Skip to main content
TrustRadius
Yubico YubiKeys

Yubico YubiKeys

Overview

What is Yubico YubiKeys?

Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and…

Read more
Recent Reviews

Yubico Review

8 out of 10
May 16, 2024
Incentivized
When we access sensitive servers, there is always a need to have a 2-step verification process. So one step is always what you know, which …
Continue reading

Yubico Review

9 out of 10
May 16, 2024
Incentivized
There are various use cases that we use Yubico YubiKeys for. All of our authentication to the Fido server is through Yubico YubiKeys, and …
Continue reading

Yubico Review

10 out of 10
May 16, 2024
Incentivized
It's for personal usage, I've used it for password managers and that kind of stuff. For the corporate, I would say at the moment …
Continue reading

Yubico Review

8 out of 10
May 16, 2024
Incentivized
So, mostly the business problem that the product solves is that it creates an ease of use for multifactor authentication. It helps with …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://www.yubico.com/yubienterprise…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $3.94 per month per user
Return to navigation

Product Demos

Setting up the Security Key

YouTube
Return to navigation

Product Details

What is Yubico YubiKeys?

Yubico YubiKeys supports phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts.

Stopping phishing attacks and account takeovers before they start
The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks. And users experience fast and easy authentication with a simple touch or tap. For organizations that wish to secure sensitive data stored in servers, the YubiHSM offers an ultra-portable hardware security module, bringing great flexibility and affordability to any organization. For organizations that wish to secure sensitive data stored in servers, the YubiHSM offers a portable hardware security module, bringing great flexibility and affordability to any organization.

Deploying modern hardware MFA at scale
Organizational security is only effective when users adopt it. Distributing Yubico YubiKeys and onboarding users is simple and comes with expert guidance, enterprise subscriptions and global turnkey delivery services. A single Yubico YubiKey can be used right out-of-the-box across personal and work online accounts, and across 800+ IT systems and online services which makes it easier for the organization and the user to enhance protection for online accounts.

Yubico YubiKeys Features

  • Supported: Security: Two-factor, multi-factor and passwordless authentication
  • Supported: Authentication: Phishing defense using modern FIDO protocols that stops account takeovers
  • Supported: Multi-protocol capabilities: A single YubiKeys supports a range of authentication protocols such as FIDO2 (passkey)/WebAuthn, FIDO U2F, Smart card/PIV, OTP
  • Supported: Range of form factors: USB-A, USB-C, NFC enables stronger security across a range of legacy and devices
  • Supported: Supports legacy and modern environments: Secures legacy on-premises and modern cloud environments
  • Supported: Enterprise-ready: Hardware MFA available as a “YubiKeys as a Service” model to help deliver strong phishing-resistant MFA

Yubico YubiKeys Videos

Accelerating Zero Trust strategy with the YubiKey delivering strong, phishing-resistant MFA
The Bridge to Passwordless Authentication
Phishing-resistant MFA to meet new cyber insurance requirements

Yubico YubiKeys Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationApple iOS, Android

Frequently Asked Questions

Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and delivers users authentication with a simple touch or tap.

Yubico YubiKeys starts at $3.94.

The most common users of Yubico YubiKeys are from Small Businesses (1-50 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(135)

Attribute Ratings

Reviews

(1-25 of 99)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Yubico YubiKeys to secure the administrator credentials for our domains and for DNS administration. Since these credentials are very sensitive, it provides more peace of mind knowing that the risk of being phished or brute forced is virtually eliminated.
  • Provides very effective MFA for our accounts.
  • Prevents phishing attacks.
  • Prevents brute force attacks.
  • Provide more integrations for services - particularly financial services (banks, credit cards, etc).
We use GSuite. Yubico YubiKeys integration is a breeze.
May 20, 2024

