Dedicated hardware built to generate secure two-factor authentication, the Yubico Yubikey 5C NFC works with the vast majority of computers and smartphones. It makes authentication easier than using an app, and the results are more secure, defending you against phishing. For anyone that’s serious about security, this is a great investment.
- Works with most phones and laptops
- Supports wide-range of apps and services
- Easy to use
- NFC can be fiddly to use
- EuropeRRP: €55
- Two-factor securityThis key generates two-factor authentication codes in a more a secure and phishing-resistant way to an authenticator app.
Two-factor authentication is an essential add-on for any online account, requiring a special one-time code that only you know in addition to a password. Generating these one-time codes can be a real pain, which is where the Yubico Yubikey 5C NFC comes in.
This tiny USB-C device can plug into a computer or use NFC with a smartphone, acting as the two-factor authenticator. It’s more secure than using a code generator, works with practically every service and device, and is well priced.
Design and features
- Tiny battery-free design
- NFC expands scope
- Easy to configure
The Yubikey 5C NFC is a tiny USB device, a little bigger than a coin, that you can fit onto a keychain or keep in your wallet. It has a USB-C connector on one end, NFC built-in. The company also sells different versions of this device: with standard USB and NFC; with a Lightning connector and USB-C; with USB-C only; and two Nano versions that you leave permanently connected.
Given the ubiquity of both NFC and USB-C, I feel that this version is the best overall, giving the widest compatibility with the least amount of hassle.
When the key is plugged in, it lights up green and you tap the metal disc in the middle with a finger to generate a one-time code; it does this when you tap it on compatible NFC devices, such as the majority of smartphones.
The idea with the Yubikey 5C NFC is that you register the key with the service that you want to use, such as your Google Account. Next time you log in, you’re prompted to enter your password and then to use your key, as described above, to verify that it’s you logging in.
So, why bother and what’s wrong with standard codes generated by apps such as the Google Authenticator or sent via SMS? Well, there are a couple of issues. First, these codes can be phished. That is, someone can trick you into revealing the code or even intercept it.
With the YubiKey 5C NFC, you have to be physically present, authenticating directly to log into a service. Plus, the U2F standard that a lot of websites use, and the key supports, is built so that a login attempt is bound to the origin. So, even if someone somehow tricked you into sending them the long code generated by the key, they still wouldn’t be able to use it.
Secondly, if your phone runs out of battery, you can’t generate codes. The Yubikey 5C NFC has no battery, so works anywhere and everywhere. Plus, it’s small and tough, so practically very hard to damage. I’ve been carrying YubiKey devices around for years and have never had one break.
Setting up the key depends on the service that you use, although the steps are generally similar. For example, with Google Accounts, you have to go into your security settings, enable two-factor authentication and then follow the simple registration process to link your key. If you’re struggling, then the YubiKey 5 setup guide has steps for all of the common services.
As the Yubikey 5C NFC supports the FIDO2/WebAuthn, U2F, Smartcard, OpenPGP and OTP security standards, it works with a huge number of accounts and services, including Google, Microsoft, Coinbase, Facebook, LastPass, Nintendo and loads of others.
This version of the key will work with all mainstream browsers, and it can be used to log you into your macOS devices and, via a free download, your Windows 10 or Windows 11 computers.
- Works quickly
- NFC can be fiddly to use
I find using the Yubikey 5C NFC really easy. When I log into a compatible account, I just plug the key in, tap the button when prompted and that’s it. I’ve used it on Windows and macOS systems, using both Safari and Chrome, and the key is always recognised and works exactly as it should.
With mobile devices, the key can be a little fiddly to use, as trying to line it up with the NFC chip in a handset proves hard. To be fair, this isn’t the fault of the YubiKey 5C NFC, more that phone manufacturers make it hard to locate the chip. I typically end up sliding the USB key around the back of my iPhone a little.
Still, the key does work, and it means that I have more secure access to my accounts and I don’t need to mess around with an app.
Should you buy it?
If you want to boost your online security, this is a great way to do it.
If you’ve got relatively few accounts, then a standard authenticator app used carefully will meet your needs.
Cybercriminals have shown that they’re more and more intent in breaking into accounts, increasing the complexity of attacks, largely through phishing. While two-factor authentication boosts security, the Yubikey 5C NFC takes protection to the next level. Simple to use and compatible with the vast majority of phones and computers, this security key boosts security while making two-factor authentication easier to use. If you’re serious about security, this is a great investment.
You might like…
Rather than plugging the security key in, you can use NFC to generate a code when the key is held to your phone.
Yes, you just register the key for each account you want to use.
Yes, it holds no information about your internet accounts, it’s merely a tool for authentication.
An abbreviation for ‘near field communication’. This technology allows devices to share information by coming into close proximity with one another – the most popular use of this system is in contactless payments.