I use a security key to enabling strong(er) two-factor and for passwordless authentication since a while.
I started with a Security Key by Yubico a while ago. But the Security Key is a USB-A Device, and my main device is a Macbook Pro without any native USB-A port. And the dongle handling wasn’t that great!
So I started to investigate and scan the market, for a USB-C Security Key! I ended up with the Yubico YubiKey 5C Nano! Great device, it very tiny and therefore attached to my Macbook most of the time, in the office and mobile.
Then a friend told me about the Solokeys campaign on kickstarter… So I backed them and also tried them. I also ordered some of the newer models a while ago.
I ended up with a lot of keys, some are in use, some not.
Here are the Keys I have right now, from left to right:
- Solokeys Solo (USB only) USB-C
- Solokeys Solo Tab (USB + NFC) USB-C
- Yubico YubiKey 5 NFC
- Yubico YubiKey 5 Nano
- Yubico YubiKey 5C
- Yubico YubiKey 5C Nano
- Yubico YubiKey 5Ci
For my use case the Yubico YubiKey 5 Series seems to be the perfect fit! I use the Yubico YubiKey 5C Nano daily! I have my PGP and SSH Keys saved on it and the key is attached to my Mac most of the time. I only remove the key, when I leave my Macbook somewhere. Because my User certificate is also on this key and this is used for authentication to my network. Without this key, my Mac is (more or less) useless!
I also used a Yubico YubiKey 5 NFC as additional factor for my admin accounts, and I have a lot of them! The NFC Support is convenient, cause I can use it with my Mobile Phone even if my Mac is somewhere else.
Now I got a Yubico YubiKey 5Ci (USB-C and Lightning), which fits perfectly to my (personal) use case! I doesn’t have NFC, but it also works with my iPad Pro (that doesn’t support NFC). I removed everything from the Yubico YubiKey 5 NFC and I use this only for some customer related accounts now. I don’t want them on the keys I use for myself.
Why the two Solokeys then? To be honest, just to play around with them! And the second one (USB + NFC) isn’t supported by Apple devices yet.
The software for the YubiKey is good. Sometimes it is a bit difficult to understand what to do and when, but you might find some community articles and guidelines about it.
This is from my personal point of view, as a hardcore Mac user. I don’t use any of the keys a lot with windows. I just enrolled it to my active directory to get my user certificate. Most this was done with the minidriver and some native calls.
The software and the support is the key for me to stick with Yubico!
A few generell Tips, if you plan to use a security key:
- Enforce touch! So, whenever you use the key, you have to touch it. Otherwise the physical security factor is nearly gone.
- Use a secure PIN or password for your key! This is the key factor for your security in the future. It makes no sense if your key isn’t secure, right?