October is the national cyber security awareness month, where a lot of people emphasise the importance of InfoSec to daily operations. Here’s my small contribution; a review of my Yubico YubiKey 5 NFC U2F token. It’s a mouthful, to be sure, but let’s get into it:
I’ve used password managers for years, and I’ve been enabling MFA (multi-factor authentication) for about as long. Most places use either SMS or an authenticator app (offerings include one each from Google and Microsoft, and other examples exist). The former is a bad idea for a number of reasons, and the latter can be kind of annoying. Thus, this summer, I decided that I wanted to have options that didn’t rely on my bringing my phone with me.
Enter YubiKey. It’s a physical U2F (universal two-factor) token. My version has a USB A connector, and also supports NFC (Near Field Communication) for use with e.g. phones (both iPhone and Android has supported NFC for years now). Setting it up is relatively easy, and once done, you can mostly forget about it until you need to authenticate.
I’ve set up my YubiKey for all of the services that supports it. Not necessarily to replace the app-based authenticators, but to have another level of backup. I keep it on my keychain. My keys go most everywhere with me, so it’s as convenient – if not more so – as is the app-based authenticator. It’s intuitive in use, and it simply works.