The YubiKey 5Ci is one of the security products of Yubico, a cyber and information security company. YubiKey 5Ci is a security key that you can use as a two-factor authentication (2FA) for your online accounts like Google, Microsoft, etc.
What is 2FA?
Two-factor authentication (2FA) is an additional layer of security to verify your identity before you can access your Internet account. This means that after you have logged into your account, you will still be asked to carry out the following steps to complete the login process:
- Send a verification code to your registered mobile number;
- Tap on a notification that is sent to a separate registered mobile device;
- Acknowledge your login through an Authenticator app like the Google Authenticator app, Microsoft Authenticator app, etc.; or
- Plug in a security key like the YubiKey 5Ci.
Key components/parts of YubiKey 5Ci
The YubiKey 5Ci key is made up of three parts:
- Lightning connector;
- USB Type-C connector; and
- Two gold-painted contact tips on each side.
The Lightning and USB Type-C connectors are for plugging into your devices to initiate the authentication of your identity. The gold-painted contact tips are the second step to confirming your identity.
Setting up the YubiKey 5Ci is relatively straightforward and easy. As part of this review, I will show you how to set it up on your Google Account as Gmail is pretty much used by everyone.
- Head over to your Google Account
- Select 2-Step Verification
- Click on Use Security Key
- Select Use USB or Bluetooth
- Insert the YubiKey 5Ci and give the contact tips on the sides a light squeeze to confirm.
Once done, the next time you login to your account, you just need to plug in your YubiKey 5Ci, give it a light squeeze and you can access your data.
Why use a physical security key as your 2FA
Let’s address the elephant in the room. You must be thinking to yourself, why do you need a physical security key when you can have the verification code (SMS) conveniently sent to your registered mobile device?
SMS verification is probably the most common 2FA method because of the instant gratification. However, it’s not foolproof.
According to a blog post by Protectimus:
The main SMS 2FA weakness is the dependency on the service provider. The practice of reusing mobile phone numbers is a distinctive risk. If your OTP is delivered via SMS, all the hackers need to do is to get the ownership of your phone number. A criminal impersonates their target and convinces the provider the user’s phone is lost so the number needs to be transferred. Doing this is not as hard as you might think.
One of the other SMS two-factor authentication issues is the smartphone’s Internet connection. It is easy to infect a smartphone with malware and intercept the OTP SMS.
So to me, the safest option is always the most old school method i.e. using a physical security key.
Thoughts on YubiKey 5Ci
I’ve been using the YubiKey 5Ci for a while now and it has been a delight to use. It does take some time to get use to it especially when you are transitioning from SMS verification to using a physical security key. However, the upside of this change is a more hardened security measure to keep your data safe. Definitely a good trade-off in my book.
I like how convenient the YubiKey 5Ci is. With both the Lightning and the USB Type-C connectors, I can easily use it on my Android and iOS devices. It is also compatible with other account services besides the Google and Microsoft. Examples include Salesforce, 1Password, LastPass Premium, etc.
If you are in the market looking for a security key to ensure that your online account is secure, I do recommend that you shortlist YubiKey 5Ci as one of your options.
YubiKey 5Ci retails at US$70 and is now available on yubico.