In the later parts of 2020, the world continues to work on defining what COVID-normal means. As a result of the global pandemic, many businesses sent staff home to work and now many are asking if a return to the office needs to happen, or this has been the accelerant needed to truly offer flexible working options.
As employees are more mobile and continue to use a growing number of cloud-based services, the number of accounts we interact with continues to grow. This presents an increase for one of the most common threat vectors, phishing and credential theft.
YubiKey offers a hardware-based authentication solution for multi-factor auth events. MFA refers to something you know (username and password) as well as something you have, typically your bio information like a fingerprint, but in this instance is a small USB-C key that you’d keep with you at all times.
I’ve been using the latest YubiKey 5C NFC for the past few weeks and it’s time to break down how it works.
Small, portable, secure
The physical key is small and efficient in its design. Not much larger than a modern USB-key, the Yubico 5C NFC features a hole at the top to attach to a set of keys. This provides convenient access to your secure token. On the face of the key you’ll find a golden touchpad, recessed from the face of the device, to avoid accidental touches. This features the Yubico logo which is a nice touch and can easily separate it from other devices on your key ring.
Our 5C NFC Experience Pack actually came with coloured stickers for the USB key. This solves two problems. This supports humans that want to personalise their technology, but in a commercial application where many of these are around the office, it could help return a lost device to its owner.
Designing the setup process to be simple and easy is critical when attempting to sell a device that increases security. If this goes wrong, users get frustrated and will be tempted to disable MFA.
Thankfully Yubico does a great job of this, not requiring any kind of registration of your YubiKey. To get started, simply follow the steps below to set up your YubiKey as a form of two-factor authentication with the supported service you wish to secure.
How to set up your YubiKey:
- Select your YubiKey to see the supported services
- Find the services you want to protect using our Works with YubiKey catalog
- Get setup instructions for each service by clicking the “Learn more” link
- Follow the step-by-step instructions to protect the service with your YubiKey
- Use your YubiKey!
Stand out features of this display.
The YubiKey 5 Series security keys of a range of authentication options including:
- Strong Single Factor—Passwordless: Replaces weak passwords with passwordless tap-n-go secure login.
- Strong Two Factor—Password + Authenticator: Adds a tapn-go second factor for secure two-factor authentication.
- Strong Multi-Factor—Passwordless + PIN: Combines tap-n-go authentication with a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription
This version of the Yubikey features NFC. This means that you can simply tap to transfer the authentication code to the authenticating device. This works with NFC-enabled Android, iOS and Windows 10 devices and applications. While you’re likely to imagine the YubiKey 5C NFC connected to the side of the laptop, but it also slips into any standard USB-C port, which means you can connect it to the bottom of many phones.
Another feature is the robustness of the device. Made from reinforced fiberglass, the chassis houses a military-grade hardened gold protect YubiKey from everyday life. You can throw the YubiKey 5C NFC device in your bag without fear that it’s going to be damaged, as it also features water and crush resistance.
Finally the biggest feature for a MFA hardware device is its ability to be used as an authenticator across a variety of services. Yubico continue to work with service providers to increase support and you can see from this list, that the YubiKey 5 Series works with most web services.
Not everything’s perfect
Probably the biggest miss for me is the fact this MFA key doesn’t also support the ability to authenticate into Windows 10. While you can configure a hardware key under Windows 10 Account > Sign in options, this is only applicable for online accounts, not for logging into Windows. This leaves you using 1 biometric authentication (fingerprint or face unlock) to get into Windows, then using a different MFA technique for authenticating with the Yubikey.
I would love to see Yubico add a fingerprint reader to the Yubikey to enable it to be used for all types of MFA. This would help support use cases on older PCs that don’t have biographical authentication hardware.
PRICE & AVAILABILITY
How much and when can you get one ?
The Yubico YubiKey 5C NFC key is available now from Yubico’s website.
The key costs US$55 for a single unit, however, there is also a recognition that a business will likely want to buy many keys for their employees.
You can pick up a 10 Pack for US$528 (4% saving) and even a tray of 50 for US$2640 (also 4% saving).
This pricing is fairly affordable and when you consider there may be implementations that require MFA where handing over the biological data may not be appropriate, this is a great option.
Increasingly we’re living in a world that’s USB-C everywhere, however, if you need a USB-A option, Yubico also offers that.
After using the Yubico YubiKey 5C NFC key as a MFA option, I was really impressed at its ability to walk the line of convenience versus security. MFA is something I’m enabling on all accounts that support it and I strongly encourage you to as well.
I’ve generally found using mobile phone authenticator apps like Microsoft Or Google Authenticator works well for me, however, I understand that in some environments, particularly commercial ones, that this may not be possible. In those scenarios, having a hardware authenticator that is small and convenient to carry, is a great solution.