Yubikey Bio vs Yubikey 5 | Is Fingerprint 2FA Worth an Extra $40?
Which 2FA key should you buy? Here is a look at how the new Yubikey Bio, which uses your fingerprint as added security, compares to the Yubikey 5 series, which is widely considered the gold standard in 2FA keys. If you care about your online security, this is IMPORTANT!
▶ Buy Yubikey 5 Series keys: geni.us/yubico-5c
▶ Buy Yubikey Bio keys: geni.us/yubico-bio
(the above are affiliate links, which means that at no extra cost to you, I will be compensated if you purchase your 2FA key through these links. Thank you for your support of this channel!)
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹🔹What You Should Watch Next🔹🔹🔹
We've got a lot of great privacy- and security-related content here on the All Things Secured KZhead channel (although we admit we're a bit biased). For more help related to your passwords and 2FA security, here are some videos you should watch next:
✅ How to Setup a 2FA Key for Online Security: • Setup a 2FA Key for MA...
✅ How to Setup Google Authenticator (free): • How to Set Up Google A...
✅ Ultimate Password Manager Setup Guide: • ULTIMATE Password Mana...
🔹🔹🔹Help Support All Things Secured (Recommended Services)🔹🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Yubikey 5 NFC vs Yubikey Bio
0:28 - My favorite 2FA key
1:00 - Why use a 2FA key with biometrics?
1:45 - Setting up the Yubikey Bio fingerprint
2:33 - Pros and Cons of the Yubikey Bio
5:10 - What if the bio sensor breaks?
6:19 - Yubikey Compatibility: 5 NFC vs Bio
7:29 - Which 2FA key should you use?
*********************
I've been using the Yubikey 5 series 2FA key (2-factor authentication) for many years now and it is an excellent way to secure your online accounts, including Gmail, social media, and investments. But with the introduction of the new Yubikey Bio, many people are confused as to which one they should buy. Here's a quick look at the differences between the two to help you make an informed decision.
#2fa #yubikey #cybersecurity
Was this a helpful comparison for you? Leave any questions below and I'll do my best to answer. And I always appreciate your support when you use my affiliate links to buy either the Yubikey 5 series keys (geni.us/yubico-5c) and the Yubikey Bio series keys (geni.us/yubico-bio).
yes, this is very helpful
Glad to hear it!
Very good explanation. Thanks. I just bought 2 x Yubikeys 5 NFC. Since I will be using them on my desktop, laptop, smartphone. That's exactly why I did not choose to buy the biometric version (No NFC).
@@AllThingsSecured i kind of didnt understand how for the laptop its necessary the bio Yubikey but than i could acess the account from a nft yubikey in my cellphone? I thought the only way to acess the account would be with a bio yubikey? Confusing
Hi!I’m sorry to bother you.I have an Apple MacBook Pro.Can I use the Bio series with that,to connect to my computer?(usb port etc.)
My friend who used to do woodworking also recommend you have a backup not based on your fingerprint.
👍🏻👍🏻
🤣🤣🤣
Add a toe for good measure
hahahahahh
Same for climbers... My macbook's fingerprint reader constantly fails me after a day of bouldering
The USB-C standard is on most newer Android phones, meaning you can use the Biometric function on Android. I'd like to just point out that while you personally use Apple, a large mobile market segment will be able to use the bio series.
@@kellyotter what adapter do you use? I’ve tried one and it doesn’t work.
Do you know if there's a Yubikey for microUSB ports?
You need a micro-USB to USB-C adaptor (See Amazan). Note: Another option is to use a magnet adaptor for both the port on the mobile and, the Yubikey. Unfortunately, magnetic cables do not yet have an IEEE standard so, you are locked into brand and style. @@SuperMassiveMax
no. but you can go to the website and find it for your self like any decent human being.@@SuperMassiveMax
@@SuperMassiveMax I don't think so, but if you're device supports USB to go, you can probably get an adapter.
Hey mate. Just gotta say I browsed your comment section and noticed youve replied to virtually everyone with advice or answers. Very strong commitment and impressive! I've followed.
Thanks, Daniel. I can't do it for every comment, but I do my best.
My advice for someone just getting into security keys, get 5 series with NFC. Covers the most use cases.
Agreed, Peter. I shared pretty much the same advice in the video. 👍🏻
Doesn’t work for iPads with lightning
Doesn't nfc reduce the security of the key? With a transmitter you can read the key? We lose the security of the hardware encryption principle
@@comecontre7912 read the key? how?if you need to hold the key almost against the key to work? and if so then still how can one decrypt the software on the key?
@@comecontre7912 you should NOT be able to read the secret key!😐 I think you mean an attacker could access the key from a distance.
Dude, this video helped me to decide to buy which key as my backup. Thanks a lot.
Good point about the removal of NFC. I overlooked that initially. Thanks
Glad this was helpful, Marvin. Thanks for the comment!
The biometric authentication requires power that can't be provided via induction over NFC
@@SayedHamidFatimi that power can be given by the device itself. so it wont matter. even a cell phone can power the biometric. any device has way more than enough power to power the biometric of any biometric key.
Great Video on 3 Factor Authentication Josh... Thank You... 1st Factor Auth: ... UserName & PassWord Submited 2st Factor Auth: ... Yubi Key inserted into your Desktop USB and clicked when prompted. 3rd Factor Auth: ... Yubi Key Biometrics test combined with Key and clicked when prompted. Excellent Video Josh...
Awesome thank appreciate it I'm going to buy it early next year
Hope you enjoy it, Mitchell!
Thanks , great information !
Thanks for the video. You answered some questions I had about using it with mobile devices etc. Is the pin backup open to brute force? It would not take long to go though 9999 numbers if it allows 4 digit pins?
Already have the 5c which will be my back up and trying to decide between NFC or Bio. Think I will go with NFC for now based on your feedback.
Informative and concise! Thank you. When you say the bio doesn't work with some accounts....basically because the bio doesn't support the authenticator applications. If an online account requires you to use the authenticator app, then you would not be able to use the bio key.
That is correct. I don't think I did a good job of explaining that and perhaps even misspoke about the authentication protocols (I'll need to double check). The important point is that not all accounts accept a 2FA key and since the Bio doesn't have the authenticator - as you say - it can't be used for all your 2FA needs.
@@AllThingsSecured you did a great job. There's a lot to cover and so many different aspects. In the videos that I've done, it always seems I'm missing something in the presentation, so really appreciate your effort thanks again.
@@AllThingsSecured The BIO also doesn’t include PIV. PIV support (when used with a PIN) is also protected if your device is stolen.
A very helpful video! Thank you very much!
Glad it was helpful!
Hi Josh, I’m considering buying an YubiKey 5Ci, since I suppose, owning only two iPads Pro (one 2020 and one M1) and an iPhone 12. So I have no desktop or laptop. I use 1Password for all my passwords and 2FA codes. Considering this and that my use is mostly personal, and at €70 each key (buying 2), would you still recommend the investment. After looking at the services compatible, I would probably using the YubiKey withe no more than 5-6. Thanks and keep up the nice videos.
Muchas por subir estos videos nos ayuda mucho. Saludos
I work for a company that uses cleaning chemicals daily and i've found that when I had the fingerprint scanner on a phone, I had to use multiple fingertips as backups to unlock that phone. The chemicals alter the way my prints registered on the ID pad. So i've become very leery about using my fingerprints for my sole access.
Very interesting. Thanks for sharing your experience!
Why don’t you wear gloves? Chemicals are not good for you.
Question: What do you think of actively using 2 keys (the bio and the NFC)? I mean, using the bio for all the accounts it can be used for, and using the NFC for everything else. (with a third key stowed away as backup) Would this create any problems, like confusing the auth app, or creating some other odd conflict? Thank you for this informative and helpful video by the way!
I wouldn't think you'd run into any issues. It shouldn't confuse the auth app at all because it's designed to work with multiple keys. He even mentioned that a mix of the NFC and bio keys is an option. The biggest issue would probably be trying to remember which account is on what key!
Awesome advice 👍🏾👍🏾
Thanks!
Excellent video....well done
Thanks, Chuck!
One for you and one for spouse but both are also saved for you and spouse. I would also suggest a third that is stored in a VERY safe place.
Great video - very well explained. Where can I find out what applications work with the Yubikey 5NFC
I have a link to the website “what works with Yubikey” in the video description.
Great video! Something I do not like of the Yubikeys is that someone can of course, steal them (or I can lose mine). I have two standard Yubikeys but I am thinking I will buy the Yubikey bio. Would you know if the Yubikey Bio works with Binance? Cheers.
Bravo man! you are a pro!
Thanks so much!
Awesome as these are the two I selected for that exact reason. Now concerned that the BIO may not work for the sites I want to use it for. Hopefully, support is added in the future if that's the case.
Yea, I hope so too, Kevin.
Thank you !! With this video !!! This video helps !!!! 😎😎 !!!!
Glad to hear it.
Excellect video...Well presented!
Glad you liked it, Ivan!
Great vid!
Perhaps a silly question, but I assume you can have more than one backup Yubikey. My daily one, my backup at home, my backup at a family member's house, etc. Is that the case? In the same way, if I did break or lose my main key then I could just make a backup from my backup. Correct? Thanks for all your videos Josh!
Hey Josh, I enjoy watching your videos-keep up the good work! Can you make a video on how to set up your Mac, iPhone, Android, Windows for privacy (like settings to use, apps to install, etc.)? Also, making a video on email forwarding service, such as AnonAddy or iCloud Mail relay, would be really helpful! Furthermore, I would like your opinion on using apps vs web browsers. Do you sign in to apps on iOS or use the web browser? For example, using the KZhead app vs the browser or the Amazon app vs the browser or the Netflix app vs browser. I wonder if it's better to use the web browser because the company will have less access to data, but at the expense of user experience. Wouldn't companies be able to link the dots together easier if you use native apps? For instance, signing in to the KZhead app also signs the user into every other Google app. (Any thoughts on progressive web apps, LOL?)
Thanks so much for the suggestions, Harold! A few of the ideas you shared are already on my content calendar, but I'll add the ones that aren't there.
@@AllThingsSecured I just saw those! Good stuff. Did you read the second half of my comment?
Love this info
can you describe the difference between the 2 keys from security point of view, which is better and which techonelgy each of them is using
For me I see a potential HUGE down side : it'is/can more fragile an more prone to defect. That's a deal breaker for me, beside that I have a bad experience with biometric sensor so I don't like it. On the security side their is multiple way to use a MFA token, on yubikey you can use opengpg for everything and configure it to burn the subkeys if the wrong pin is enter 3 times. So loosing it isn't really an issues and I guess it's more secure them a biometric solution maybe.
Thanks for this great video. I'm trying to understand why some services work with the 5 series but not the Bio. Is it just because they use TOTPs instead of FIDO2/U2F? My understanding of FIDO is that the biometric stuff is entirely local, and once that layer of authn is completed, the flow is the same as it would be with a Yubikey 5.
Correct. It’s not about the biometrics, it’s about which security protocols the key supports.
@@AllThingsSecured Thank you, appreciate you taking the time to respond.
Such a useful video
Glad it was helpful!
Hi, do you have a video showing how to set up a backup key?
Thanks!
Wow…thanks so much for the support, Fred! 🙌🙌
I’m looking to upgrade my security with 2FA. Do you have a video on how to get started with the Yubikey and specifically, how to authenticate multiple Yubikeys with the same online account?
Hey John! Have you seen this video I produced last month? kzhead.info/sun/md6OhtayZ5uuoXA/bejne.html To setup multiple Yubikeys on the same account, you simply have to go through the same process in the video above again with the backup key. There is no "migration process" or way to duplicate keys other than setting them up separately, preferrably at the same time, on the same account. Does that help?
Love my new Yubico 5 NFC
Great! It's still my favorite 2FA key as well.
Thank you.
My pleasure!
thanks! I just buy a backup Yubikey 5 yesterday, and I was scared you recommended the BIO one 😌
Ha! You're going to love the 5 series, Martin :)
Re Nano option. Is the depression of the unit a toggle switch or is the product somehow reading my print? If merely a toggle, what's to prevent non-me from gaining access? Txs.
hi, thank you very much...
My pleasure!
Hi Josh, a query I currently have the Yubikey Security Key (the blue one), with which I have registered all my services with authentication by Key. I want to buy a second device now to have a backup in case I lose one ... I want to buy the Yubikey 5 NFC (The black one), and use it as the main one because I have the TOTP there and I currently use the authenticator microsoft, I would like to pass it all to the authenticator yubikey. Now, if I have as a second option the blue one for backup, the TOTP will not be able to recover it in case of losing the black one, correct? What do you recommend me? Thank you very much for your videos.
If I understand your question, Juan, you want to have the 5 NFC as your primary key as well as Authenticator. The blue key is the backup (which doesn’t have an Authenticator). In that case, you can always keep Microsoft Authenticator as a backup to the 5 NFC. Does that sound right to you?
@@AllThingsSecured Yes, I was thinking about it, and so I don't have all my eggs in the same basket. haha thanks
i have 5nfc black and 5nfc key for android
i use them all the time for my facebook and twitter and gmail
Hi! Can you please answer me two questions? Can you please tell me if 3 people can use the same Yubikey with their own accounts? Or each person need to have one different Yubikey? And the other question is: We want to use the key mainly for Outlook, PC, Facebook... both on mobile phone and computer. You recommend the 5NFC instead of the Bio, right? Thanks so much in advance
I think he mentioned the BIO does not support connectivity to mobiles so you would need the 5NFC. Appreciate you question was from 6 months ago so is probably redundant now 😀
hi josh. i have a couple questions 1) if i leave the yubikey in my pc 24/7 , and i have lasspass, if my pc is stolen, won't they have access to all my logins? and if so what do you reccomend to prevent that? 2) another question, not related to yubikey per say, but i want to do estate planning for my kids when i pass on and was thinking if there is a device that i could put my kids finterprints like the yubikey bio so only they could access and on this device would be my will and bank info, btc wallet and info they need, where i can put all my notes/instructions to them on how to use and what to do where i know this can't get into the wrong hands. or it could be online method as well, but this is what i'm trying to accomplish that if i become 'inactive' i want them to access and only them this info, would love to hear your suggestions or maybe you made vid on this topic already
Hey Andrew, interesting questions. Here are my answers: 1) I don’t leave my 2FA key constantly plugged into my computer and I generally don’t recommend that for the very reason you stated: theft. 2) I generally don’t like to rely on technology for estate planning. I use it as a backup, to be sure, but I have a primary estate plan that is kept with my lawyer or printed and physically put in a safe. I just don’t trust that the technology won’t break or no longer be compatible 10 years down the road. I mean, imagine if you had kept all your estate stuff on a CD 10 years ago! I do t even know if I have a CD reader in my house anymore! 😜
If your PC with the key and LastPass gets stolen you immediately change your masterpassword and from there refresh all 2FA Codes (the OTPs) and disable the missing key from FIDO enabled accounts.
Can you use the Bio to log in to Linux and MacOS with just the touch of the sensor? (like Apple TouchID)
What about the blue regular series ? Would be for coinbase. My phone does not support NFC so i was looking at the cheaper blue series. It is just as secure ? I think it would be. It supports what coinbase want's
Yes, the blue "Security Key" series is just as secure, but it lacks the ability to create one-time passcodes (OTP) to replace an authenticator app for those online accounts that don't accept 2FA keys. If all you need is something for Coinbase, though, you should be good with the Security Key.
Yubikey even says the bio version is for shared workstation scenarios, not for the normal individual. Just get the 5 NFC.
regarding setting up the backup key: how many backups can you have? For example, could I have a backup I keep at home, and a third key I keep off site?