Yubico Review

Score 10 out of 10
Vetted Review
Verified User
Incentivized
So we use the YubiKey for securing most of our cloud services, like Office 365, Microsoft 365 mainly, but also other things like password managers. And as far as the services will let us, we try to use mainly the Yubikeys for the physical security tokens and trying to use them for passwordless access to avoid the risks of password theft.
  • The setup is very easy. It's well documented and it's well supported with most services.
  • The backup situation is a hard problem to solve, but it needs to be resolved sooner or later because as it is now, if you have two Yubikeys, you have to enroll them both. When you lose one, you have to remember which one to deactivate and that's a hassle. Fortunately that doesn't happen very often. But having a backup Yubikey that you don't have to enroll everywhere but they can switch over to would be a dream.
I'd say it's very appropriate to secure your cloud access and also for login, it's less appropriate for local login. I'd say logging into Windows computers can be hard to do correctly. And on Mac computers, it's a no go as far as I can tell.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
No I have one personally, I use it to secure access to my accounts including GitHub and email. it's a good tool and offers peace of mind. That there is no way for someone to access my account without the key. I'd recommend to others in org to get the product
  • Security
  • Looks good
  • Attaches to key ring
  • More colours
  • More integrations
  • Find my yubikey via bluetooth
Access to secure assets like GitHub and AWS it's particular good in these scenarios, and I'd recommend it to anyone using these tools, particularly with elevated access. To be honest it's also fine for the average user too, in a security conscious company. It's less good for mobile access to products.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We're using it to streamline user authentication. We're currently using it for application security, but we're looking to enable it for desktop login as well. And that's our biggest use case right now is streamlining our logins to our systems.
  • It streamlines the login process where in past with multifactor authentication, each phase took up to 30 seconds. Adding quite a bit of time to the user experience, we're able to reduce that to less than a second.
  • So interestingly, with the nano devices that tend to stay in the computers, users are always accidentally hitting it and it will just pop up a random text string in whatever they're working on. So a way to add an easier way to add a delay into the device. Recognizing a touch.
It's great for streamlining operations. When you have users that tend to struggle with technology, the concept behind the product is incredibly simple. It's plugged in, you touch it, and you're finished.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
The entire engineering org has to actually use the Yubico YubiKeys primarily because it acts as a second-factor authentication and we don't have to use the text message option and this is much more secure. You basically put it in and it generates the code for you. So all access to all company systems is governed by two-factor authentication and Yubico YubiKeys access is the second factor for us.
  • So as I said, the second-factor authentication that it does is really well. The response time is really good and all you have to do is just enter the second factor code and that's about it. Right? So that's the good part about using Yubico YubiKeys.
  • Occasionally, once or twice it might happen that I would press the key, but it'll not detect that I pressed the key. So I'd have to press it again, but that's just occasionally, sometimes. So maybe even if the key was a little bit bigger and I've detected that, I would've pressed it. But apart from that, I think it's pretty good.
I think, as I said, it's perfectly suited for second-factor authentication where all you have to do is a security team registers the key and you put it in your laptop and then you use it as a second factor. I think that's the best use case governing all access to making it a mandatory second factor so not relying on your cell phone or authenticator app, you just have this hardware thing which is much more secure and you can carry it with you as well when you are traveling.
May 16, 2024

Yubico Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
When we access sensitive servers, there is always a need to have a 2-step verification process. So one step is always what you know, which is like a password. The second step is something that you have, which is the Yubico YubiKeys. So Yubico YubiKeys provides that 2-step authentication process without going through the hassle and it's also convenient because of the laptops that we have. I think it supports both Windows and Mac and I think we have both kinds of users and they both use it and it seems to work well.
  • It works all the time and it works well, so I think that's all I care about and it that's the work that it's supposed to do really well.
  • It can be about access control because either right now it's just you have access or you don't have access. I think there can be a use case where you are allowed a particular set of servers and not a particular set of servers. I think maybe it's there or we don't use it, but I haven't seen that. I think I've used Yubico YubiKeys at two companies and I haven't seen that. Maybe that's something that can be added.
It's well suited. I think the only issue is you need to have the key and if you lose it, then maybe there is a potential issue. I think those are the only concerns I have.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I use this product when I remote work the most. So actually being right in this conference here right now, I'm able to use it to log into my systems and check my email, take actions for work if I need to. It enables a lot better remote work capabilities. The way we describe it on the military side is like having common access card and a card reader all in one device.
  • Remote access. I'm able to sign documents with the certificates that we have placed on our Yubico YubiKeys, so it's nice to be able to sign a document from anywhere, from any computer with my YubiKey instead of having to look for an adapter for my common access card.
  • Maybe just offer a little key ring attachment so it's a little bit easier. Or at least having a set product partnership or something instead of trying to find those Amazon one-offs that all fit, slip it into the loop and then be able to carry with you.
When I used it as an engineer for a software company a few years ago, I would be able to continue doing work on the train ride into and out of the office. So that was an extra hour, two hours a day that I was able to access our systems and still be able to continue to work. So that was a lot of fun. Well, I don't know if stay fun, but it was nice to be able to have the access, not have to be connected directly to the corporate network.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I always use it to access my work email and my personal email. Like my systems like AWS, I always use my Yubico YubiKeys.
  • Right now I don't know, but I like very much this product because for me it's a lot of security on my systems and my personal stuff.
  • I saw in these, I don't know the name of the industry, but it is like ybi, but you can open your doors with that. It's great because for example, in my house, I have a door and I can unlock it with my cell phone. But if I can open with Yubico YubiKeys, I think it's a great opportunity.
I think it should work. I think it's best when you try to open a computer and you try to access an email and for example, Salesforce and the other systems. And the last, I don't know because I am a heavy user of this.
May 16, 2024

