Yubikey... Keys

Sometimes, you want extra security, and, for example, you don’t want to use a phone everywhere (Like, logging in to your google account) for 2-factor authentication (2FA). Then, what should you use? For me, the answer is Yubikey Also- Yubikey provides even more features you might not have thought about, like- getting a one-time password straight into your console, or, even more- you can make that your PC doesn’t allow any sudo commands while you haven’t added the yubikey. Basically- you can make that nobody can access your computer/account without this “access token”

So, what is it?

The industry’s #1 security key, enabling strong two-factor, multi-factor, and passwordless authentication.

And there are 2 Types of the keys.

These keys are good all-rounders- it’s not just for only online account usage, but also for

• OTP (Good example- AWS allows you to use 2FA in console, and yubikey allows you to generate TOTP in your console, so, in theory, you can automate something, that requires 2FA.),
• Using it for open GPG (storing your GitHub account GPG Key, to sign your commits, or, signing in your servers via
• PAM authentication. (Basically- if you don’t have it on your PC, you won’t even be able to turn the PC

It also has NFC functionality to use on your phone. (for example, you can put an app that contains your 2FA keys on it and when you scan your yubikey NFC, it would unlock it.

The only problem with it might be the cost- it costs from 45-55 EUR per key (plus VAT). So, it would set you back around 120 EUR, if you’re going to buy two (just in case if you lose one key and need a backup).  But there are some discounts now and then, which can lower the purchase of 5series by 20% and you can get Security key 50% off.

Then, there is the second type of key- The security key. It’s mainly used for Logging into your online accounts. It doesn’t provide functionality like 2FA, PAM authentication, and so on, but it’s a lot cheaper- it costs only 25 EUR (plus VAT). Just like Yubikey 5 series, they also have NFC functionality, so you can use it for phones. You can authenticate, for example, to Reddit by it. Basically- get the blue one if you don’t need any other fancy things like TOTP/PAM/open GPG. But, if you want to use something else than USB A, you might have to look into Yubikey 5 series.

Also, in near future, Yubikey will be providing a key, that allows you to use your fingerprint to access something. So, this also is a thing to keep in mind. If you want to find out, if any of your used apps allow to use a yubikey, you can check it out here And yes, there also are some alternatives to this, like nitrokey and onlykey or even google titan, but far as I know, they aren’t used so much as yubikey. For me, the only thing I currently would love to see is a good way to implement yubikey, to use it in PSD2 cases- like when you want to approve a payment inside a bank, because currently because of some laws, only “safest” way to approve a transaction, is via SMS and a 6 symbol key. Yes, SMS. And they don’t approve of simple Google 2fa keys because you can’t provide a reason for the payment/sum e.c. in any of these apps.