Review: Yubico's 5C NFC YubiKey Works Well With Apple's Security Keys Feature

[thefourthpope]

Oh my this makes me feel stupid. I kept reading “physical key” in the articles about the update and thought it was some new term for a really amazing password.

Nope. Y’all really meant a physical key.

No chance. I don’t even carry one for my house any more.

 

[thefourthpope]

That’s the one thing I would have gotten a pair for, and I’m surprised it isn’t required for password changes or similar settings, or at least an option. You need both the key and the password to log into a new device once this is enabled, right?

You need the one key, and your co-captain needs the other, and you have to turn them at the same time or else the missiles don’t fire.

 

[alchemistmuffin]

The YubiKey 5C NFC that I used in this review is priced at $55

I know I might be in the minority here but…..

$55?!?!?!?? THAT’S OVERPRICED!!!!!!! (LET ALONE YOU NEED TWO SO ITS $110 TOTAL!!!!!!!!!) ​

If companies wants security keys to become the norm for logins, they need to convince the companies that make the security keys to lower down the price. I know there’s lot of components needed to make the device secure but average consumers don’t care about that. They want it at affordable price, like at $9.99 (which is average price of 1 TB usb drive. at $110, i can buy 10 of those, which is not necessary)

 

[timestride]

Apple is trying to get rid of your wallet and keyring. These keys seem like a step backwards.

I used to think the same thing, but you mostly only need them when first setting up a device or installing an app for the first time. Hardware keys are best used to support your most critical accounts (email, password manager, & Apple ID). Any of those accounts are the key to the kingdom, but with anything else it is just that one account and a regular TOTP authenticator is good enough protection.

 

[timestride]

That’s the one thing I would have gotten a pair for, and I’m surprised it isn’t required for password changes or similar settings, or at least an option. You need both the key and the password to log into a new device once this is enabled, right?

Yes, password and key for a new device. Wish it would also protect password changes— hopefully Apple will fix that with the bad press they have been getting for how easy it is to do.

The keys are good for more than just protecting your iPhone though. Use them on your accounts that control other accounts— in particular email and password managers. Typically you will only be promoted for the device when logging into those apps for the first time on a device, so it isn’t that much of an additional hassle.

 

[AppleTO]

It’s a no-go for me until (at minimum) iCloud on Windows is supported.

 

[svish]

Seems like a good one. $5 is good price too.

 

[Big Bad D]

I had been considering getting a couple of these, but didn’t realise that they only work on the very latest macOS. I still have a 2025 12” MacBook that I use occasionally.

Good point. And if any Apple device you have linked to your AppleID is not able to have the minimum latest OS then it is not a workable solution.

 

[Dammit Cubs]

Apple not adding a password protection with a recovery key request or a hardware encryption key option is by far one of the dumbest moves.

Passcodes for changing passwords is just plain wreckless.

 

[MacDaddyPanda]

I started using them with my Windows acounts and Gmail. And now I've extended to Apple. And to mirror the security concern of ease to change the Apple ID with just passcode, yeah that just seems so counter to having the physical security key if you can by pass it that easily. But I've been happy with them otherwise.

 

[symphony]

I bought one, I didn’t realize you need two. Although I was on the idea that you can use security keys and two factor.

Just to triple confirm: Two factor is disabled? You can’t receive codes anymore after setting up security keys?

 

[matsan]

Sad to see that Apple just could settle on OTP, but I guess that wouldn't sell additional iOS-devices.

 

[riverfreak]

I have been arguing with USAA for years now to support FIDO (they have good phone-based customer support). Based on forum comments on this topic I am not alone. I use three different banks (2 banks, 1 S&L). None support FIDO althought the S&L has their own hardware key. It appears this is common for banks and S&Ls. WTH. Does anyone know why banks (which I think for most consumers are the most important login) REFUSE to support FIDO ?? USAA forces one to use 2FA via mobile phones... Yeah super secure USAA. Appreciate your insights.

Financial institutions seem to be the WORST at adding enhanced security. It's annoying as all heck.

 

[riverfreak]

I was looking at the price since it’s $29. Nice to know it will work, thanks!

Hey @Mr. Heckles I know we've discussed this same topic in other threads.

I recently picked up three of these $29 Yubikeys.

They are, in my opinion, the way to go. They're cheap, more durable than the 5Ci, and leave out all the useless fluff that some of the other Yubikeys carry.

 

[riverfreak]

🥸

Uh huh.

I find this fascinating. In the pro music world, we have been forced to use products like iLok, which most people hate and don’t trust because of potential loss or failure of the device. Now general users are being encouraged to use a hardware key to authenticate themselves. Hmmm.

I don't see this being promoted to general users at all -- not by Apple at least.

 

[riverfreak]

Sad to see that Apple just could settle on OTP, but I guess that wouldn't sell additional iOS-devices.

This comment baffles. Please explain. And what does it have to do with this context, about a third party provider of security keys?

 

[maryland]

So I take it the Security Key C NFC won’t work for this?

It will absolutely work. In fact, it looks like at least one of the keys in this review is the cheaper FIDO only security key, previously known as the blue key.

