How to Choose the BEST 2FA Key for Security (Yubikey)
Summary
TLDRIn this informative video, Josh from All Things Secured guides viewers on selecting the right Yubikey for their 2FA needs. He breaks down the decision into three key questions, addressing the necessity for secure one-time passcodes, extended authentication support, and the ideal form factor for various devices. Josh clarifies that while the 5 series offers advanced features like passcode storage and OpenPGP, the Security Key series is a cost-effective choice for individuals. He also highlights the importance of choosing the right plug type, such as USB-A, USB-C, or NFC, for convenience across multiple devices. The video aims to demystify the selection process and help users invest wisely in their online security.
Takeaways
- š Yubikey is a top choice for security keys, offering various options to suit different needs.
- š”ļø The Security Key series is the entry-level option, suitable for basic 2FA needs.
- šļø The 5 Series and 5 FIPS Series are more advanced, offering the ability to store one-time passcodes and extended authentication support.
- š The Yubikey 5 Series has its own authenticator app, allowing for secure one-time passcode storage and use.
- š« Some companies still do not support 2FA hardware keys, making the 5 Series particularly useful for those needing compatibility with authenticator apps.
- š¤ The Bio Series introduces fingerprint authentication, adding an extra layer of security for those who require it.
- š¼ The Bio, 5 Series, and 5 FIPS Series are geared towards business use due to their advanced features.
- š± Consider where and how you will use your security key, as this will influence whether you need USB-A, USB-C, or NFC capabilities.
- š The Bio Series does not offer an NFC version, which may be a limitation for those wanting mobile device compatibility.
- š² The 5Ci model provides a lightning plug for Apple devices, but it's more expensive and may not be as convenient as using an NFC key.
- š The nano versions of the 5 Series are designed to stay plugged into computers, but this may not be the best security practice.
Q & A
What is the primary purpose of the video?
-The primary purpose of the video is to help viewers choose the right Yubikey 2FA security key for their specific needs.
What are the different Yubikey series mentioned in the video?
-The different Yubikey series mentioned are the Security Key Series, the Bio Series, the 5 Series, and the 5 FIPS Series.
Which Yubikey series can store one-time passcodes?
-The Yubikey 5 and 5 FIPS series can store one-time passcodes.
Why might someone choose the Yubikey 5 series over the Security Key series?
-Someone might choose the Yubikey 5 series if they need to create secure one-time passcodes or require advanced features like OpenPGP for email.
What is NFC and why is it relevant for Yubikey users?
-NFC stands for Near Field Communication. It allows users to tap their Yubikey on a mobile device for authentication instead of plugging it in, which is convenient for modern mobile devices.
Which Yubikey series does not offer an NFC version?
-The Bio series does not offer an NFC version.
What advantage does the Yubikey Bio series offer?
-The Yubikey Bio series offers fingerprint authentication, adding an extra layer of security by ensuring that only the owner can use the key.
Why might the nano versions of the Yubikey 5 series not be ideal for all users?
-The nano versions are designed to stay plugged into a computer at all times, which could be a security risk if the computer is stolen.
What are the different plug types available for Yubikeys and why are they important?
-Yubikeys come with USB-A and USB-C plugs, which are important to match the ports on your devices. The 5Ci also offers a lightning plug for Apple devices, but NFC might be a more convenient option.
What does the video suggest about using Google Authenticator with Yubikey?
-The video suggests that while you can use Google Authenticator, the Yubikey 5 series offers its own authenticator app that can store one-time passcodes, providing an alternative if you have privacy concerns with Google.
Outlines
š Choosing the Right Yubikey
Josh from All Things Secured introduces Yubikey as the top security key on the market and aims to guide viewers in choosing the right 2FA key for their needs. He outlines the different series availableāSecurity Key, Bio, 5 Series, and 5 FIPSāand promises to help viewers save money while making an informed decision.
š± One-Time Passcodes and Security
Josh explains the importance of one-time passcodes for accounts that support only authenticator apps. He highlights that only the Yubikey 5 and 5 FIPS series support storing these codes, which can be used with Yubikey's own authenticator app. He suggests the 5 series for those needing this feature and the Security Key series for those content with existing authenticator apps.
šļø Extended Authentication Support
Josh addresses the need for extended authentication support, typically for business use or highly privacy-conscious individuals. He introduces the Bio series, which includes fingerprint authentication, providing an additional security layer. He notes that this feature may be overkill for most individuals but valuable for enterprises.
š» Choosing Based on Device Compatibility
Josh advises viewers to consider where they'll use their security key and the type of connection they needāUSB-A, USB-C, or NFC. He mentions that the Bio series lacks NFC, while the 5 series offers various connection types. He emphasizes the convenience of NFC for mobile devices and suggests selecting a key based on device compatibility and usage scenarios.