Yubico Review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
There are various use cases that we use Yubico YubiKeys for. All of our authentication to the Fido server is through Yubico YubiKeys, and we also use it for the VPN right now. A lot of my teammates are using it for the Linux authentication tool, and we also store digital certificates, so we use it for PKI. So there are a lot of use cases that we use Yubico YubiKeys for.
  • I think the best thing is it has a lot of capacity and it's very, very secure. It can store a lot of private keys versus all the other products. We have reviewed a few other products, but Yubico YubiKeys gives a lot more capabilities than some of the other security key brands.
  • I think the only thing that I feel is the capability to store more keys on it, and it's a bit expensive compared to the other security manufacturers. So if we really have to sell it to our customers, they're not very comfortable paying for the high price, but then you're paying for more features.
We've been using this for one of our products where the requirement is AL3 where you can only use the web certified security gear and it offers the highest level of security and authentication. So I think the key that Yubico YubiKeys is providing is the best for that use case. For less appropriate, I think right now, I mean with pass keys, the sync pass keys becoming a thing. I don't know how for a consumer market you become a person would not want to keep a security key. It depends on the level of security that you're looking for. So for a consumer market for probably my social medias, I won't use a security key. I probably sync it to the cloud.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
The primary problem it solves is the non-repudiation. So knowing that the person logging in is the person who has the key and it's our employee. So the use case is things like there's none other MFAs that you rely on cell phones or QR codes that can be shared. A physical key cannot be shared.
  • It's fast speed. You don't have any help. Pull out a phone and load a code or pull out a phone and do, yes, this is me. It's like plug it in, pop and acknowledge the MFA request.
  • I think the supply chain of getting them is probably the biggest challenge. So getting them out to use in a decentralized workforce. So having to go through Amazon or some other reseller and load addresses and try and get them out to employees as a part of our onboarding process.
Anything handling a sensitive information, so like banking, financial information, healthcare information, and also even personal information that you don't want necessarily shut out in the fallen into right hands. You want to have control over that data is the best way to protect it.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We're using it for MFA in the business, using it primarily with password manager, so use it to generate passwords, long and encrypted passwords, and then also to help us protect us with email. Personally, I use it from all my bank accounts.
  • Yeah, just peace of mind, some security, and not worried about whether or not the public key and private key is going to work. MFA is kind of weak, so it gives us a level of confidence.
  • I can't think of anything.
I haven't found one where it's less appropriate except that my wife doesn't want to use it. It's too technical for her, so I guess she'd be better off saying why she doesn't want to use it. Nothing. She's even that way with password managers, so I can't think of anything, quite frankly.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Primary use case is logging in that is authentication and we use for multiple products. One is logging into the machine. The other things we use is the based off of the roles and the responsibilities. We have various apps that require additional authentication after opening the laptop, the server, and that's where we use YubiKey and it's integrated with backend, author and off.
  • Primarily it's very convenient to use. Then also it assures when we open the machine, the authentication is on when we open the machines, which I refer to laptop, that's a very primary use case for us and that has been consistent along.
  • It requires a little bit of setup. I think that's where we had a little additional resources spent on it to integrate our current ortho dot with the YubiKey. When we bring in and the newer models, when we bring in, there's a little more maintenance that we need to do on and off every time. So that's something I request to look into to make it more easier.
Server authentications is where we don't see much of a use case. So far my primary role and also the use cases I have seen so far is using the laptop and authenticating the apps in the laptop. So those are the two major use cases I have seen. But this can be expanded to servers as well because I'm not in the infrastructure area, so I do not know whether you have it or not. But that's one thing I feel like you can look into expanding
May 16, 2024

