Ode to the value of Backup YubiKey(s)

A few weeks ago, I was in my hotel and reached into my pocket to get my YubiKey. Without it, I can’t log into certain email, CMS or other systems without going through an involved IT administrative process.

The key was gone.

That is an instantaneous bad feeling, wiped away only by the backup YubiKey I carry and store in a separate location.

Earlier, at a gathering of identity and authentication geeks, I was one of three Yubico employees walking people through the registration and use of the YubiKey with various apps.

Afterward, I left my computer with colleagues to go have a side conversation for a few minutes. YubiKey in plastic sleeve

Unbeknownst to me, my diligent co-worker was cleaning up and collecting keys that had not been used or handed out. He saw a key inserted into my computer, and thinking it was part of the demonstration, removed it, tucked it back into its plastic sleeve and tossed it in a bag with 50 or so other keys.

(In his defense, he was unaware that I use the plastic package sleeve to protect against inadvertent key taps. What? You throw the sleeve away!)

The next day, my colleague unknowingly handed the key out to a random person who had requested a sample. My key was gone. Never to be seen again.

(I only learned that part of the story after telling him the next day about how I had lost my key but had been saved by a backup.)

So when I discovered in the hotel that my key was missing, my immediate reaction was “where is it?” and I spent a few moments searching for it. But I knew I had my backup YubiKey cleverly concealed in the room.

I retrieved the backup YubiKey and got right to work, having full access to my complement of applications and services.

This scenario is the answer to a common question Yubico hears: “What happens if I lose my YubiKey?” If you are prepared, the answer is nothing happens. It’s the same answer for “What if my hard drive crashes?” The real question is how important is my data/security and how do I protect and preserve it.

Given the YubiKey’s design, I didn’t need to worry about my main key in the hands of a stranger. The key has no data about the owner so I was undiscoverable. In addition, I was able to delete my YubiKey registrations from each one of my apps.

On the (very) off chance the stranger with my key located my computer and me; the key was worthless (even without deleting registrations, an attacker would also need my username and password for each app). I was able to pick right up with a new key. The only thing I had to do was establish a new backup key.

I did that after I was done working just to get a taste of what it feels like to live on security’s edge for a few hours. The feeling of having a backup is much more comfortable.

Want to learn more about lost YubiKey best practices?

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Wrapping up a strong year, and looking ahead to 2025 and beyondIt’s no secret that 2024 was a big year of growth for Yubico, highlighted across many notable achievements by our team and increasing demand from our customers. As discussed in my previous post, following a transformative year driven by key cybersecurity trends like passkeys and AI, the year culminated in the significant step of Yubico […]Read moreCEOEarningsMattias Danielsson
  • The rise of AI-driven phishing attacks: What to know and how to be secureAs businesses continue learning the benefits that artificial intelligence (AI) assisted computing tools provide, we’re continuing to see rapid interest and adoption of the technology – especially within the enterprise. Most conversations up until recently have revolved around ChatGPT, but now another new AI-powered large language model tool – DeepSeek – is creating a lot […]Read more
  • Works with YubiKey Spotlight: Expanded partnerships redefining phishing-resistance in 20252024 was an exciting year for Yubico and our partners. Together, we achieved remarkable milestones, launching innovative solutions and forging stronger partnerships – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart of these efforts lies a shared commitment to phishing-resistance.  From registration to […]Read moreWorks with YubiKeywwyk
  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions