YubiKey. What is 2FA / U2F / FIDO2?

What is an object that resembles an ordinary flash drive and what is it really for? Is the YubiKey safe? Is it only for tech savvy people? Do you need an extra layer of protection for your most important data stored on disk? What are the mysterious 2FA / U2F / FIDO2 abbreviations? You will learn the answers to these and many other questions in this post.

What is YubiKey and who needs it for? So a few words about the series of keys for authentication

YubiKey is an item that many people look like an ordinary flash drive, but it has a slightly different use than an ordinary portable device for data transfer. It provides additional protection, for example when logging in to a Microsoft account, on Gmail, GitHub or Facebook. How does it simplify? After entering the correct password and login to the page, the browser will ask you to insert Yubiko into the USB port. You may also be prompted to enter the PIN that has been assigned to this key, and to physically touch the button with your finger. The button is located on the key housing. You don't need to install anything. You do not need any additional program or driver to use the YubiKey. They work on the Plug & Play principle, that is, after connecting to a computer, they configure themselves automatically without any special intervention on the part of the user. The key works with most browsers normally used on computers and with some browsers on smartphones.

I have two-factor authentication , why do I need YubiKey ?

2FA is the acronym that stands for Two Factor Authentication and provides a "double check" that you really are who you say you are when you log in. 2FA is probably something you use for most online services today. Perhaps you use it, among others in banking, social media and e-mail. So you may be wondering why do you need any more strange keys?

However, you must be aware of the difference between the YubiKey and 2FA . Well, the code generated in the mobile application can be dictated to someone by phone or unknowingly entered on a malicious website (phishing). What can happen then? The criminal can then very easily use this code to log into your account. And the data generated by Yubikey cannot be passed on to someone because you need to have physical access to this key to use it. More information about YubiKey keys can be found in this article, .

U2F and FIDO2 modes - difference

How many YubiKey keys does the average user need? Well, one key can actually be used in an infinite number of sites and websites. With one key you can easily log into several different e-mail accounts, but you must know that YubiKey keys can function in two modes: U2F and FIDO2 . The difference between them is described below.

What is U2F in YubiKey?

This is the most popular of the YubiKey modes. How does it work?

1. Login (with login and password);
2. Message asking to insert YubiKey ;

In this mode, constraints and limits are of no interest to you.You can register one key in an infinite number of different sites or accounts But think what if you lose your U2F key? Then access to the account may be impossible or very difficult. So let's have at least 2 keys. One should always act as a backup in case one key is damaged or lost somewhere. When your U2F key is lost, remember to immediately remove this form of authorization from all your accounts.

As to the destruction of the key, it is rather unlikely (unless it is deliberate). Because there is no option that it stops working due to accidental scratches or padding. The key is waterproof and the contacts are of good quality.

FIDO2 - what is ?

The case is slightly different in FIDO2 :

1. Logging in with only a key or login (no need to enter a password);
2. Possibility to create 25 unique accounts (this limit is really enough in most cases).

To increase the limit a bit and store 32 different 2FA codes, you can use the black, slightly more expensive key YubiKey 5 NFC .

YubiKey 5 NFC key

What is YubiKey 5 NFC? This type of key guarantees extremely strong authentication via short-range communication ( Near-Field Communication ) as well as via the USB port. This type of key will be useful especially when you use the keys more often on your smartphone than on a computer. As long as your cell phone supports contactless technology, you do not need to insert the key into the USB port. Then you just need to use it with proximity, by placing it in the right place.

Are the YubiKey keys for advanced technical users only?

Many people still think that YubiKey is some fancy gadget for mega "pros", IT specialists, large companies, programmers or administrators who watch over the security of important data. Okay, yes, they mostly use it on a daily basis. However, be aware that the keys are not only for the tech savvy ! Every average user can handle it. Ordinary Kowalski, your parents, anyone. What may be difficult at first is just adding the key to the selected account. The adding options are just a bit hidden, but there are online instructions on how to add Yubikey key step by step. However, it is worth realizing that will not protect against every attack. Because if malware has been installed on your device (phone or computer), it may still be possible to access your data.

Note: It is not recommended to purchase used keys. It is safe to do this directly with the brand manufacturer or distributor. The Sapsan store is the official partner of Yubico. See the key category.