The YubiKey 5 NFC is a hardware security key that bolsters account security. It’s compatible with USB-A and NFC connections and costs only $45. I’ve used this device for over a year and want to share whether it’s worth using. Keep reading this Yubico YubiKey 5 NFC review to learn more.
I bought the Yubico YubiKey 5 NFC because I wanted to add an extra layer of protection to many of my online accounts. And I’ve been using this device for more than 2 years. I want to share my experience and whether it’s worth buying.
Pros &Cons of YubiKey 5 NFC
Here are the pros and cons of Yubico’s YubiKey 5 NFC:
Pros of YubiKey 5 NFC
- Crush-resistant
- Compact
- FIDO U2F compliant
- OTP support
- No required software installations
Cons of YubiKey 5 NFC
- Unusable on a lot of websites
- Can’t retrieve access to accounts if you lose your YubiKey
Who Is YubiKey 5 NFC Best For?
The YubiKey 5 NFC works best for anyone who’s paranoid about online security and doesn’t trust other two-factor authentication methods.
Regarding the 5 NFC, you can only use it with near field communications (NFC)-enabled devices or devices with USB-A ports. If you have a dongle with a female USB-A port or an adapter, you can still use the YubiKey 5 NFC.
And if you don’t have any devices with NFC or USB-A ports, don’t worry. Yubico offers security keys that support other connectivity ports. Like USB-C or Lightning.
I’ll cover these in a bit.
Anyway. YubiKeys can HELP combat ransomware attacks, phishing, and vulnerabilities for businesses. If your computer has viruses or malware, you’ll have fewer chances of hackers getting into your account.
Because they’ll need a physical hardware key to access your account.
Technically, these devices are great for privacy as well.
Yubico YubiKey 5 NFC Specifications
| USB Support | USB-A |
| Price* | $45 |
| NFC | Yes |
| Biometrics | None |
| Supported password managers | – Bitwarden Premium – LastPass Premium – Dashlane Premium – 1Password- Keeper |
| Made in | Sweden and USA |
| Warranty | 1 year |
| Weight | 3 grams |
| Dimensions | 18 mm x 45 mm x 3.3 mm |
| Suitable Storage Temperatures | -4 °F–185 °F (-20 °C–85 °C) |
| Function | – WebAuthn – U2F – FIDO21 – CTAP12 – FIDO2 CTAP2 – Smart card (PIV-compatible) – Yubico OTP – OATH – HOTP (Event) – OATH – TOTP (Time) – Open PGP- Secure Static Password |
| Certifications | – FIDO U2F – FIDO 2 |
| Cryptographic specifications | – ECC p2563 – ECC p384 – RSA 20484 – RSA 4096 (PGP) |
| Device type | – HID5 – CCID6 – Smart Card – FIDO |
1 Fast ID Online
2 Client to Authenticator Protocol
3 Elliptic-curve cryptography
4 Rivest-Shamir-Adleman encryption
5 Human Interface Device
6 Chip Card Interface Device
* Doesn’t include sales tax or shipping fees.
What Is a YubiKey?
Yubico made hardware known as YubiKey security keys to serve as a two-step authentication device (2FA). Instead of using SMS, email-based codes, and randomly generated codes on apps, you’d use a hardware key as a 2FA method to enter your account.
You’ll also notice that these keys adhere to the Universal 2nd Factor (U2F) industry standard. It combines hardware-based security applications and public key cryptography. This marriage in features makes it extremely difficult for hackers to access your account.
No one has been able to clone a Yubico YubiKey, yet. So these keys remain the safest means for 2FA account security.
Yubico offers various connectivity methods for their YubiKeys that include:
- USB-C
- USB-A
- NFC
- Lightning
I’ll cover how to use it later. It’s easy to use.
What Is Multifactor Authentication?
Multi-Factor authentication, or two-factor authentication (2FA), requires you to prove you’re the owner of an account you’re trying to log into.
If you’re here, you likely already know what a YubiKey is and don’t need to read this section.
But I want to cover this topic in case anyone’s new to multi-factor authentication.
Here’s an example of 2FA. If you enable 2FA, the website will prompt you to enter a security code that you can get from your email, a text message, or an application.
You can further divide two-factor authentication into the following areas:
- U2F: login methods include biometrics, inserting a hardware security key, or using an NFC function to log into a device (most secure)
- Time-based One-Time Password (TOTP): generates a one-time password (second-best)
- SMS: the website will text you a code (least secure)
- Email: the website will email you a code—better than nothing
Check whether your online accounts support 2FA. If so, I highly recommend enabling it. Even if it just supports email multi-factor authentication. Any security beats having no protection.
While using 2FA won’t stop all hackers or thieves from going after your data, it will deter them.
