The first piece of information is usually a password. The second piece is to prove it is indeed you who wants to log in, and not a hacker from across the world. You might need to type an SMS code that’s been sent to your phone, or a PIN that’s generated by an authenticator app. You might use biometric proof such as fingerprint or face recognition.

Two factor authentication has become easier over time. My Google account asks me whether “it is me” on my phone. I can respond with one button press. Companies such as OKTA similarly offer a simple yes/no verification.

Banks and other financial institutions typically send a code to your phone. Even that may not be totally secure. Hackers have managed to steal phone numbers and access SMS verification messages.

We have previously written about a YubiKey key that plugs into a USB slot and has a button that you press for authentication. You can set it up to be a necessary ingredient for accessing a site, but beware, don’t lose your key.

Over time, Yubico has produced different models of its YubiKeys: some plug into USB-A slots, some into USB-C and others into lightning slots on Apple devices.

Yubico more recently added an NFC USB-C connector to its range, joining the existing NFC USB-A connector. You can plug it into a laptop port for authentication. You can also tap it on the back of Android and Apple phones to authenticate using near field communication (NFC).

Yubico’s website contains a list of services that work with YubiKeys, and also a roughly two minute video for every service that demonstrates the installation process. I tested using an NFC YubiKey using the Lastpass password safe and a Microsoft account.

The first step involves setting up two factor authentication with each of these services. Yubico’s videos illustrated the relevant spot of the Lastpass and Microsoft websites where I could do this.

When I logged into either of these sites on a computer, I was prompted to press the button on the YubiKey. That action sent a code to the login site, and I was in. On the phone, I could tap the YubiKey near the top of the handset to achieve the same thing. You need to know where the NFC sensitive area of your phone is.

NFC on the key is useful. A YubiKey with a USB-C or USB-A connector that your plug-into your desktop or laptop is useless if you try to plug it into an iPhone with a Lightning connector. Using NFC and tapping the phone gets around this.

Yubico also offers its own authenticator app that you can use to secure multiple work and personal accounts. This can operate either separately from your YubiKey, or you can combine the two features and store your authenticator credentials on a YubiKey and not a phone for extra security.

These extra steps reduce the opportunities for hackers to gain access to your accounts.

I think YubiKeys are good in some circumstances and not in others. The increased rollout of biometric authentication may offer enough security for many situations.

While YubiKeys are supported by about 210 services, it is not an exhaustive list. The sites include AWS, Bitwarden, Blogger, Brave browser, Citrix, Cloudfare, Debian (Unix), Docusign, Dropbox, Facebook, G Suite for Education, GitHub, Google, GOV.UK, IBM Security. Instagram, Internet Explorer, LastPass, macOS, Mailchimp, Microsoft, Nintendo, Okta, Opera, ProtonMail, Red Hat, Reddit, RSA, Safari, Salesforce, Shopify, TeamViewer, Tesla, Twitter, Ubuntu, YouTube and Zendesk to name some.

If you use some of these services, maybe YubiKeys are for you. You can buy the 5 NFC and 5C NFC YubiKeys directly from Yubico, or from Trust Panda in Australia. They offer multi-protocol support for FIDO2/WebAuthn, FIDO (U2F), Smart Card and OT.

The 5 NFC (with a USB-A) connector is $92.50 while a 5C NFC (with a USB-C connector) is $100.

More related stories

Gadgets

When it comes to TVs, is bigger always better?

As technology evolves, the majority of things have gotten smaller or at least more compact. But TVs have grown in the opposite direction, now as big as the walls in your home.

Read more

The Weekend Australian Magazine

Big mother is watching…

This AI-equipped device is “the world’s smartest baby monitor”, CuboAI says. You’ll hardly believe some of the things it can do.

Read more