It seems to depend on the service. Google, for example, has allowed me to have 5 different keys associated with my online account. There may be a limit, but I’m not sure what it is.
depending on the service you can have many keys. (Lastpass for example lets you add 5 but you have to pay for premium AND NOTE Bio doesn't work with Lastpass but 5 series does.
Thanks guys! Appreciate the info!
Very helpful video - thank you. Do you know how this adds security to my smartphone on my google account? On the google account I cannot log out but only remove the account from the smartphone. So - if I'm always logged on, therefore 2FA authenticated - is not that even worse? Cause if the phone is stolen its stolen with the 2FA on.
I'm not sure I understand completely. Your phone should be locked and you can always log the phone out of your Google account remotely if it is stolen/lost.
@@AllThingsSecured Hi, sorry if I cannot express my concern in a more clear way. Yes the phone is locked but I'm confident the usual street thiefs can find a way to crack that. Regarding log out the Smartphone from the Google Account remotely via a PC log-on. I tried that. And - suprise...I'm still logged on on the smartphone. Google is like HIV. You can't get rid of it.
Would've loved some more focus on the different protocols here. As far as I know the bio doesn't support OTP for example.
It doesn’t. I thought I made that clear, so my apologies.
He indirectly expresses that at 6:19, but he doesn't explicitly state why those services are incompatible.
@@AllThingsSecured you should make this clear. Add it to the description.
If you lose a device, can you deactivate it remotely? Thinking from a business standpoint if an employee looses one especially if it's the NFC.
Yes, with every account I have, as long as I have an admin or backup key, I can go in and deactivate a lost or stolen key.
Can I configure a LUKS volume to be opened if I provide both a passphrase and the BIO or 5 NFC?
a good use case would be if you wanted leaved one at a semi secure location like your work computer
Do I need to set up YubiKey Manager to configure FIDO2, OTP, and PIV functionality? Thanks.
For your back up Yubikey, you registered it as another key or you registered it as a spare key (same key information as the original one)?
The keys are unique, so there is no such distinction between “another key” and a “spare key”.
@@AllThingsSecured Ok, thanks.
Thanks
Welcome
My phone uses microUSB, so if I just a USB-C to microUSBB converter, would the Yubikey work with it?
Will the NFC version still be in use for a long time? Heard that when the versions fall out of use one has to buy a new one(version)....
Yes, the NFC version will work for as long as you have the key. While improvements are being made with new keys, the underlying security encryption for these keys stays the same, so it's hard to have them "fall out of use".
@@AllThingsSecured Thanks for taking the time to answer.
I understand that I will need to get at least two security keys (to keep one as backup) but can I mix the two? Ie one NFC and one Bio? Or do both need to be the same?
they don’t need to be the same key, no.
Hello! The authentication process must be an anonymous cross-system process. For the guarantee of security must not collect any identity from individuals needs your security. Attackers can find ways to identify the target user. So it's very clear to me that a fingerprint option is not a viable option.
Can I restrict number of apps I can use with Yubikey for enterprise?
YubiKey just came out with the “Security Key C NFC” for just $29.
I saw that! Thanks for sharing, Lex. The Security Key still lacks the ability to act as a OTP authenticator, thought, so I much prefer the 5 series.
@@AllThingsSecured Hi, I am interested in Security Key NFC so I could get a spare on a budget. However, from your comment, does that mean that if I currently use OTP authenticator apps right now, I should go for the Yubikey 5 NFC instead?
Well Done
The biggest downside to Yubikeys is that if you want backups. You need two (or more) keys at the time you set them up. This is where the Onlykey really shines imho. It lets you export an encrypted config file which you can later use to create new keys.
Ledger also has a Fido U2F app. I use my older Ledger Nano S as my universal backup key. It can be restored with the seed phrase, which I safely store with a Cryptosteel Capsule in a bank vault.
