Reviewed by David Savage
We are now living in a strange time where the outside world is a lot quieter, the skies are clearer and less polluted, all because of the Coronavirus (COVID-19) pandemic that has hit countries around the world and forced us to stay at home. Kids are no longer going to school, having to be home educated and millions of us (where possible) are now working from home.
Working from home might seem like a brilliant idea but it does come with its own challenges, especially keeping your data on your devices secure. Keeping data secure is a very important task, especially if you are having to share your computer with the kids now they are being home schooled.
Good practice is to have your online accounts password protected but they can be guessed or hacked. A hardware solution is a much better idea and YubiKey have the answer to keep your accounts such as Facebook, Microsoft, Dropbox, Google, Gov.uk and lots of other sites safe.
Yubico have the YubiKey hardware keys, which are hardware devices using USB or NFC, that need to be used in conjunction with your device to gain access (laptop, computer, tablet or phone). Usernames and passwords alone are not enough to secure your accounts as websites, sms and mobile apps are all increasingly vulnerable to malware and hackers.
What is Two-factor authentication?
Two-factor authentication, in very simple terms, is a method of gaining access to a website or account that needs two pieces of identification for you to gain access. For example, when logging into your bank you may need to enter your login details as well as a code that you receive by text. Lots of sites now offer two-factor authentication and a hardware device is the best way to use it as someone who wants to gain access to your account will need the hardware device as well as your username and password.
So what is the YubiKey?
The YubiKey is security device for your computer and phone devices. It is a small external and portable hardware device that adds two-factor authentication when logging into websites that require a username and password (not all websites and apps support this yet, or institutions like banks have they own security methods).
A hardware authentication device, such a YubiKey, requires that when logging in to a website such as Facebook, Google or Gov.uk as well as entering your username and passwords you will need to plug in the Yubikey device to gain access.
The YubiKey comes in several options and sizes for use for personal and business, with different levels of security (with a fingerprint recognition coming soon).
- The YubiKey Series 5 comes in USB-A, USB-C, NFC and Lightning connector and supports FIDO2, U2F, Smart card, OpenPGP, OTP (One Time Password).
- The YubiKey Security Key Series comes in NFC and USB-A options, supports FIDO2, U2F and is Waterproof and crush resistant.
- The YubiKey FIPS Series comes in USB-A and USB-C options, supports smart card, OTP, U2F and is suitable for government and regulated industries as it meets the highest level of assurance (AAL3) of the new NIST SP800-63B guidelines.
For review I received the YubiKey 5C, a small USB-C device to plug into a device with a USB-C port, and the YubiKey 5 NFC, this plugs into a computer with a USB port or can be tapped to any NFC enabled phone.
Both devices are very easy to use (work best with Chrome or Opera internet browsers). Just go to yubico.com/start and choose the service you want to use the YubiKey with (I choose Facebook as it is something a vast majority of people will probably use) and follow the online instructions. For Facebook you will need to go into your security settings and enabled the two-factor authentication and add the key, but the online instructions show you how. Once enabled, every time that you want to log in to Facebook (or any other of the supported websites) you will need to put in your username and password, insert your YubiKey and tap the relevant place on the YubiKey (NFC has a gold circle on top, 5C has a gold button on the side) to gain access, without the YubiKey no one can get into your account (in situ or remotely), so your account is safe from takeovers. If you stay logged in you do not leave to YubiKey plugged in, but once you log out you will need the YubiKey to log back in.
The YubiKey can be used alone, requiring no username or password – just tap the key to authenticate. This is Single Factor (Passwordless).
The Two-Factor option requires password and tap to authenticate. This is most common option requiring username, password and tap.
Or you can use Multi-Factor which is passwordless but requires a PIN. Using this method requires the YubiKey, a PIN and user touch.
To change the method of login authentication you will need to download the YubiKey Manager software from the Yubico website. This software is very easy to use with a simple interface and allows you to change your YubiKey authentication method.
I really like the YubiKey and the way they hardware protect my accounts. They are simple to use (with my phone I just touch the NFC version to the rear of my phone). They secure lots of website accounts, protecting access to my information and files. The downside for me is that I would have liked to be able to use them with my bank accounts but unfortunately my bank does not support them. I do like the idea of using with Gov.uk websites though. They deliver excellent protection from phishing and account takeovers by adding an extra level of protection that cannot be remote used.
If you are working from home or just want to add extra security to your own accounts and cloud storage, I can highly recommend the YubiKey (as do Google). Simple, safe and very easy to use.
Prices start from £19.