Yubikey
The YubiKey is a device that makes two-factor authentication as simple as possible. Instead of a code being texted to you, or generated by an app on your phone, you press a button on your YubiKey. That’s it. Each device has a unique code built on to it, which is used to generate codes that help confirm your identity. Press the button and you can log in.
What is two-factor authentication?
Passwords are terrible. Most are too easy for hackers to guess, and the rest are too long or complicated for humans to remember. Even secure passwords are useless once they’ve been leaked, and leaks are basically inevitable. For these reasons, and more, it’s a good idea not to rely entirely on passwords. That’s the entire idea behind two-factor authentication (often shortened to 2FA).
The YubiKey represents a third way of doing two-factor authentication: hardware authentication. Apps ask you to plug a tool like a YubiKey into your device and press a button. The YubiKey sends a unique code that the service can use to confirm your identity. This is more secure, because the codes are much longer, and more convenient, because you don’t have to type out the codes yourself.
There’s a lot more nuance than this, of course. But for the most part, you just need to know that it’s 2FA that’s more secure and easier to use.
Why is a YubiKey better than other 2FA?
We’ve gone over this a little, but let’s talk about why a YubiKey (and similar devices) is better than other forms of 2FA. To name a few:
- Convenience. SMS, email, and authentication apps all require that you copy and paste, or manually enter, a code. With the YubiKey, you just press a button on a device attached to your computer.
- Much longer codes. Other 2FA methods typically only send you a six-digit code to confirm your identity, basically because it would be unreasonable to expect humans to type much more than that. YubiKeys don't ask you to manually type a code, so they're free to use much longer codes. That's more secure.
- Easy to migrate. Did you get a new computer? Just unplug your YubiKey from the old one, plug it into the new one, and you can log in to all of your apps, same as before. You can also use one key to log in to your account on multiple computers. I've found the process to be much easier than migrating other 2FA.
- Really hard to hack. It's relatively easy for hackers to compromise your email or SMS. It's a lot harder—close to impossible with current technology—to fake the codes generated by a unique hardware device.
Again, there’s a lot more nuance here, but these are the broad advantages of the YubiKey over other forms of 2FA.
How do I stop accidentally triggering my YubiKey?
If you leave it plugged into your notebook, it’s surprisingly easy to trigger accidentally—particularly when picking up your laptop.
It’s not so much a button as it is a thin strip of metal that triggers when touched. When you touch it, it thinks you’re trying to log in to something, which results in a secure code being entered in whatever text box you have open, and then the enter key being “pressed”.
These codes are generated by OTP, which is one of the protocols that your YubiKey uses to connect to servers. You could stop this from happening altogether by turning off OTP, but that might break your ability to log in to some services.