How to select the correct YubiKey


Before looking into which YubiKey would suit your needs the best, it’s important to understand what a YubiKey is:

The YubiKey is an extra layer of security to your online accounts. When logging into an account with a YubiKey registered, the user must have the account login credentials (username+password), and the YubiKey registered to the account. This physical layer of protection prevents many account takeovers that can be done virtually. 

Yubico offers plenty of different form-factors for the YubiKey as well as different options for the connectors. To choose your YubiKey, ask yourself the following questions: 


What USB-ports do the devices you wish to protect have? 

What form factor do you prefer? 

Which services would you like to use the Key with? 



Spare Keys and Service Support

Furthermore, we at Yubico always recommend you buy a Spare Key as well, in case you lose your main Key. The form factor of the Spare Key does not need to be the same as your first purchased Key. Just make sure that it supports the security protocols you need. Please use our Works with YubiKey Catalog.

Please note that our Works with YubiKey Catalog may not list all the services that are compatible with our products. If the service could not be found in the catalog it could still support YubiKeys only that the service has chosen not to enroll in our Works with YubiKey Program. Please contact the unlisted service's own support to check if they have support for the YubiKey or not. 




*Security Key NFC 

The Security Key NFC only supports the protocols WebAuthN, FIDO2 and U2F. It is important to note that not all services have support for Security Key NFC. Please use our Works with YubiKey Catalog to see if the services you use are compatible or not. If the Security Key NFC is not compatible with the services you want to protect you will want to select a YubiKey from the 5 series instead. 

 

A few other popular functions that require a YubiKey from the 5 series (the Security Key NFC is not supported) are:

For more information about the differences between the Keys, please check our Comparison Chart here.

*YubiKey BIO & *YubiKey C BIO

The YubiKey BIO is built, and is optimized, for desktop. It will work anywhere a FIDO2/U2F key works. It works best with operating systems, Web browsers, and client applications that support the (FIDO) CTAP 2.1 standard. We don’t advise using the YubiKey Bio with mobile devices at this time as the user experience on mobile may be inconsistent due to limited CTAP 2.1 support.

Please also note this key does not support NFC. If you’re interested in using a YubiKey on mobile, we recommend using the YubiKey 5 Series, specifically the YubiKey 5 NFC, YubiKey 5C NFC or the YubiKey 5Ci. For FIDO only usage, it is also possible to use a Security Key Series device.

 

A few other popular functions that require a YubiKey from the 5 series (the YubiKey BIO series is not supported) are:

For more information about the differences between the Keys, please check our Comparison Chart here.

 

 

 

iOS & iPad - Support 

If you have an iPad Pro, please note that our YubiKeys are not compatible with Yubico Authenticator because the iPad Pro does not have lightning or NFC capabilities. At this time, due to MFI, only lightning ports are compatible with iPads. Please note that in version 1.7.0 of the Yubico Authenticator USB-C support was added to iPads running iPadOS 16.1

 

When it comes to iPhones, please be aware that only iPhones 7 and newer support NFC in the way that is required for use with YubiKeys. The NFC on older iPhone models only works with Apple Pay. To work with a YubiKey, the NFC must have read and write capabilities.

 

If you want to know more about iPad support, please read this article




For businesses working in/with regulated industries

Most businesses will not need a FIPS certified Key. FIPS stands for Federal Information Processing Standard. The YubiKey 5 FIPS keys are primarily used for companies working in or with regulated industries, usually federal or government agencies. FIPS is a security certification that meets strict security standards. You can learn more here

 

YubiKey 5 Series FIPS (firmware 5.4.3. and up) does now support OpenPGP and they also support FIDO2. 




Comparison Chart

If you still need more information about the differences between our Products, please take a look at our Comparison Chart