Over the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what steps they need to take to better protect themselves from increasing digital threats like phishing.
The consistent piece of advice I give for anyone with online accounts is to set-up up multi-factor authentication (MFA). But not any form of MFA will do – a device-bound passkey like a YubiKey offers the highest level of protection.
But getting familiar with new technology often comes with new questions. Here are some of the top questions Yubico hears (some of these direct from Black Hat last week), answered to help you navigate the world of security keys and show you why the YubiKey is a game-changer for both your company’s and your own online protection.
- How does a YubiKey work?
The internet was designed for sharing information, not security. As it has advanced and scaled to be a critical part of our everyday lives, so have the cyberattackers. The burden of managing countless complex passwords leads to forgotten logins, simplified choices, or reuse – all compromising security.
As phishing and credential stuffing attacks escalate, it’s critical to protect online accounts with phishing-resistant MFA. Once a YubiKey is set up for an account, even if a hacker gets ahold of your login credentials, they won’t be able to access your accounts without the YubiKey. YubiKeys also require a physical touch or tap to authenticate.
- Are YubiKeys easy to use?
The YubiKey allows you to easily remove your dependency on passwords! YubiKeys can be used anywhere, require no batteries and can be easily set up with your most important accounts in minutes. Many YubiKeys have NFC capabilities as well, allowing you to authenticate with a tap to your device.
For many apps and services, you don’t need to use the YubiKey every time you log in. Once an app or service is verified, it can stay verified. It’s that easy. And perhaps even better? Security keys are very affordable, starting with Yubico’s Security Key Series keys at $25.
- What happens if I lose my YubiKey?
Just like you have a spare car key or house key, you’ll want to have a spare YubiKey. We recommend registering your backup with your accounts when you first set up your YubiKey. If you lose your primary key, you can simply use a backup key or your recovery method to regain access and then remove the lost key from your account’s settings.
- Can one YubiKey protect all my accounts, or are individual YubiKeys needed for each account?
New YubiKeys support 100 passkeys, so a single YubiKey can be used to protect multiple accounts that support it. The key itself doesn’t store your passwords or account information; it generates a unique cryptographic signature for each service you register it with. It’s best practice to have a spare key registered to your accounts in the event that you need it.
- Which accounts and services support YubiKey?
YubiKeys are compatible with hundreds of services, including your core accounts like Google, Apple, Microsoft, enterprise applications, popular social platforms like Facebook, X, and many password managers.The number of supported enterprise and consumer apps and services is constantly growing: For a comprehensive list, you can check the official Works with YubiKey catalog on our website.
- Why should I use a YubiKey instead of SMS codes or authenticator apps?
While using any form of MFA is better than none, not all MFA is created equal. The YubiKey’s purpose built, hardware-based security and ability to prevent phishing attacks through protocol verification makes it rank highest on the authentication scale of trust. Once you use it, you’ll never go back.
- Where can I buy a YubiKey?
You can buy a YubiKey directly from Yubico or on Amazon, Best Buy, Staples, Office Depot and Walmart.
For more information on Yubico, visit yubico.com.