If you don’t want to use a hardware key, download a free one-time password application. I’ll give you a good TOTP application in a second.
YubiKey 5 NFC Features
Common Yubico YubiKey 5 NFC features include:
- Supported features
- Yubico Authenticator application
- YubiKey Manager
- YubiKey Personalization tool
The following sections will cover these ‘features’ in-depth.
1. YubiKey Supported Sites
There’s a massive list of websites that YubiKey 5 Series works on. Some verified working sites include:
| Amazon Web Services | Google accounts | Salesforce.com | Coinbase |
| Microsoft accounts | Duo Security | ||
| Kraken | GeForce | Github | Evercoin |
| Forumosa | Cryptware | Citrix Workspace | AuthLite |
| Dropbox | ID.me | GOV.UK | Ping Identity |
| Login.gov | Simplelogin.io | PulseSecure | UserLock |
| EgoSecure | GoDaddy | Namecheap | Cloudflare |
| CyberArk | KeePassium | Gemini | Shopify |
| AnonAddy | * PayPal | Stripe | NordVPN |
| Zoho | Vanguard | Yahoo Mail | Binance |
* From my experience, this has been glitchy. You may have better results.
Password managers that YubiKey 5 Series keys will work with include:
| 1Password | LastPass Premium | Bitwarden Premium | Password Safe |
| OneLogin | KeePass | Passbolt | Password Tote |
| DashLane | NordPass | Otka | Keeper |
YubiKey has an enormous list of supported sites. But I don’t find it reliable. For instance, someone claims Reddit supports YubiKeys.
But it doesn’t.
Verified websites that work with YubiKeys will have a checkmark beside their names.
Here’s a website I found that shows two-factor authentication methods you can use on popular websites, web applications, and mobile applications (2FA Directory).
2. Yubico’s Free Software To Help Manage Your Key/s
Yubico offers a few applications to help you manage your YubiKey:
- Time-based one-time password application
- YubiKey manager tool
- Personalization tool
- Login manager
The following sections will cover details about each tool.
Yubico Authenticator Application
The open source and cross-platform Yubico Authenticator application allows you to manage one-time passwords (OTP) for up to 25 online accounts.
You can use it on Mac, Linux, Windows, iOS, and Android operating systems.
I downloaded the Yubico Authenticator App on my Mac and Android phone for testing purposes.
First, I’ll cover the Mac.
Upon logging into the application, it asked me to plug in my YubiKey and enable the app to access privacy features. So I did that and was taken to a screen to add an account.
When you see this screen, plug your YubiKey into your device.
After that, it’s just like any other desktop TOTP application. Either enter the security key manually or use Yubico’s screen capture feature to take a picture of the website’s 2FA QR code.
“Scan QR Code” will search your desktop for a QR code.
Keep in mind that if you remove the YubiKey at any point while using this application, the software will take you back to the login screen.
After doing that, the additional options sparked more interest.
If you remove the YubiKey while using this application, the software will take you back to the login screen.
The additional options sparked more interest.
First, you can choose whether to tap your key to generate the random code. Afterward, it will give you advanced options like:
- Type: TOTP or HMAC-based one-time password (HOTP)
- Algorithm:
- Secure Hash Algorithm 1 (SHA1): a hash function to determine whether you have an altered file
- SHA256: created by the National Security Agency and is a more secure successor to SHA1. The details of how this hashing function works are classified.
- SHA512: most secure hash function available
- Period: set the one-time password duration
- Digits: password length between 6–8 numbers
The desktop application can also manage your key by tinkering with the PIN and sign-in data. You can also view the device type, firmware version, and serial number.
If you want, you can connect an external card reader to interact with your YubiKey.
The Yubico Authenticator application for my Mac, Android, and Windows worked perfectly.
You can’t use the mobile application if your phone doesn’t support NFC or dongles.
YubiKey Manager Application
The YubiKey Manager allows you to see what firmware your YubiKey runs on. It also makes it so you can customize what authentication methods your USB and NFC use.
You can download this software for Linux Mac, and Windows operating systems.
YubiKey Personalization Tool
It’s software that’s no longer under development, but still supported. You can add additional features to your YubiKey like fast triggering.
Fast triggering prevents you from accidentally triggering smaller YubiKey devices like the YubiKey Nano.
Yubico Login
You can use Yubico login to transform your YubiKey into a means to log into Windows or Mac operating systems.
How Durable Is a YubiKey?
The YubiKey 5 NFC is IP68 rated. Thus, it’s dust-, dirt-, crush- and sand-resistant. Also, Yubico makes its products with fiberglass reinforced bodies and hardened military-grade gold.
It can survive a maximum depth of 1.5 meters (4.9 feet) underwater for 30 minutes. However, tests didn’t specify whether the water had salt or chlorine. So test at your own risk.