@@P8qzxnxfP85xZ2H3wDRV nooo nooo how dare you use logic here
Having the ability to export on a key is like having a "secure" backdoor in software. No matter how hardened the security it's always a potential point of failure. The fact that YubiKey does not have this will always make it superior. You are correct that this makes the YubiKey less practical for the average Joe. However the people that need the extra security can surely afford it. I also want to add that you can setup keys later. One way to do this is keep your private key on your YubiKey, then save your OTP QR codes and encrypt it with the key. This way you can unencrypt and add them to a second or third key.
I've got the Yubikey 5NFC. Is there an adapter for use with a Samsung phone? Or, do I have to replace the keys?
Just use the NFC with your Samsung phone instead of the USB port
Great vid. Let's say I buy one 5 NFC, and I loose or break it. How can I still get into my logins?
Always create backup for your 2FA.
@@AllThingsSecured Can I used something else besides a Yubikey? For the backup of the 1st Yubikey? Thank you for your videos.
Yup. I was so excited for the bio to come out. And then it did.... Now I have no plans to ever buy it. Lol
Yea, I know what you mean, Greg.
@@AllThingsSecured Any theories why in God's name they wouldn't just keep the yubikey 5 formula with widespread acceptance - and throw the bio on that? A "yubikey 5 bio" if you will.
I think they’re working with enterprise customers like Microsoft and that’s who they’re trying to appease, not the average consumer.
Which Yubikey is best for the current family of Apple devices ( IPad Pro w/USB-c, IPhone 12Max)
I recommend Yubikey 5C NFC.
Please explain to me how a "Security Expert" recommends NFC, a protocol with 0 security?
Man why is it so hard to find video's on yubikeys? I just want to know if I'm getting the actual yubitkey. I bought my yubikey from Amazon for $35 vs if you buy it from pretty much anywhere else it's double what I paid.
I have a question. I want to go passwordless on outlook 365, personal account. How can I do this without the MS authenticator app? I just want to use my key ONLY to login, otherwise what's the point of the security? How do you accomplish this?
I have a short question: If I can circumvent the finger print with a pin, then this would be the same with the normal Yubikey 5 (because it has a pin too). Am I thinking wrong here?
Not entirely. The Yubikey 5 series simply requires you to plug in the key for it to work. There is no PIN. The difference is that the Bio requires some additional form of verification, be that your fingerprint or your PIN.
@@AllThingsSecured Of course there is a pin at the Yubikey 5 NFC ;)
What PIN are you referring to? I’ve never used a PIN with the 5 NFC…you just plug it in.
@@AllThingsSecured Ok, I think, I got you wrong. You don't need a pin to generate the OTP. But there is a pin, when you use the stick itself for authentication (e.g. at Google or Microsoft)
What's the Best yubikey 5 NFC or yubikey NFC?
I agree that no NFC is a pain but this can be overcome by using a USB-A to USB-C converter or for the older iPhones a USB-A to Lighting converter. I do this without issue on my Android.
Yikes, that would be crazy annoying to have to pull out a converter every time!
I still do not understand whether it is possible to unlock Windows 11 using YubiKey Bio, the site says in the compatibility list that it is not, but at the same time on their KZhead channel they add the key in the Windows Control Panel.
I think it is, but I don’t use Windows, so I’m not for sure.
Why can't they make a bio with NFC? But the NFC activates only when the finger print has been activated?
What is the stronger way authentification between totp like Google auth and yubikey ?
There is no "stronger" since it's the same algorithm and the same authentication. However, one is kept on your phone via a company like Google and another is kept on an offline key via a company like Yubico. So...it's really up to you to decide which you trust more.
What can i do if i lost my security key?
Curious if you find yourself still using the bio at all now in 2022? I have a pair of 5C NFC but can get 2 keys for free. Debating which to get. Might just get nanos for laptop use.
Yea, I rarely pull out the Bios now.
Yubikey has some apps that are not supported and at present after multiple attempts Yubikey manager will not run on my win 10 laptop. Leaving me with default options and zero backups of PUK or PIN.