Yubico Review

Score 10 out of 10
Vetted Review
Verified User
Incentivized
It's for personal usage, I've used it for password managers and that kind of stuff. For the corporate, I would say at the moment we have two factor authentication on our phone. If I lose my phone, I lose my two factor authenticator. Then the Yubikey would act like a second form authenticator.
  • It's very easy to use.
  • Sometimes it's too big. I noticed a small version of it, but the standard version is (too big).
It's appropriate when it serves as the extra two factor authenticator when I lose my phone. Less suitable, I don't know.
May 16, 2024

Yubico Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
So, mostly the business problem that the product solves is that it creates an ease of use for multifactor authentication. It helps with productivity and that you don't have to use your phone or another device. You can just plug in and click your YubiKey and then you're going ahead with your daily work.
  • It just makes your life a little bit easier when you need to do your two-factor authentication and that it's already ready for you. No other devices are necessary, no clicking around, you just click your YubiKey and you're done.
  • So my YubiKey is the very small one and it's very hard to remove from your computer. So I think it's a bad practice, but I leave it in my computer because of that.
I think it's good for anyone who uses a computer to work. I guess anytime you need two-factor authentication in an environment where you have somewhere to plug in, it's useful. I guess it's hard for iPhones now because you need an extension or a different device, but soon, I mean with the iPhone 15 it'll be solved. I'm not sure.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Since we're at a cyber security consulting firm, we need to protect our data and the data from the customers. So we keep everything with passwords protected with IC King
  • You can just tap it in the back of your phone and it works.
  • I don't think it's an improvement, but you cannot back it up and that's part of the way it works. But don't lose it. Just don't lose it.
When you need to store password on your phone, that's the easiest way to do it with the NFC and that's it.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use it for a second factor in authentication for logging into stuff.
  • It's very, very cost effective and is quite reliable.
  • I can't think of any. They're nice and small too. I kind of like that. I don't take up space on the laptop really.
I like to use it as another factor in authentication. I think it's really great that way. It's supported by industry standards, open standards.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I can talk more about it in my personal capacity. So I use it to secure all of my own personal services, Google, social media, government, login services, basically anything that supports two FA and supports a hardware token, I'll use that over OTP, SMS, or anything is just simply the most secure solution I have found. I've always heard of people getting, "oh, my account's been hacked, my things, my account's being drained." I don't have this problem because I use hardware security module.
  • It's very easy to use. So I use the USBC and NFC one, so not only can I either insert it into a USB-C port, which the new iPhone 15 or iPad has, but you can also just tap it using NFC. So it's really easy across the broad range of devices to authenticate.
  • The only con is hardware based, so if it's in the other room you might have to get off the sofa to go get it. But aside from that, I mean I think that trade off is worth the security provides.
Anything where you value the security of access to data? Financial data, whether it's personal or professional, is highly useful because it provides us with that extra layer of physical security protection. If the data is something you're signing up for where you don't really care, it doesn't really matter at that point if it's a throwaway account on an internet site. But anything where security is important, definitely.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
So Yubico YubiKeys have been essential for protecting the most critical accounts at my company, especially ones that we just can't afford for them to get compromised. So knowing that we can use it as a passkey and go passwordless or use it for two-factor authentication has been pretty critical to securing accounts and also gives us a lot of peace of mind knowing that we're not sharing two-factor authentication codes. Trying to sync that between vaults, knowing that there's just one hardware solution. If someone loses their key, we can just remove it from the account. Gives a lot more peace of mind than some of the other two-factor options.
  • I would say very simple to use. It's something that everyone can figure out. Just plug it in, press the little button, and you're good to go.
  • I would say the fact that it is easy to manage an account so you can label each key so you can have one for each employee. If that employee notifies you that they lost it or they're no longer with the company, you just go and remove it.
