessity for secure one-time passcodes, extended authentication support, and the ideal form factor for various devices. Josh clarifies that while the 5 series offers advanced features like passcode storage and OpenPGP, the Security Key series is a cost-effective choice for individuals. He also highlights the importance of choosing the right plug type, such as USB-A, USB-C, or NFC, for convenience across multiple devices. The video aims to demystify the selection process and help users invest wisely in their online security.
Takeaways
- 🔐 Yubikey is a top choice for security keys, offering various options to suit different needs.
- 🛡️ The Security Key series is the entry-level option, suitable for basic 2FA needs.
- 🗝️ The 5 Series and 5 FIPS Series are more advanced, offering the ability to store one-time passcodes and extended authentication support.
- 👍 The Yubikey 5 Series has its own authenticator app, allowing for secure one-time passcode storage and use.
- 🚫 Some companies still do not support 2FA hardware keys, making the 5 Series particularly useful for those needing compatibility with authenticator apps.
- 👤 The Bio Series introduces fingerprint authentication, adding an extra layer of security for those who require it.
- 💼 The Bio, 5 Series, and 5 FIPS Series are geared towards business use due to their advanced features.
- 📱 Consider where and how you will use your security key, as this will influence whether you need USB-A, USB-C, or NFC capabilities.
- 🔌 The Bio Series does not offer an NFC version, which may be a limitation for those wanting mobile device compatibility.
- 📲 The 5Ci model provides a lightning plug for Apple devices, but it's more expensive and may not be as convenient as using an NFC key.
- 🔄 The nano versions of the 5 Series are designed to stay plugged into computers, but this may not be the best security practice.
Q & A
What is the primary purpose of the video?
-The primary purpose of the video is to help viewers choose the right Yubikey 2FA security key for their specific needs.
What are the different Yubikey series mentioned in the video?
-The different Yubikey series mentioned are the Security Key Series, the Bio Series, the 5 Series, and the 5 FIPS Series.
Which Yubikey series can store one-time passcodes?
-The Yubikey 5 and 5 FIPS series can store one-time passcodes.
Why might someone choose the Yubikey 5 series over the Security Key series?
-Someone might choose the Yubikey 5 series if they need to create secure one-time passcodes or require advanced features like OpenPGP for email.
What is NFC and why is it relevant for Yubikey users?
-NFC stands for Near Field Communication. It allows users to tap their Yubikey on a mobile device for authentication instead of plugging it in, which is convenient for modern mobile devices.
Which Yubikey series does not offer an NFC version?
-The Bio series does not offer an NFC version.
What advantage does the Yubikey Bio series offer?
-The Yubikey Bio series offers fingerprint authentication, adding an extra layer of security by ensuring that only the owner can use the key.
Why might the nano versions of the Yubikey 5 series not be ideal for all users?
-The nano versions are designed to stay plugged into a computer at all times, which could be a security risk if the computer is stolen.
What are the different plug types available for Yubikeys and why are they important?
-Yubikeys come with USB-A and USB-C plugs, which are important to match the ports on your devices. The 5Ci also offers a lightning plug for Apple devices, but NFC might be a more convenient option.
What does the video suggest about using Google Authenticator with Yubikey?
-The video suggests that while you can use Google Authenticator, the Yubikey 5 series offers its own authenticator app that can store one-time passcodes, providing an alternative if you have privacy concerns with Google.
Outlines
🔑 Choosing the Right Yubikey
Josh from All Things Secured introduces Yubikey as the top security key on the market and aims to guide viewers in choosing the right 2FA key for their needs. He outlines the different series available—Security Key, Bio, 5 Series, and 5 FIPS—and promises to help viewers save money while making an informed decision.
📱 One-Time Passcodes and Security
Josh explains the importance of one-time passcodes for accounts that support only authenticator apps. He highlights that only the Yubikey 5 and 5 FIPS series support storing these codes, which can be used with Yubikey's own authenticator app. He suggests the 5 series for those needing this feature and the Security Key series for those content with existing authenticator apps.
