Yubico, a company that sells physical security keys for two-factor authentication, today announced the launch of the new YubiKey 5C NFC, pairing USB-C and NFC support in a single device.
/article-new/2020/09/yubikey1.jpg?lossy)
According to Yubico, the YubiKey 5C NFC is the first multi-protocol security key that supports smart cards. With the NFC integration, the YubiKey 5C NFC features tap-and-go authentication that works with all major browsers and operating systems, plus it continues to offer a physical USB-C connector.
Like other devices in the YubiKey lineup, the YubiKey 5C NFC is a hardware-based two-factor authentication dongle that is designed to work with hundreds of services to make logins more secure. It's more convenient than software-based two-factor authentication because you don't need a security code. Just connect it to a USB-C device or tap it on an NFC-compatible iPhone to authenticate.
/article-new/2020/09/yubikey2.jpg?lossy)
"The way that people work and go online is vastly different today than it was a few years ago, and especially within the last several months," said Guido Appenzeller, Chief Product Officer, Yubico. "Users are no longer tied to just one device or service, nor do they want to be. That's why the YubiKey 5C NFC is one of our most sought-after security keys -- it's compatible with a majority of modern-day computers and mobile phones and works well across a range of legacy and modern applications. At the end of the day, our customers crave security that 'just works' no matter what."
YubiKey 5C NFC is compatible with common password management apps like 1Password and LastPass, and it also works on the web. It supports multiple authentication protocols such as FIDO2 and WebAuthn, FIDO U2F, PIV (smart card), OATH-HOTP and OATH-TOTP (hash-based and time-based one-time passwords), OpenPGP, YubiOTP, and challenge-response, so a single key can work with multiple services and applications.
The YubiKey 5C NFC can be purchased for $55 from the Yubico website.
Top Rated Comments
Did you find something that's better/cheaper?
It is not possible* for someone to alter the code on a YubiKey once it has been programmed and sealed at the factory.
To me this would be a whistleblower moment for higher-ups. They are throwing away both a massive capital investment, and quite literally (when used properly) the best tool they have against both phishing and lateral movement in their network, because they fail to adequately understand what they are working with and do a proper risk assessment.
Stories like this anger me so much. We need the best security we can possibly get, especially in an age where so many peoples' personal data is being collected and stored. But no, instead of asking the right questions, doing proper research, and doing a proper risk analysis, we're going to use something inferior.
(*as with anything else, yes, I'm sure it's possible somehow, but 1. not by persons of ordinary means and 2. not without physical destruction of the device or other evidence of tampering. Your security team is flushing value down the toilet over the smallest possible chance of compromise.)