Why YubiKey wins
Strong authentication. Easy to use. Low cost.
| YubiKey | ||||||||
| FIDO U2F | Smart Card | PGP | OTP | Smart Card | OTP Token | Phone | TPM | |
| Security | ||||||||
| New passcodes for every login, significantly stronger than static passwords | X | X | X | X | X | X | X | X |
| 6-32 character one-time password, including time variant code | X | |||||||
| Public key crypto, hardened against phishing & man-in-the-middle attacks | X | X | X | X | X | |||
| No cryptographic secrets stored or hosted by vendor* | X | X | X | X | ||||
| User presence touch sensor, verifying that the user is human, not malware | X | X | X | X | X | |||
| Transparency on server software, open for scrutiny | X | X | X | X | ||||
| Hardware protection of keys in secure element | X | X | X | X | X | X | ||
| Usability | ||||||||
| Fast “one-touch” authentication process | X | X | X | X | X | |||
| No card reader needed | X | X | X | X | X | X | X | |
| No driver or client software needed | X | X | X | X | ||||
| One device to any number of independent services, without federation | X | |||||||
| No user identity required or shared, to preserve privacy | X | |||||||
| No time synchronization issues | X | X | X | X | X | X | X | |
| Portable between all computer platforms | X | X | X | X | ||||
| Works with NFC devices, excluding iOS | X | X | X | X | ||||
| Works with iOS devices** | X | X | ||||||
| No batteries | X | X | X | X | X | |||
| Waterproof and crush-resistant | X | X | X | X | ||||
| Integrates seamlessly with computer, yet can still be removed | X | X | X | X | ||||
| No need for extra hardware besides your computer and phone | X | X | ||||||
| Authenticator fits nicely both on your keychain and in your wallet | X | X | X | X | ||||
| Works for users with limited vision | X | X | X | X | X | X | X | |
| Multiple affordable backups, minimizes risk of being locked out | X | X | X | X | X | |||
| Cost | ||||||||
| Offered with free, open-source servers and programming tools | X | X | X | X | ||||
| Multiple authentication and cryptographic protocols on one device | X | X | X | X | ||||
| Easy for customer to program own secrets, at no or low cost | X | X | X | X | ||||
| Users can purchase their own authenticators | X | X | X | X | X | |||
| Weighs less than a credit card, ships with standard postage | X | X | X | X | X | |||
| End-user self-service provisioning | X | X | ||||||
| Low-cost HSM for securing OTP secrets | X | |||||||
| Multiple backups minimizes recovery support costs | X | X | X | X | ||||
Read more about why YubiKey beats other methods on our blog post.
* No cryptographic secrets stored or hosted by vendor
Yubico offers an optional authentication service, YubiCloud, for hosting OTP secrets.
** Works with iOS devices
The YubiKey is often used in combination with a phone authenticator, or the computer with YubiKey bootstraps the phone (Gmail, LastPass, etc).
YubiKey for business, personal use, developers
The YubiKey is used by businesses to secure G Suite, Windows Login, Dropbox for Business, Salesforce.com, Open PGP encryption, password management, development platforms, and much more, plus the YubiHSM secures secrets on servers. Find out more about YubiKey for Business.
People use the YubiKey to secure their personal accounts on Google (Gmail, G Suite, YouTube, Blogger), Dropbox, GitHub, password managers, and many other applications that use two-factor authentication. Find out more about YubiKey for Personal Use.
Developers can integrate two-factor authentication in minutes using our free open source software. Find out more about YubiKey for Developers.
Find out more and compare YubiKeys.