Look at the screenshot showing the back of the key. It says “FIDO”, which in this context means “FIDO only” and is printed on the cheaper key to distinguish it from the multi-protocol key, now that the two models share the colour black. You can check it on the Yubico store, the Yubikey proper and the black FIDO only key have different back sides.

This explains why the reviewer couldn’t get the Yubico Authenticator app to work, it’s simply not supported in the cheaper key.

 

[snowyeti]

I was looking at the price since it’s $29. Nice to know it will work, thanks!

The Security Key Series (Blue coloured, and now transitioning to black) won't work with the Yubico Authenticator app as they are FIDO2 only.

You need a 5 Series key if you want to use Yubico Authenticator app to store TOTP codes.

If you have never purchased a YubiKey, go for a 5 series as it will be more useful if you want to lock your mac login or store TOTP codes.

In the review above you can see two YubiKeys. If you have a 5 series and a Security Key series, the way to tell is that the 5 series has a serial number on it, and the Security Key says "FIDO". More information here.

That’s the one thing I would have gotten a pair for, and I’m surprised it isn’t required for password changes or similar settings, or at least an option. You need both the key and the password to log into a new device once this is enabled, right?

You only need one key and your Apple ID password to sign in on a new device. You can enrol up to 6 Yubikeys per Apple ID.

Does anyone know why banks (which I think for most consumers are the most important login) REFUSE to support FIDO ??

Bank of America supports YubiKeys

 

[SurferPup]

Why not attach AirTags to the keys

I was going to suggest that however you beat me.

 

[Mr. Heckles]

Will these work with an adapte? For instance, a USB-C to Lighting. If I got a Yubico key with USB-C and the iPad has a Lighting port, will I be able to use an adaptor?

 

[PinkyMacGodess]

I don't know if 2fa is ready for the general public. As a programmer, I had a SecureID that I had to use to work. I never went anywhere without it, and always kept it in my pocket on workdays, and kept it handy on weekends (JIC), and was amazed that people would lose theirs (it was a HUGE cost if it didn't show up after a certain amount of time). AND the other thing was people put their passwords on PostIt Notes on the backs of the things! And would leave them in their desk drawers, unlocked!

But, back to it, Yubico stresses to have multiple keys enrolled on your account, and that losing a key can mean you are locked out entirely. How many will not follow that advice, and lock themselves out of their electronic lives. With the SecureID I had to use, I could get a 'loaner' if I forgot mine (it took over an hour to get one, and it had to be returned) so it wasn't an issue, but an 'average Joe/Jane' will be SOL.

People really need to take this seriously, and having more warnings *might* help... Might...

 

[PinkyMacGodess]

Why not attach AirTags to the keys

Or like a gas station restroom that used a three foot piece of a 2x4. They got tired of having to pay a locksmith to replace the locks on the doors. Totally get it, but I'm sure someone still took that key. So having copies JIC seems like a brilliant idea to me.

 

[Mr. Heckles]

I know I might be in the minority here but…..

$55?!?!?!?? THAT’S OVERPRICED!!!!!!! (LET ALONE YOU NEED TWO SO ITS $110 TOTAL!!!!!!!!!) ​

If companies wants security keys to become the norm for logins, they need to convince the companies that make the security keys to lower down the price. I know there’s lot of components needed to make the device secure but average consumers don’t care about that. They want it at affordable price, like at $9.99 (which is average price of 1 TB usb drive. at $110, i can buy 10 of those, which is not necessary)

They make a cheaper on for $29 that will work. There are other brands out there too.

Hey @Mr. Heckles I know we've discussed this same topic in other threads.

I recently picked up three of these $29 Yubikeys.

They are, in my opinion, the way to go. They're cheap, more durable than the 5Ci, and leave out all the useless fluff that some of the other Yubikeys carry.

Awesome! I just need to find out if they will work with a Lighting adaptor (Lighting to USB-C). We have 1 iPad with Lightning and no NFC. I don’t want to get a key for one thing that has Lightning, because that will probably get replaced in a year.

I hope I can use 1 key for 2 Apple ID accounts. I was thinking about getting 3 keys, one for each of us, and the 3rd for both account as a back up.

 

[CarAnalogy]

Recently got on the YubiKey train and they work great. One thing that continues to be a disappointment regarding Apple is how easy it is change your Apple ID password. While the physical hardware key keeps other people from logging into your account, it does not actually protect changing your Apple ID password on your actual device. All you need is your pin, and frankly that is not enough. I wish they would require at least your full Apple ID password or a 2nd factor like a YubiKey in order to change.

What the hell? That defeats a lot of the purpose. The hardware key should ALWAYS be required for password changes, that’s the whole point.

 

[Mr. Heckles]

I tried the same yubikeys and went back to the old way of Apple’s 2FA. I kept getting prompted for a security key that was stashed in another part of the house. I don’t want to carry—and guard—yet another device when I travel. iPhone failure on the road? You’re going to need a key with you to activate a replacement iPhone. I’m sure keys are the best choice for Apple to control access to its intellectual property, but for average users I wouldn’t recommend.

What the hell? That defeats a lot of the purpose. The hardware key should ALWAYS be required for password changes, that’s the whole point.

I hope they fix this in an update soon.