Like you can set up a security key for your iCloud account can you do the same with Samsung for your Samsung account I personally haven't seen an option in settings all I can see is backup codes authenticator app SMS text which I hate and that's pretty much it there's no option for security key I hope Samsung address this I hope Samsung add an option for for security keys like Google and apple and so on
I use my yubikey with a USB C adapter on my phone, works great
That's good to hear! I've spoken with Yubico and they tell me that it should work, but that's not what it was designed for.
4:44 Your fingerprint actually is Not Stored in the key, but the mathematical result, sum let's say of the calculation that is checked if it matches with the result of scanning of your finger. This cannot be read from the key, But even if it is read it is Not like a scan, or photo of your fingerprint and cannot be used somewhere else. 🙂
What about PIN cracker tools?
How do I use it on android? I have the Yubikey 5 NFC.
The 5 NFC also is procteted by a pin ... not impressed so far by the bio. If they could restore my 2FA codes by using any bio security key I would be totally sold (I mean, it would be like saving all my vital 2FA codes on my fingertips).
Yea, I understand. I feel like the Yubikey 5 NFC is the best option for that scenario right now. It doesn't offer any biometric lock, but it's still a key you can keep with you.
If you use OTP codes (rather than FIDO2), the secret key can be programmed into multiple authenticator for time-based solutions. Basically, if you are getting a 6 or 8 digit code that changes every 30 or 60 seconds, you can scan the same barcode to multiple tokens.
Passless use is for the moment only Microsoft by my knowledge or are there others?
What do you mean?
@@AllThingsSecured i Mean that you have An option to not use password so you just put in the key and you even don't to have to Remember your mailadres and password you can just select the one you want to use and you login just by pushing a Button on the yubikey! Nu Google for example you still have to type you're mailadress and pass before you can use the Key
Yubikey "blue" also have NFC, right? The blue one just have less protocols I guess
Yes, the blue Security Key has NFC capabilities.
NFC is wonderful but not all phones have it. Many Samsung and Sony devices come with it built in. Some Motorola devices too.
definately Yubico pricing more because i paid yubico 5 NFC 50+15$ with shipping. after if arrived in India UPS asked 39$ for import fee. this is super pricing with total of 103$. even they put in air cargo/kg it was 15$ but they put useless courier service, now I got forced to pay 39$ because of them.
I want one with a PIN. How about OnlyKey?
I've been trying to get the answer, but I don't seem to find it anywhere. If your PC/Device gets hacked or if it's infected, is that aa problem for the 2fa? Will it get infected too?
No, a 2FA device cannot be infected.
@@AllThingsSecured Thanks for the answer sir
5:33 you say "something that you have to have" but a finger print is "something that you are", while the YubiKey is the actual "something that you have" and the pin code is the "something that you know"
Hi Josh, I have a Yubikey so I am all for the 2FA method of security. However; how is this more secure than a simple 2FA sms message with a code to login? Thanks very much, JR (United Kingdom)
Check out this video on SIM swapping: kzhead.info/sun/aZipj7ujkJVvl2g/bejne.html
@@AllThingsSecured , Thanks Josh, that's amazing!
Does the key store your password, too? Do you have too have password manager too?
No, and that's why it's a "second" form of authentication. You have to know your password and then you confirm with the key.
These keys should be MUCH smaller! Type C and using smaller fingerprint readers, as we see on the side of some smartphones. With a reinforced loop to hold it in a keychain, chain or use itself as a keychain.
They have that available as well.
No they don't. We need to chose between size and aditional security, or bio or nfc. There is no option with all 3 in the same device yet.@@AllThingsSecured
Care to post a link? I just checked out their website. There is no option with NFC+BIO+USB-C+Additional Security+Smallsize. The biometric sensor itself is huge. @@AllThingsSecured
If fingerprint is stored on the device then why there's a generic windows prompt for scanning the fingerprint? Seems like it's Windows which does fingerprint check all the time.
No, it’s not Windows.
on Yubikey 5 series