Ode to the value of Backup YubiKey(s)

A few weeks ago, I was in my hotel and reached into my pocket to get my YubiKey. Without it, I can’t log into certain email, CMS or other systems without going through an involved IT administrative process.

The key was gone.

That is an instantaneous bad feeling, wiped away only by the backup YubiKey I carry and store in a separate location.

Earlier, at a gathering of identity and authentication geeks, I was one of three Yubico employees walking people through the registration and use of the YubiKey with various apps.

Afterward, I left my computer with colleagues to go have a side conversation for a few minutes. YubiKey in plastic sleeve

Unbeknownst to me, my diligent co-worker was cleaning up and collecting keys that had not been used or handed out. He saw a key inserted into my computer, and thinking it was part of the demonstration, removed it, tucked it back into its plastic sleeve and tossed it in a bag with 50 or so other keys.

(In his defense, he was unaware that I use the plastic package sleeve to protect against inadvertent key taps. What? You throw the sleeve away!)

The next day, my colleague unknowingly handed the key out to a random person who had requested a sample. My key was gone. Never to be seen again.

(I only learned that part of the story after telling him the next day about how I had lost my key but had been saved by a backup.)

So when I discovered in the hotel that my key was missing, my immediate reaction was “where is it?” and I spent a few moments searching for it. But I knew I had my backup YubiKey cleverly concealed in the room.

I retrieved the backup YubiKey and got right to work, having full access to my complement of applications and services.

This scenario is the answer to a common question Yubico hears: “What happens if I lose my YubiKey?” If you are prepared, the answer is nothing happens. It’s the same answer for “What if my hard drive crashes?” The real question is how important is my data/security and how do I protect and preserve it.

Given the YubiKey’s design, I didn’t need to worry about my main key in the hands of a stranger. The key has no data about the owner so I was undiscoverable. In addition, I was able to delete my YubiKey registrations from each one of my apps.

On the (very) off chance the stranger with my key located my computer and me; the key was worthless (even without deleting registrations, an attacker would also need my username and password for each app). I was able to pick right up with a new key. The only thing I had to do was establish a new backup key.

I did that after I was done working just to get a taste of what it feels like to live on security’s edge for a few hours. The feeling of having a backup is much more comfortable.

Want to learn more about lost YubiKey best practices?

Talk to our teamTalk to our team

Share this article:


  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard
  • Yubico recognized by TrustRadius 2025 Award for top customer reviewsAs AI-driven cyber threats like credential phishing evolve and grow in complexity, phishing-resistant YubiKeys are an important component toward cyber resilience — and our mission to make the internet more secure has never been more critical. To support this, customer feedback is something we take very seriously and is an invaluable tool to ensure we’re […]Read moreawardsTrustRadius
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more