Yubico, a company that sells physical security keys for two-factor authentication, today announced the launch of the new YubiKey 5C NFC, pairing USB-C and NFC support in a single device.
According to Yubico, the YubiKey 5C NFC is the first multi-protocol security key that supports smart cards. With the NFC integration, the YubiKey 5C NFC features tap-and-go authentication that works with all major browsers and operating systems, plus it continues to offer a physical USB-C connector.
Like other devices in the YubiKey lineup, the YubiKey 5C NFC is a hardware-based two-factor authentication dongle that is designed to work with hundreds of services to make logins more secure. It's more convenient than software-based two-factor authentication because you don't need a security code. Just connect it to a USB-C device or tap it on an NFC-compatible iPhone to authenticate.
"The way that people work and go online is vastly different today than it was a few years ago, and especially within the last several months," said Guido Appenzeller, Chief Product Officer, Yubico. "Users are no longer tied to just one device or service, nor do they want to be. That's why the YubiKey 5C NFC is one of our most sought-after security keys -- it's compatible with a majority of modern-day computers and mobile phones and works well across a range of legacy and modern applications. At the end of the day, our customers crave security that 'just works' no matter what."
YubiKey 5C NFC is compatible with common password management apps like 1Password and LastPass, and it also works on the web. It supports multiple authentication protocols such as FIDO2 and WebAuthn, FIDO U2F, PIV (smart card), OATH-HOTP and OATH-TOTP (hash-based and time-based one-time passwords), OpenPGP, YubiOTP, and challenge-response, so a single key can work with multiple services and applications.
We used Yubikeys in our org up through last year. They’re $50+ per piece. Our security team doesn’t allow us to deprovision/reprovision them for a 2nd use once they’ve been issued to the first departing employee because they could then contain malware and be compromised- even after following Yubi’s procedures to scrub them.
Needless to say, we don’t use them anymore because if you can’t safely repurpose an IT asset during its service life, it’s a showstopper.
If whatever you're trying to protect isn't worth 50 USD per employee why bother with the yubikeys in the first place? In most organisations I've worked getting a new employee hired, onboarded and trained up is costed in thousands of dollars at a minimum, 50 USD is insignificant compared to that cost, and items under 75 USD aren't tracked on our asset register.
We used Yubikeys in our org up through last year. They’re $50+ per piece. Our security team doesn’t allow us to deprovision/reprovision them for a 2nd use once they’ve been issued to the first departing employee because they could then contain malware and be compromised- even after following Yubi’s procedures to scrub them.
Needless to say, we don’t use them anymore because if you can’t safely repurpose an IT asset during its service life, it’s a showstopper.
Then I have to say as a fellow tinfoil-hat wearer that your security team is really not smart, or really doesn't understand the YubiKey.
It is not possible* for someone to alter the code on a YubiKey once it has been programmed and sealed at the factory.
To me this would be a whistleblower moment for higher-ups. They are throwing away both a massive capital investment, and quite literally (when used properly) the best tool they have against both phishing and lateral movement in their network, because they fail to adequately understand what they are working with and do a proper risk assessment.
Stories like this anger me so much. We need the best security we can possibly get, especially in an age where so many peoples' personal data is being collected and stored. But no, instead of asking the right questions, doing proper research, and doing a proper risk analysis, we're going to use something inferior.
(*as with anything else, yes, I'm sure it's possible somehow, but 1. not by persons of ordinary means and 2. not without physical destruction of the device or other evidence of tampering. Your security team is flushing value down the toilet over the smallest possible chance of compromise.)
I tell people that I use the last 6 digits of pi. With the people I used to hang around with, that usually got a few chuckles, and a puzzled look for whomever I was telling it to. So anyway...
Wednesday February 2, 2022 2:24 am PST by Tim Hardwick
A man has been sentenced to 26 months time served in prison for his involvement in a conspiracy to defraud Apple out of more than $1 million by tricking the company into replacing hundreds of fake iPhones with authentic handsets through its warranty program. Haiteng Wu, 32, a Chinese engineering post-graduate residing in McLean, Virginia, immigrated to the United States in 2013 and secured...
The European Commission is planning to charge Apple with anticompetitive behavior with regards to Apple Pay, since it is the only payment service that can use the iPhone's Near-Field Communication (NFC) chip, Reuters reports.
EU antitrust investigator Margrethe Vestager has been investigating Apple Pay since June last year, but the European Commission has since centered its focus on the NFC...
Monday February 28, 2022 7:12 am PST by Sami Fathi
When Phil Schiller introduced the Lightning connector at the unveiling of the iPhone 5 in September 2012, he called it "a modern connector for the next decade," and with that 10-year mark coming up later this year, questions remain over what the future of the iPhone looks like and whether or not that future will include a Lightning port, or perhaps no port at all.
Every iPhone since the...
HYPER today announced the HyperDrive "DUO PRO," a 7-in-2 USB-C hub designed specifically for Apple's latest high-end MacBook Pro models, launching on Indiegogo with the first shipments set to go out in January.