These keys should withstand most of what life will throw at the device. And if you like to authenticate your phone underwater, you can do so. Here’s someone using a YubiKey underwater on a waterproof phone:
I haven’t tried to destroy my YubiKey, so I don’t have first-hand experience as to how much of a beating these devices can take.
Everything I touch usually breaks, so it’s a miracle I haven’t broken mine yet.
Here’s a first-hand experience of someone who ‘tested’ their YubiKey’s durability. A Twitter user accidentally ground his YubiKey in a weed eater.
Have you ever wondered how durable a multifactor token is? @N8ACR, one of our @MiamiRegionals IT staff found out with his @Yubico YubiKey. He lost this one years ago, and found it this week when his weed eater threw it back up on to the porch. It still works! pic.twitter.com/PuMM283OGg
— David Seidl (@davidseidl) May 5, 2020
As you can see, the YubiKey still works.
I’m sure these things aren’t fireproof, though. Get a fireproof case for this device in case your home catches on fire.
How To Use a YubiKey 5 NFC
The following sections will cover what you’ll need to know when using a YubiKey:
- How to use it with a computer
- Use it with a phone
- Update it
- Clean it
Let’s get started.
How To Use a YubiKey 5 NFC With a Computer
To use a YubiKey 5 NFC with your computer, you’ll need to follow these steps:
- Plug it into a USB-A port on your computer: a dongle or dock port works too
- When logging in to a website that requires a YubiKey, it’ll say “Insert Your YubiKey Now”
- Tap the gold disk on your YubiKey and wait for it to log in
- Wait for your browser to log you into your online account
Some scenarios will require you to enter a pin. You’ll have to set up this pin when setting up a YubiKey with an account.
How do you tell whether your YubiKey’s plugged in? Look for a flashing LED light. Here’s a video that shows you what to look for:
How To Use a YubiKey 5 NFC With a Phone
Follow these steps to use a YubiKey 5 NFC with your phone:
- * Enable NFC on your phone
- Open your browser and navigate to the website you want to log in to (or mobile app)
- Enter your login information
- Your phone will show a prompt to use your security key: tap the key against your phone (it doesn’t matter where)
- Wait for your account to log in
* To enable NFC on your phone, open your settings and type “NFC” into the search bar. Upon seeing the setting for it, toggle the NFC setting on.
Once logged into your account with a YubiKey, feel free to turn off NFC if you don’t feel comfortable leaving it on.
Yubico has tested various USB adapters (dongles) with YubiKeys and has found the following devices to work:
- Belkin USB-C to USB
- MonoPrice USB-C to USB
- Apple USB-C to USB
- Nonda USB-C to USB
- Mediasonic USB-C to USB-A
Ensure these are legitimate devices and not knockoffs. While people can’t copy YubiKeys, that may change at a moment’s notice.
How To Clean a YubiKey 5 NFC
Only use rubbing alcohol and/or wipes that have no more than 70% % isopropyl alcohol to clean your YubiKey 5 NFC and the gold disk sensor.
How to Update a YubiKey 5 NFC
You cannot update Yubico’s YubiKey firmware. Otherwise, you’d see more attackable areas on your YubiKey.
Where To Buy a YubiKey 5 NFC
You can buy a YubiKey 5 NFC from the following places:
- Yubico’s website: safest place to buy
- Walmart: not a third-party vendor
- Newegg: ensure you buy it directly from Yubico
- Amazon
- * Trusted resellers
* Yubico also has a list of trusted resellers on their website.
Suppose you buy it from a third-party vendor not on their list of approved websites. ENSURE you check its legitimacy before connecting it to accounts.
I’ll cover how to tell whether you have a real YubiKey in a bit.
YubiKey Deals, Discounts, & Promo Codes
Use coupon code NOMAD and get $10 off transactions $100 or higher.
To claim the discount, you’ll need to provide your school email address, your institution’s name, your position, and a few other details.
Nothing too personal. Just your name and country.
I’ll update this page when future Yubico deals surface. Bookmark this post if you’re waiting for a sale.
Yubikey Black Friday & Cyber Monday Deals
Yubico has not announced Black Friday or Cyber Monday deals for their Yubikey products.
YubiKey 5 NFC Alternatives
Here are some alternatives to the Yubico YubiKey 5 NFC:
| Security Key | * Price | Connectivity |
|---|---|---|
| YubiKey 5 NFC | $45 | USB-A and NFC |
| YubiKey 5Ci | $70 | USB-C and lightning bolt |
| Google Titan Key (USB-A) | $30 | USB-A |
| Thetis FIDO2 | $22.99 | USB-A |
* These prices don’t include sales tax or shipping. Sales platforms may change these prices without notice. So double-check the price.