  • I think one thing I like as well is that somebody has to be at the device to initiate the key. So even if you leave it plugged into your device, you walk away somehow a hacker gets remote access, they're moving the mouse around, they try to go to an account. Even if your Yubico YubiKeys is plugged in, unless you're there to press it and physically give it input, it's still not going to send the credentials. So that's a big sell for me.
  • As easy as the management is, it still can feel a little bit overwhelming as you add more and more keys and more team members. And there's also a bit of reliance on trusting that team member to tell you, "Hey, I lost the key." Because what happens if they lose it? They don't tell you someone gets a hold of it, then all of a sudden they have the physical key into the account where if you're using something that's a password solution, like syncing 2FA codes with a password manager, you need the knowledge of what the master password to get into the vault. So unless that employee tells someone which they could choose to do, but assuming they don't, it's a little bit more difficult in my mind to gain access that way instead of just stealing someone's key if they get pickpocketed or just so many ways that potentially that key could get in the wrong person's hands.
I think whenever you're either a small team that works together in person or you're a company that has the resources to give each employee a Yubico YubiKeys, that's a great use case. I've found it's maybe not as great if you're working with freelancers that are remote because you don't know necessarily the lifespan of the freelancer. You may work with them for three months and then maybe you start working with a different freelancer. So to mail out Yubico YubiKeys for that very part-time freelance position is not necessarily the easiest. So in those cases, I've resorted to just syncing the two-factor codes and giving them a log into a password manager because that's much easier to onboard. So yeah, I guess that would be maybe one of the downsides is onboarding users, getting them started. But if you have a small team in person or you've got the resources, and you've got an IT department, then onboarding is not as much of an issue.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I use Yubico YubiKeys to log into our single sign-on to gain access to our sensitive systems and data. It's much easier to log in with a Yubico YubiKeys versus doing it with a password and much more, not only easier but more secure because it's physically on me versus a password that could be stolen.
  • It identifies who I am by being able to scan my fingerprint. It verifies that I am the user because it's physically on me. So it does a great job of authentication and it's very convenient in its form factor. It's very small, it can fit on my key chain.
  • Sometimes the product's just not on me, so I have to run downstairs or run to my car to get it. And then in that case, maybe using an on-device authentication, then I switch to that.
I think this product is well suited for any enterprise that wants to roll out pass keys because it's fully compliant with that. And any company that's worried about password risk, this is a good replacement for that.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Yubico YubiKeys both personally and professionally as a second factor for authentication to Git Hub, Git Lab, and other mission-critical cloud services.
  • Touch to authenticate
  • Every day carry
  • The form factor is too small to remove from a port comfortably
YubiKeys are ideal as a second factor in 2FA.
Daniel L. Wang | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Used for MFA in SSO for web apps.
  • Usage is simple, once trained
  • Durable
  • Small, portable size
  • More-or-less reliable
  • Integration with VPN could be better-- login requires user, password for step one, then password + Yubikey for step two. Why make me enter the password twice?
Seems suited for workplace MFA. Would be nice to integrate with other identity verification schemes.
Chad Byrd | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We currently use Yubico YubiKeys for our higher at risk users that have access to sensitive company information. For us it is an easy secure way for them to be secured and not worry about unauthorized access to sensitive data we need protected. It also assures that we reduce the risk as much as possible for risk of credential theft.
  • Fast easy authentication to hardware and software
  • Easy for users to use
  • Easy to keep up with
  • We have had a couple of instances of issues with the key not working correctly intermittently
  • Some issues with users breaking keys as some models are slightly flimsy
  • Overall we are happy so I can’t think of anything else
For us high value targets that have sensitive access, it just makes sense to use Yubico YubiKeys. We feel comfortable with the solution and hardware. It’s super easy for everyone to use. They say the feel important having to use it like a spy sometimes. For our everyday user we have not deployed currently and are still trying to decide if it’s right for them due to the fact that we have many pieces of hardware lost with just their access entry NFC devices.
Return to navigation