YubiKey: Hardened against attacks; anti-phishing features

Analysis: Mobile devices allow users to install apps, which also provides avenues of attack for malicious entities. Malware installed on a mobile device can compromise the security of its 2FA authentication, and any site or service it protects. SMS authentication is susceptible to man-in-the-middle attacks. YubiKeys, on the other hand, are built to withstand malware, phishing and hacks.

 

YubiKey: Simple, automatic entry of one-time password (OTP); no need for manual entry

Analysis: Time-based hardware tokens, SMS and mobile phone software require the user to physically enter in a code each time they wish to authenticate. YubiKey authentication is completed with one touch of a button or tap via NFC removing user error and allowing for instant entry of longer, more secure OTPs.

 

YubiKey: No client software or drivers to install; nothing needed except the key

Analysis: Other authenticators rely on drivers and client software to complete their solution. YubiKey is a standalone device that acts like a keyboard when it is plugged into a USB port or is used as a contactless device communicating over NFC. The YubiKey is compatible with authentication protocols already supported by many existing applications and services.

 

YubiKey: No need to administer time synchronization

Analysis: Time-based solutions including hardware tokens do not have an easy way to resolve time drifts when the system and token clocks fall out of sync. While the YubiKey can support time-based authentication, the device is not restricted to TOTP. In fact, the YubiKey supports multiple protocols on the same device allowing for the best solution for any situation.

 

YubiKey: Near Field Communication (NFC) functionality; contactless support

Analysis: While some smart cards may offer an NFC option, YubiKey integrates NFC into both OTP and smartcard (CCID) mode. This allows for a greater flexibility for delivering a second factor of authentication. (Note: NFC is available in the YubiKey NEO model only.)

 

YubiKey: Can provide a complex static password when 2FA not available

Analysis: Other authenticators don’t offer this feature, which allows a complex and long password to be used when two-factor authentication is not supported.

 

YubiKey: Crush and impact resistant — stands up to abuse

Analysis: Other authenticators can’t take the same level of abuse as the waterproof, crushproof, and hermetically sealed YubiKey. In addition, the YubiKey does not have a battery or moving parts.

 

YubiKey: Designed with the next generation protocol (FIDO U2F) built-in

Analysis: Other devices are generally single purpose, single protocol authenticators, while YubiKey works with all protocols we support without the need to make any changes to the device or change any configuration. YubiKey supports Yubico-OTP, OATH-HOTP, OATH-TOTP, OpenPGP, Smart Card (PIV Compliant), and FIDO U2F.

 

Also see the Function Comparison.