The following sections will cover each key more in-depth. I’ll dive into each device’s pros and cons, their features, and whether it’s worth buying.
YubiKey 5Ci: Best for Apple Product Owners
The YubiKey 5Ci works the same as a YubiKey 5 NFC. However, the only difference being connectivity. It supports Lightning (for iPhones) and USB-C. So this device works best for iPhone users and devices with USB-C connectivity.
If you already have a USB-A dongle (or dock), save your money and get the 5 NFC. iPhones have NFC, so you can still use the 5Ci with Apple’s phones.
It also shares almost similar pros and cons with the YubiKey 5 NFC. I’d like to add a couple of cons: there’s no NFC, and it costs a bit more.
Google Titan vs. Yubikey 5 NFC
I don’t recommend the Google Titan Security Key. A study suggested that a hacker can copy the chips inside the Titan Key [1].
Since an attacker could copy the chip, they could clone the Google Key and use it to bypass your two-factor authentication. I haven’t seen any official responses from Google mentioning any fixes.
So I wouldn’t trust putting my account information on something vulnerable like this.
As far as I know, no one has cloned Yubico’s 5 series keys. That gives them a SIGNIFICANT edge over Google’s key.
Why bother mentioning this key if it falls behind security-wise?
I want to show you the information I found. In case you find this device elsewhere and find it appealing because of its price.
Thetis FIDO2 Security Key: A Slightly More Affordable Alternative
The Thetis security keys offer a bit more affordable alternative to YubiKeys. But you can’t use it with email clients. And apparently, you can only use it with the Google Chrome browser.
It’s also a bit bigger (1.8 x 0.5 x 0.4 inches). And it has a foldable design. It’s annoying.
Though it protects the device from scratches, the cosmetic damages don’t affect the security key’s performance. So it adds an extra step when plugging this thing in.
It’s not made in the United States and Sweden (the Thetis is made in China). So whether that’s a con depends on your preferences.
Pros of Thetis FIDO2 Security Key
- 1-year warranty
- Affordable
- Bluetooth connection
Cons of Thetis FIDO2 Security Key
- Bulky
Yubico YubiKey 5 NFC Review: My Overall Opinion
I’ve used my YubiKey for over a year and have no regrets spending $90 (for two keys). I haven’t had anyone break into my accounts since using these keys, and I hope they continue to do their job.
The only downsides of these keys include the limited websites they support and the required USB port. The former isn’t Yubico’s fault because it requires implementation from companies.
Meanwhile, the latter is my fault. Because I’m too cheap to buy a Thunderbolt dock.
They’re durable, small, and well-made.
2FA Security Key Buying Guide: Don’t Buy the Wrong Key
You’ll want to keep the following factors in mind when shopping for a security key:
- Standards support: future-proof your device’s support by ensuring it supports the newest security standards. FIDO2 support is a good example.
- Compatibility: each key has different connections it supports. Some support USB-C connections, while others have USB-A and NFC connections.
- Durability: ensure your device won’t break while you’re carrying it.
- Documentation: opt for a company that offers the most information possible on their products. Also, check whether there’s a decent-sized community based around the key you want.
Keep these factors in mind if you search for other hardware security keys.
FAQs
Do you have more questions about YubiKeys? Here are questions and answers to help you better understand Yubico’s keys.
How Can I Tell If My YubiKey Is Real?
You can tell if your YubiKey is authentic by using Yubico’s official web application. Follow the prompts on their website, and you’ll see whether you have a legitimate device in less than a minute.
What Do I Do If I Lose My YubiKey?
If you lose your YubiKey, you’re out of luck. Unless the website offers a way to recover your account. Thus, you’ll need to buy two YubiKeys (to have a backup key).
Can You Copy a YubiKey?
You cannot copy a YubiKey. Yubico designed them as tamperproof. That means, even if someone were to steal your key while in transit, they couldn’t clone it.
Does YubiKey Replace Password?
Few websites (like Microsoft accounts) allow you to replace your password with a YubiKey login.
Does YubiKey Work With Banks?
No banks that I could find support YubiKeys. Please reach out to your bank and ask them if they can support this hardware.
Can My YubiKey Be Hacked?
YubiKeys can’t be hacked (for the most part) because of their limited attack surface.
How Long Will YubiKey Last?
Each YubiKey’s internals allow it to last up to 30 years. However, Yubico doesn’t give their keys an artificial lifespan.
Which Yubico Key Is Best?
The best Yubico key is the one your devices support. For instance, if you have an iPhone, the YubiKey 5Ci is best.
Where Is YubiKey Made?
YubiKey manufactures all its products either in their United States- or Sweden-based factories. Yubico sources all of its materials from the U.S. and Sweden.
