It doesn’t take much for a technology to excite me and then subsequently fail me. Case in point, a YubiKey 5 NFC security key. I bought it on November 6, 2019 for $51.94. I was excited to use this new bit of technology, thinking that it would at least be a valuable experience for me when it came to 2 factor authentication and honing my security skills. The NFC bits were very attractive and the website clearly displayed iPhone as compatible, so why not? Chip in all the way, it’s only $50!
What I got did not at all match my expectations. The NFC doesn’t work, or at least required at the time a different kind of iPhone than the one I had, which was an iPhone 6S Plus, so that was deceptive advertising leading me nowhere. The NFC part works nowhere, so it’s just marketing mumbo-jumbo for me. I then plugged it in to my USB port on my MacBook and was dismayed to see that it doesn’t really do what I thought it would, no way to get any of my TOTP settings onto the device, no applications to make it convenient to use on my MacBook Pro, but there was a way that I could put my GPG Key for my main account on there. So I did that. Then after doing that I realized that the private key had been moved onto the Yubikey and a stub left on my MacBook Pro, meaning any time I wanted to decrypt anything I needed the YubiKey. I didn’t have a choice when it came to having it in both places, and I accepted that because I rarely if ever use my GPG key since it’s a dead-on-arrival technology itself.
All of this was an immense flash in the pan. I did learn a lot, and I guess it was worth the $50 I spent on it. Maybe I can return it to the manufacturer, as I have returned it to factory specs. If they don’t allow that, then I’ll likely put it up for sale on Facebook, Craigslist, or eBay.
What I got out of Yubico and their Yubikey is that it is like a lot of other security tools, pretty much meant for a very niche marketplace where people who would buy into these sorts of things are sold on the how, just looking for the what. I wouldn’t recommend Yubikey to anyone, it is not easy to use and completely unreliable. A little sidebar to mention here as well, if you wanted to use a YubiKey to secure your desktop or laptop computer, which you could do, they strongly recommend you buy two of them, in case you lose one or one gets stolen. The all-or-nothing deal is a huge cold shower.