ā ļø Considerations for 5Ci and Nano Versions
Josh discusses the 5Ci, which includes a lightning plug for Apple devices but is more expensive and less convenient than NFC. He also critiques the nano versions meant to stay plugged into computers, arguing that they undermine the purpose of 2FA security. He recommends sticking with USB-A or USB-C options for most users.
š Final Recommendations and Support
Josh concludes by recommending choosing between USB-A or USB-C and considering whether extra features like one-time passcodes or smart card capabilities are necessary. He encourages viewers to use affiliate links for purchases, as he earns a commission. He assures viewers that his recommendations are genuine and invites them to watch a follow-up video on setting up their first 2FA key.
Mindmap
Keywords
š”Yubikey
š”2FA (Two-Factor Authentication)
š”Security Key Series
š”5 Series
š”NFC (Near Field Communication)
š”Fingerprint Authentication
š”One-Time Passcodes (OPT)
š”OpenPGP
š”USB-A and USB-C
š”5Ci
Highlights
Yubikey is considered the best security key on the market.
Guides viewers on choosing the right 2FA key for their needs.
Differentiates between the Security Key Series, Bio Series, 5 Series, and 5 FIPS Series.
Yubikey 5 and 5 FIPS series can store codes from authenticator apps.
Mentions the limitation of certain companies not supporting 2FA hardware keys.
Yubikey has its own authenticator app for storing one-time passcodes.
Bio Series offers fingerprint authentication for added security.
Bio Series acts as 2FA on top of 2FA, suitable for business enterprise use.
Security Key series is recommended for individual consumers.
Consideration of where and how the security key will be used.
Different plug options: USB-A, USB-C, and NFC for various devices.
NFC capability allows for tapping the key on mobile devices.
Bio series does not offer an NFC version.
Advises against permanently plugging in nano versions for security reasons.
Recommends choosing between USB-A or USB-C based on device compatibility.
Suggests considering the value of additional support for one-time passcodes or smart card capabilities.
Provides a step-by-step guide on setting up the first 2FA key in a follow-up video.
Transcripts
Yubikey is considered the best security key on theĀ market right now, and no, theyāre not paying me toĀ Ā
say that. But one of the most common questionsĀ I get from people who are looking to buy a 2FAĀ Ā
security key is this: which one should I buy? DoĀ you need the Security Key Series or the 5 Series?Ā Ā
Do you need NFC? Fingerprint authentication?Ā What about the 5C, the 5C Nano or the 5Ci?
If youāre confused, youāre not alone, but byĀ the end of todayās video, I promise youāll knowĀ Ā
exactly which 2FA key is right for you and moreĀ than likely, youāll save a bit of money as well.
My name is Josh, this is All Things Secured,Ā Ā
and Iām going to assume you already knowĀ what a 2FA key is and what itās used for.Ā Ā
The point of this video is strictly to helpĀ you choose the right key for your situation.
And in the case of Yubikey, weāre talking about aĀ choice among the entry level Security Key series,Ā Ā
the Bio Series, the 5 Series and the highestĀ standard 5 FIIPS Series. And spoiler alertĀ Ā
if youāre the kind of person whoĀ doesnāt watch a video to the end,Ā Ā
youāre probably going to wantĀ to purchase one of these 4 keys.
Ok, this shouldnāt take long,Ā Ā
but letās break it down into three simpleĀ questions you need to answer for yourself.
First, do you need the ability to create or useĀ secure one-time passcodes? While every YubikeyĀ Ā
can be used as a hardware security token, onlyĀ the Yubikey 5 and 5 FIPS series allows you toĀ Ā
use the key to store codes that you wouldĀ normally get from an authenticator app.
Why does this matter? Well, letās say that youĀ have an account you want to secure that only worksĀ Ā
with authenticator apps, not physical securityĀ keys. And believe it or not, thereās still quiteĀ Ā
a few companies out there who donāt yet supportĀ 2FA hardware keys. For example, I canāt use thisĀ Ā
key to secure my ProtonMail account, at leastĀ at the time Iām recording this video, but theyĀ Ā
do allow me to secure with a time-based one-timeĀ passcode from an app like Google Authenticator.
What most people donāt know is that Yubikey alsoĀ has its own authenticator app and certain keysĀ Ā
can store these one-time passcodes or OPT thatĀ the app then decodes. I can either plug it in or,Ā Ā
if itās an NFC key, just tap it on myĀ phone and the codes appear like magic.Ā Ā
Like I said, this only works with the Yubikey 5Ā series, not the Bio or the Security Key series,Ā Ā
but if youāre one of those peopleĀ who fears that Google might be usingĀ Ā
their authenticator app to link your mobile deviceĀ to your identity, this is a solution that works.