🖐️ Extended Authentication Support
Josh addresses the need for extended authentication support, typically for business use or highly privacy-conscious individuals. He introduces the Bio series, which includes fingerprint authentication, providing an additional security layer. He notes that this feature may be overkill for most individuals but valuable for enterprises.
💻 Choosing Based on Device Compatibility
Josh advises viewers to consider where they'll use their security key and the type of connection they need—USB-A, USB-C, or NFC. He mentions that the Bio series lacks NFC, while the 5 series offers various connection types. He emphasizes the convenience of NFC for mobile devices and suggests selecting a key based on device compatibility and usage scenarios.
⚠️ Considerations for 5Ci and Nano Versions
Josh discusses the 5Ci, which includes a lightning plug for Apple devices but is more expensive and less convenient than NFC. He also critiques the nano versions meant to stay plugged into computers, arguing that they undermine the purpose of 2FA security. He recommends sticking with USB-A or USB-C options for most users.
🛒 Final Recommendations and Support
Josh concludes by recommending choosing between USB-A or USB-C and considering whether extra features like one-time passcodes or smart card capabilities are necessary. He encourages viewers to use affiliate links for purchases, as he earns a commission. He assures viewers that his recommendations are genuine and invites them to watch a follow-up video on setting up their first 2FA key.
Mindmap
Keywords
💡Yubikey
💡2FA (Two-Factor Authentication)
💡Security Key Series
💡5 Series
💡NFC (Near Field Communication)
💡Fingerprint Authentication
💡One-Time Passcodes (OPT)
💡OpenPGP
💡USB-A and USB-C
💡5Ci
Highlights
Yubikey is considered the best security key on the market.
Guides viewers on choosing the right 2FA key for their needs.
Differentiates between the Security Key Series, Bio Series, 5 Series, and 5 FIPS Series.
Yubikey 5 and 5 FIPS series can store codes from authenticator apps.
Mentions the limitation of certain companies not supporting 2FA hardware keys.
Yubikey has its own authenticator app for storing one-time passcodes.
Bio Series offers fingerprint authentication for added security.
Bio Series acts as 2FA on top of 2FA, suitable for business enterprise use.
Security Key series is recommended for individual consumers.
Consideration of where and how the security key will be used.
Different plug options: USB-A, USB-C, and NFC for various devices.
NFC capability allows for tapping the key on mobile devices.
Bio series does not offer an NFC version.
Advises against permanently plugging in nano versions for security reasons.
Recommends choosing between USB-A or USB-C based on device compatibility.
Suggests considering the value of additional support for one-time passcodes or smart card capabilities.
Provides a step-by-step guide on setting up the first 2FA key in a follow-up video.
Transcripts
Yubikey is considered the best security key on the market right now, and no, they’re not paying me to
say that. But one of the most common questions I get from people who are looking to buy a 2FA
security key is this: which one should I buy? Do you need the Security Key Series or the 5 Series?
Do you need NFC? Fingerprint authentication? What about the 5C, the 5C Nano or the 5Ci?
If you’re confused, you’re not alone, but by the end of today’s video, I promise you’ll know
exactly which 2FA key is right for you and more than likely, you’ll save a bit of money as well.
My name is Josh, this is All Things Secured,
and I’m going to assume you already know what a 2FA key is and what it’s used for.
The point of this video is strictly to help you choose the right key for your situation.
And in the case of Yubikey, we’re talking about a choice among the entry level Security Key series,
the Bio Series, the 5 Series and the highest standard 5 FIIPS Series. And spoiler alert
if you’re the kind of person who doesn’t watch a video to the end,
you’re probably going to want to purchase one of these 4 keys.
Ok, this shouldn’t take long,
but let’s break it down into three simple questions you need to answer for yourself.
First, do you need the ability to create or use secure one-time passcodes? While every Yubikey
can be used as a hardware security token, only the Yubikey 5 and 5 FIPS series allows you to
use the key to store codes that you would normally get from an authenticator app.