The HyperDrive DUO PRO features a Thunderbolt 4/USB 4 port capable of data transfer at 40Gbps, 100W PD, and 6K 60Hz video, an HDMI port with support for 4K 60Hz displays, a 5Gbps...
Satechi is celebrating Pi Day with a new coupon code that takes 25 percent off sitewide for today only. In order to get the discount, you can shop for accessories on Satechi's website and then enter the code PiDAY at checkout.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the...
Anker has returned today with a new Gold Box deal on Amazon, offering discounts on over a dozen of Anker's best charging accessories. This includes USB-C to Lightning cables, USB-C wall chargers, MagSafe-compatible wireless and portable chargers, and more.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
Wednesday March 9, 2022 3:26 am PST by Tim Hardwick
Update: Apple has since confirmed to MacRumors that plugging in a fourth-generation iPad Air or iPad mini 6 into the Studio Display will result in a downscaled 1440p output. According to Apple, the new 27-inch 5K Studio Display supports a range of Macs going back to 2016 MacBook Pro models, but its compatibility with iPads is notably limited to the 11-inch iPad Pro, 12.9-inch iPad Pro...
Today we're tracking a trio of charging deals from companies including Bluetti, Nimble, and Hyper. These discounts can help you save on powerful portable generators, MagSafe-compatible wireless chargers, and USB-C charging accessories.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us...
Tuesday November 29, 2022 11:54 am PST by Juli Clover
An unnamed 27-year-old man who purchased 300 iPhones from Apple Fifth Avenue on Monday morning was robbed shortly after leaving the store, according to 1010Wins Radio in New York.
He was carrying 300 iPhone 13s in three bags and walking to his car at 1:45 a.m. when another car pulled up next to him. Two men jumped out and demanded that he hand over the bags. Not wanting to hand over 300...
Wednesday November 30, 2022 10:09 am PST by Juli Clover
Apple today released iOS 16.1.2, another minor bug fix update that comes one week after the release of iOS 16.1.1 and three weeks after the launch of iOS 16.1, an update that added support for iCloud Shared Photo Library, Matter, Live Activities, and more.
The iOS 16.1.2 update can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update.
According...
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team.
The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said:
This year's App Store Award winners reimagined...
Wednesday November 30, 2022 2:39 am PST by Sami Fathi
Geekbench scores allegedly for the upcoming "M2 Max" chip have surfaced online, offering a closer look at the performance levels and specific details of the forthcoming Apple silicon processor.
The Geekbench results, first spotted on Twitter, are for a Mac configuration of with the M2 Max chip, a 12-core CPU, and 96GB of memory. The Mac listed has an identifier "Mac14,6," which could be...
Tuesday November 29, 2022 1:01 pm PST by Juli Clover
Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue.
According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video...
Wednesday November 30, 2022 12:43 pm PST by Juli Clover
Twitter CEO Elon Musk today met with Apple CEO Tim Cook at the Apple Park campus in Cupertino, California, according to a tweet shared by Musk this afternoon.
Musk thanked Cook for taking him around Apple's headquarters, with no mention of what the two might have discussed. The meeting comes just after Musk on Monday claimed that Apple has "mostly stopped" offering ads on Twitter, and that...
Elon Musk has pledged to offer an "alternative phone" if Apple and Google remove Twitter from their app stores, adding to long-standing rumors about an iPhone rival from Tesla.
Modified iPhone 11 Pro in the style of the Tesla Cybertruck, by Caviar. Musk's remark came after being asked about the potential scenario of Twitter being removed from app stores, which could conceivably happen if the...
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices.
Note: ...
Apple today rolled out an updated Apple Music Replay experience for 2022, showcasing a new "highlight reel" feature.
Subscribe to the MacRumors YouTube channel for more videos. The overhauled experience, which started to be noticed by Apple Music subcribers on Twitter earlier today, puts the new highlight reel feature at the forefront of the Replay webpage, which users are encouraged to...
Monday November 28, 2022 11:00 am PST by Juli Clover
Apple's upcoming iPhone 15 models will be equipped with Sony's newest "state of the art" image sensors, according to a report from Nikkei.
Compared to standard sensors, Sony's image sensor doubles the saturation signal in each pixel, allowing it to capture more light to cut down on underexposure and overexposure. Nikkei says that it is able to better photograph a person's face even with...
Top Rated Comments
Did you find something that's better/cheaper?
It is not possible* for someone to alter the code on a YubiKey once it has been programmed and sealed at the factory.
To me this would be a whistleblower moment for higher-ups. They are throwing away both a massive capital investment, and quite literally (when used properly) the best tool they have against both phishing and lateral movement in their network, because they fail to adequately understand what they are working with and do a proper risk assessment.
Stories like this anger me so much. We need the best security we can possibly get, especially in an age where so many peoples' personal data is being collected and stored. But no, instead of asking the right questions, doing proper research, and doing a proper risk analysis, we're going to use something inferior.
(*as with anything else, yes, I'm sure it's possible somehow, but 1. not by persons of ordinary means and 2. not without physical destruction of the device or other evidence of tampering. Your security team is flushing value down the toilet over the smallest possible chance of compromise.)