Do you need to create secure one-time passcodes?Ā Ā
Then go with the 5 series. Are youĀ ok still using Google Authenticator,Ā Ā
Authy or some other authenticator app? Then saveĀ some money and go with the Security Key series.
Second question: do you need extendedĀ authentication support? Usually this only appliesĀ Ā
to businesses, with stuff like smart card supportĀ or to those who are incredibly privacy consciousĀ Ā
with the OpenPGP for email. If none of that makesĀ sense to you, then you probably donāt need it.
Or if you fear somebody stealing your key andĀ using it without your permission, extendedĀ Ā
authentication in the form of a fingerprintĀ sensor might be appealing to you. Thatās whereĀ Ā
this Bio series comes in handy. Unlike prettyĀ much any other 2FA key on the market, the BioĀ Ā
series from Yubikey allows you to configure yourĀ fingerprint so that only you can use your key.Ā Ā
Itās like setting up 2 factor authenticationĀ on top of your 2-factor authentication.
Honestly, itās overkill for most individualsĀ Ā
but possibly a very attractiveĀ option for business enterprise use.
So hopefully by now you understand which seriesĀ is right for you. Generally speaking, theĀ Ā
Bio, 5 series and 5 FIPS series are meant forĀ businesses to use, while the Security key seriesĀ Ā
is for individual consumers. You would probablyĀ do great using the Security Key series if youĀ Ā
want - and it will save you some money. I use theĀ 5 series personally, but thatās only because IĀ Ā
care about being able to store one-time passcodesĀ and OpenPGP. I realize that might not be you.
Well that leads us to our final question:Ā Where will you be using your security key?
Take a moment to consider all the places whereĀ you might use 2 factor authentication. Your phone.Ā Ā
Your laptop. Your spouseās laptop. Your tabletĀ device. Which plug covers you on the most devices?Ā Ā
And remember, you can always carry around anĀ adapter as well. Do you prefer an old-school USB,Ā Ā
which is formally named the USB-A and looks likeĀ this? In my case, I need a USB-C, which is quicklyĀ Ā
becoming the standard for all newer computers,Ā along with the NFC or near field connection, whichĀ Ā
I use on my mobile device. When you see thoseĀ letters NFC, just know that this is the technologyĀ Ā
that allows you to tap the key on the back of yourĀ phone instead of plugging it in. The NFC works onĀ Ā
iPads, iPhones, Samsung, Google Pixelā¦prettyĀ much any modern mobile device out there.
The Bio series is the only one that doesnātĀ offer an NFC version, so for this reasonĀ Ā
Iād only seriously be considering oneĀ of these four options highlighted here.Ā Ā
You should already know whether you needĀ the 5 series or the security key series,Ā Ā
so now just choose either USB-A or USB-C, and theyĀ all have NFC capability for your mobile devices.
As a side note, you could purchase the YubikeyĀ 5Ci, which gives you a lightning plug for AppleĀ Ā
devices, but not only is this significantlyĀ more expensive, Iāve also found that itāsĀ Ā
just as easy if not easier to simply tap my NFCĀ key on the phone instead of plugging the 5Ci in.
The 5 series also sells these smaller nanoĀ versions that are meant to stay plugged into yourĀ Ā
computer at all times, but I gotta say, this justĀ doesnāt seem like a good idea to me. If somebodyĀ Ā
breaks into your home or steals your laptop orĀ something like that, keeping your 2FA securityĀ Ā
key permanently plugged into your computer seemsĀ to negate the purpose of having a 2FA key in theĀ Ā
first place. So unless Iām missing something,Ā I think itās best to stay away from these keys.
In the end, unless youāre purchasing for aĀ business, I advise you to choose between USB-AĀ Ā
or USB-C and then decide whether itāsĀ worth the extra 20 or so dollars for youĀ Ā
to be able to have addition support by way ofĀ one-time passcodes or smart card capabilities.
If this video was helpful, the best way you canĀ support me is by using the affiliate links youāveĀ Ā
seen in this video or in the description below.Ā Yubikey did not pay me to say anything in thisĀ Ā
video, but they will give me a commission ifĀ you choose to purchase their key using my link,Ā Ā
and this is what I use and recommend toĀ my own family and friends, I promise.Ā Ā
Once youāve received your key,Ā check out this video next thatĀ Ā
goes step-by-step into how you setĀ up your first 2FA key. Take care.
Browse More Related Video
5.0 / 5 (0 votes)