Why does this matter? Well, let’s say that you have an account you want to secure that only works
with authenticator apps, not physical security keys. And believe it or not, there’s still quite
a few companies out there who don’t yet support 2FA hardware keys. For example, I can’t use this
key to secure my ProtonMail account, at least at the time I’m recording this video, but they
do allow me to secure with a time-based one-time passcode from an app like Google Authenticator.
What most people don’t know is that Yubikey also has its own authenticator app and certain keys
can store these one-time passcodes or OPT that the app then decodes. I can either plug it in or,
if it’s an NFC key, just tap it on my phone and the codes appear like magic.
Like I said, this only works with the Yubikey 5 series, not the Bio or the Security Key series,
but if you’re one of those people who fears that Google might be using
their authenticator app to link your mobile device to your identity, this is a solution that works.
Do you need to create secure one-time passcodes?
Then go with the 5 series. Are you ok still using Google Authenticator,
Authy or some other authenticator app? Then save some money and go with the Security Key series.
Second question: do you need extended authentication support? Usually this only applies
to businesses, with stuff like smart card support or to those who are incredibly privacy conscious
with the OpenPGP for email. If none of that makes sense to you, then you probably don’t need it.
Or if you fear somebody stealing your key and using it without your permission, extended
authentication in the form of a fingerprint sensor might be appealing to you. That’s where
this Bio series comes in handy. Unlike pretty much any other 2FA key on the market, the Bio
series from Yubikey allows you to configure your fingerprint so that only you can use your key.
It’s like setting up 2 factor authentication on top of your 2-factor authentication.
Honestly, it’s overkill for most individuals
but possibly a very attractive option for business enterprise use.
So hopefully by now you understand which series is right for you. Generally speaking, the
Bio, 5 series and 5 FIPS series are meant for businesses to use, while the Security key series
is for individual consumers. You would probably do great using the Security Key series if you
want - and it will save you some money. I use the 5 series personally, but that’s only because I
care about being able to store one-time passcodes and OpenPGP. I realize that might not be you.
Well that leads us to our final question: Where will you be using your security key?
Take a moment to consider all the places where you might use 2 factor authentication. Your phone.
Your laptop. Your spouse’s laptop. Your tablet device. Which plug covers you on the most devices?
And remember, you can always carry around an adapter as well. Do you prefer an old-school USB,
which is formally named the USB-A and looks like this? In my case, I need a USB-C, which is quickly
becoming the standard for all newer computers, along with the NFC or near field connection, which
I use on my mobile device. When you see those letters NFC, just know that this is the technology
that allows you to tap the key on the back of your phone instead of plugging it in. The NFC works on
iPads, iPhones, Samsung, Google Pixel…pretty much any modern mobile device out there.
The Bio series is the only one that doesn’t offer an NFC version, so for this reason
I’d only seriously be considering one of these four options highlighted here.
You should already know whether you need the 5 series or the security key series,
so now just choose either USB-A or USB-C, and they all have NFC capability for your mobile devices.
As a side note, you could purchase the Yubikey 5Ci, which gives you a lightning plug for Apple
devices, but not only is this significantly more expensive, I’ve also found that it’s
just as easy if not easier to simply tap my NFC key on the phone instead of plugging the 5Ci in.
The 5 series also sells these smaller nano versions that are meant to stay plugged into your
computer at all times, but I gotta say, this just doesn’t seem like a good idea to me. If somebody
breaks into your home or steals your laptop or something like that, keeping your 2FA security
key permanently plugged into your computer seems to negate the purpose of having a 2FA key in the
first place. So unless I’m missing something, I think it’s best to stay away from these keys.
In the end, unless you’re purchasing for a business, I advise you to choose between USB-A
or USB-C and then decide whether it’s worth the extra 20 or so dollars for you
to be able to have addition support by way of one-time passcodes or smart card capabilities.
If this video was helpful, the best way you can support me is by using the affiliate links you’ve
seen in this video or in the description below. Yubikey did not pay me to say anything in this
video, but they will give me a commission if you choose to purchase their key using my link,
and this is what I use and recommend to my own family and friends, I promise.
Once you’ve received your key, check out this video next that
goes step-by-step into how you set up your first 2FA key. Take care.
5.0 / 5 (0 votes)