TrustRadius: an HG Insights company

Yubico YubiKeys

Score9.4 out of 10

139 Reviews and Ratings

Learn More

What is Yubico YubiKeys?

Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and delivers users authentication with a simple touch or tap.

Categories & Use Cases

Reviews

What users are saying about Yubico YubiKeys.
View all reviews

Yubico YubiKeys is a secure easy to use solution that has made our company more secure

Incentivized
Chad ByrdView profile
IT Systems Engineer in Information Technology at Betenbough Business Services (201-500 employees employees)

Use Cases and Deployment Scope

We currently use Yubico YubiKeys for our higher at risk users that have access to sensitive company information. For us it is an easy secure way for them to be secured and not worry about unauthorized access to sensitive data we need protected. It also assures that we reduce the risk as much as possible for risk of credential theft.

-we are now exploring the ways that YubiKeys can also be used for personal security of items and the different ways to implement the service and hardware to get the most benefit for our company and people.

Pros

  • Fast easy authentication to hardware and software
  • Easy for users to use
  • Easy to keep up with

Cons

  • We have had a couple of instances of issues with the key not working correctly intermittently
  • Some issues with users breaking keys as some models are slightly flimsy
  • Overall we are happy so I can’t think of anything else

Most Important Features

  • Easy to set up
  • Overall great hardware
  • Small form factor
  • Many different options for hardware style

Return on Investment

  • Defiantly a reduction in password resets for some higher level users that we had issues with in the past
  • Feeling secure in the knowledge that our data is secure with using Yubico YubiKeys
  • Easy to integrate and use with our windows products

Alternatives Considered

SecurID

Other Software Used

CrowdStrike Falcon, Proofpoint Threat Intelligence Services, Rapid7 InsightIDR

Usability

Yubico Review

Incentivized
Fredrik Forsell
CIO in Information Technology at RödSvart (1-10 employees employees)

Use Cases and Deployment Scope

So we use the YubiKey for securing most of our cloud services, like Office 365, Microsoft 365 mainly, but also other things like password managers. And as far as the services will let us, we try to use mainly the Yubikeys for the physical security tokens and trying to use them for passwordless access to avoid the risks of password theft.

Pros

  • The setup is very easy. It's well documented and it's well supported with most services.

Cons

  • The backup situation is a hard problem to solve, but it needs to be resolved sooner or later because as it is now, if you have two Yubikeys, you have to enroll them both. When you lose one, you have to remember which one to deactivate and that's a hassle. Fortunately that doesn't happen very often. But having a backup Yubikey that you don't have to enroll everywhere but they can switch over to would be a dream.

Most Important Features

  • Ease of use
  • Hardware security

Return on Investment

  • I'd say it's enhanced our security and it's very easy to get the users to use them. It's very, at least easy to teach them how to use them.

Other Software Used

Google Authenticator, Microsoft Entra ID

Yubico YubiKeys Review

Incentivized
Wez Ireland
Information Security Consultant in Information Technology at Aquanow (51-200 employees employees)

Use Cases and Deployment Scope

The primary problem it solves is the non-repudiation. So knowing that the person logging in is the person who has the key and it's our employee. So the use case is things like there's none other MFAs that you rely on cell phones or QR codes that can be shared. A physical key cannot be shared.

Pros

  • It's fast speed. You don't have any help. Pull out a phone and load a code or pull out a phone and do, yes, this is me. It's like plug it in, pop and acknowledge the MFA request.

Cons

  • I think the supply chain of getting them is probably the biggest challenge. So getting them out to use in a decentralized workforce. So having to go through Amazon or some other reseller and load addresses and try and get them out to employees as a part of our onboarding process.

Return on Investment

  • So risk reduction in terms of accessing very sensitive systems. For example, having root level access to AWS, that's only, we have a multi key set up on the root account and then those shared with say shared issued to a handful of constituents and geographically dispersed so that no one person is held all the keys so to say. So definitely a risk reduction in terms of accessing standard information in enterprise.
  • Speed for the end user is probably most of the largest benefits. I mentioned the shortfalls is just like when someone uses one you have to go through that's like not like, good scanning code, now you have to pull back to some other solution.
  • The onboarding flow of getting them out to use this depending on not necessarily Yubico's function, I know they do do some distribution, but being able to more tightly weave that into an HRS or IT system.

Yubico YubiKeys Review

Incentivized
Alan Gin
Co-founder and CEO in Corporate at ZeroDown® Software (11-50 employees employees)

Use Cases and Deployment Scope

We're using it for MFA in the business, using it primarily with password manager, so use it to generate passwords, long and encrypted passwords, and then also to help us protect us with email. Personally, I use it from all my bank accounts.

Pros

  • Yeah, just peace of mind, some security, and not worried about whether or not the public key and private key is going to work. MFA is kind of weak, so it gives us a level of confidence.

Cons

  • I can't think of anything.

Return on Investment

  • That's a tough question because right now we haven't had any problems since using it. Again, using with our password managers has just been pretty clean. I haven't had anybody object to using it. They all think it's cool. It could be because they're a bunch of nerds yet.

Other Software Used

Bitwarden, LastPass for Business

Yubico YubiKeys Review

Incentivized
Sree Vaddi
Principal Solutions Architect in Information Technology at Apache (201-500 employees employees)

Use Cases and Deployment Scope

Primary use case is logging in that is authentication and we use for multiple products. One is logging into the machine. The other things we use is the based off of the roles and the responsibilities. We have various apps that require additional authentication after opening the laptop, the server, and that's where we use YubiKey and it's integrated with backend, author and off.

Pros

  • Primarily it's very convenient to use. Then also it assures when we open the machine, the authentication is on when we open the machines, which I refer to laptop, that's a very primary use case for us and that has been consistent along.

Cons

  • It requires a little bit of setup. I think that's where we had a little additional resources spent on it to integrate our current ortho dot with the YubiKey. When we bring in and the newer models, when we bring in, there's a little more maintenance that we need to do on and off every time. So that's something I request to look into to make it more easier.

Return on Investment

  • Many areas in the company, in the open source projects as well, we have used the YubiKey to basic authentication that work seamlessly across whether technical resources or non-technical resources. It has been wonderful for us and that's where we find is the best value for the ROI. And also it has enhanced our security and the recurring maintenance on the logging in forgetting credentials or the attacks on known passwords. So those are all the things became very less or negligible, which is a lot of saving of resources for the company.