How to select the correct YubiKey


Before looking into which YubiKey would suit your needs the best, it’s important to understand what a YubiKey is,

 

The YubiKey is an extra layer of security to your online accounts. When logging into an account with a YubiKey registered, the user must have the account login credentials in most situations (username+password), and the YubiKey registered to the account. This physical layer of protection prevents many account takeovers that can be done virtually. 

Yubico offers plenty of different form-factors for the YubiKey as well as different options for the connectors. To choose your YubiKey, ask yourself the following questions: 


What USB-ports do the devices you wish to protect have?

What form factor do you prefer? 

Which services would you like to use the Key with? 



Spare keys and service support

Best practice is to always buy a spare key as well, in case you lose your main key. The form factor of the spare key does not need to be the same as your first purchased key but the product family should be the same (e.g. if your primary key is from the YubiKey 5 Series, then your backup should also be from the YubiKey 5 Series).

Please note that our Works with YubiKey Catalog may not list all the services that are compatible with our products. If the service could not be found in the catalog it could still support YubiKeys only that the service has chosen not to enroll in our Works with YubiKey Program. Please contact the unlisted service's own support to check if they have support for the YubiKey or not. 




*Security Key Series 

These models only support FIDO2/passkeys and FIDO U2F. It is important to note that not all services have support for the FIDO protocols. Use the Works with YubiKey catalog to see if the services you use are compatible or not. If these models are not compatible with the services you want to protect, you will want to select a YubiKey from the 5 Series instead. 

 

A few other popular functions that require a YubiKey from the 5 Series are:

For more information about the differences between the Keys, please check our Comparison Chart here.

*YubiKey Bio - FIDO Edition Series

These models are built and are optimized for desktop use cases - they do not support NFC connectivity. They will work anywhere that supports FIDO protocols. They works best with desktop operating systems, web browsers, and client applications that support the (FIDO) CTAP 2.1 standard. These devices are not intended to be used with mobile devices at this time as the user experience on mobile may be inconsistent due to limited CTAP 2.1 support.

If you’re interested in using a YubiKey on mobile, The YubiKey 5 Series offers the most functionality and highest range of supported use cases. For FIDO only usage, it is also possible to use a Security Key Series device.

 

A few other popular functions that require a YubiKey from the 5 Series (the YubiKey Bio series is not supported) are:

For more information about the differences between the keys, refer to the comparison chart here.




For businesses working in/with regulated industries

Most businesses will not need a FIPS-validated key. FIPS stands for Federal Information Processing Standard. The YubiKey 5 FIPS Series is primarily used for companies working in or with regulated industries, usually federal or government agencies. FIPS is a security certification that meets strict security standards. You can learn more here 




Comparison chart

If you still need more information about the differences between Yubico products, refer to the comparison chart here