Categories
macOS

YubiKey 5 NFC and 5Ci review

The YubiKey is a security key that comes in many different formats and versions. I got the chance of testing two of them, the YubiKey 5 NFC and Yubikey 5Ci. Better security and still enjoying comfort and convenience are the two major USPs of the YubiKey.

The former is a USB-A key with near field communications capabilities, while the latter is a dual-port key for USB-C and Lightning devices such as the iPhone/iPad range, but also Android devices and, indeed, the Mac.

Why would you need a YubiKey when a one-time password — usually a six-digit number — is considered secure enough by service providers? Convenience is one reason and an added layer of security is another. To start with the latter: a physical key requires — literally — a human touch and cannot be hacked remotely. In addition, the YubiKey 5 series can be used in conjunction with a PIN for user verification — the PIN unlocking the device locally and touch needed for the YubiKey to perform the authentication.

Using a YubiKey is also a matter of convenience as many service providers allow you to get rid of having to enter the one-time password (OTP).

The YubiKey as a device is nearly indestructible. The standard-sized YubiKeys, such as the YubiKey NFC version I tested, are made of injection moulded plastic encasing the circuitry, while the USB-connector and touchpad consist of military-grade hardened gold. YubiKeys are waterproof and crushproof and can be attached to a lanyard or keyring. The YubiKey 5Ci’s connectors are made of corrosion-free steel.

The YubiKey 5Ci and NFC work directly with Boxcryptor, DocuSign, Dropbox, Envato, Facebook, Google accounts, Instagram, a slew of enterprise-level systems, platforms like WordPress and Joomla, etc. However, they can also be used to lock/unlock your computer, including a Mac. In fact, if you subscribe to BoxCryptor, you can encrypt individual files on your Mac, upload them encrypted to any cloud service out there and enjoy 100% security without ever having to revert to authentication apps or SMS’ed codes.

While that is comfortable, what I would like to see is someone who programs an app that can encrypt any file, folder or disk drive allowing you to authenticate those using a YubiKey. For photographers and filmmakers, that would be the Walhalla of security methods for the work they need to transport and don’t want to share with the rest of the world yet.

In strictly technical terms, all YubiKey 5 models support FIDO2 / WebAuthn, FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and challenge-response protocols.

Even if a service doesn’t work with a YubiKey out of the box, you can use it as an authenticator of a 2FA code that you’d normally use Google, Adobe or Microsoft’s authenticator app for. For that purpose, Yubico developed the Yubico Authenticator app that exists for desktop computers, tablets and smartphones. The advantage of going through that app instead of the commonly used ones is the YubiKey itself: the Yubico Authenticator app allows you to store your credentials on a YubiKey and not on your mobile phone or computer so that your security can’t be compromised.

I tried replacing the authentication app on my iPad and iMac with the YubiKey authenticator to log in to my mail server. The algorithm that is meant to scan the QR-code most services use to authenticate you worked, even without having to position a frame over the code. It offers a temporary copy of the 6-digit code to paste it in your browser or app. In other words, it works like a charm and is more secure and user-friendly than Authy, a much-used authentication app, and other such apps.

With a YubiKey 5 NFC, you don’t even have to plug in the key; you can hold it near an NFC-enabled Android, Windows 10 or iOS device and it will send its authentication data to — for example — Brave, the first browser on iOS that works with the WebAuthn protocol over Lightning connectors. For that to work, though, you will need one of Apple’s latest iPads or iPhones. Although even an iPad Air 2 has an NFC chip inside, it’s not activated for some obscure reason.

Probably the hardest decision you must make when considering to buy a YubiKey is which one to buy. The YubiKey 5Ci works on their iOS devices as well as on older iOS devices and on Macs. However, it lacks the wireless capabilities of the YubiKey 5 NFC. If you want that extra ease-of-use, you’ll have to make sure your device supports NFC — an iPhone 7 and an iPad Pro 9.7 and higher, for example.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.