What is a Yubikey?

A Yubikey is a USB or NFC based security device produced by the company Yubico. The Yubikey devices have a number of mode or “profiles” built into them. They can act as a SmartCard, emulate a usb keyboard to type in 2FA codes or act as a FIDO hardware security token.

To protect my online social media accounts, I am using the Yubikey as a FIDO device.

What is a FIDO hardware token?

FIDO is short for Fast Identity Online and is an open standard produced by the FIDO Aliance for web browser based authentication. Now in its second generation FIDO2 is the strongest mode of protection for web based authentication (logins).

The problem with traditional passwords is that they can be leaked or phished or otherwise distributed. Regardless of how a malicious user comes to know your password, they can easily reuse it to login from another machine.

FIDO2 devices, like the Yubikey, work by producing a key-pair for each site you login to. One part of the key pair is the key, that’s the secret part to unlock the login. The other part is the public key, that’s the part that gets shared with the app you want to protect. The secret key never leaves the physical Yubikey during login which means it can never be stolen or reused by someone else. The only way to use that secret key is to physically have your yubikey.

To further increase security, the yubikey (something you have) can be used together with a regular password (something you know) for multi-factor authentication. The combination of the two defeats the vast majority of prevalent account compromises online today. Another optional feature is to add a PIN code to activate the FIDO2 key - this is great if the risk of physical theft of your yubikey is higher. For most average consumers, just having a regular Yubikey will stop virtually all common attacks. But if you are higher risk by having a public following or being a public figure, you might want to protect yourself with one of those extra features like a supplementary PIN code.