This is the third article from the series focused on the FIDO keys from couple manufacturers.
About Yubico
According to the official webpage
Yubico was founded in Sweden 2007 with the mission to make secure login easy and available for everyone.
In 2011, Stina, CEO & Founder, and Jakob, Chief Innovation Officer & Founder, moved to Silicon Valley to make the dream happen. In close collaboration with the leading internet companies and thought leaders we created native support for our security keys in the major online platforms and browsers, enabling a safer internet for billions of people.
Additionally, Yubico is a member of Microsoft Intelligent Security Association and FIDO Aliance
Keys Overview
In this article I’d like to share with you my thought after 2 weeks of using Yubico security keys:
| Model | YubiKey 5C Nano | YubiKey 5C NFC | YubiKey 5C | YubiKey 5 NFC |
| Picture |  |  |  |  |
| Supported OS | Windows PC, Mac, Linux, Android. | Windows PC, Mac, Linux, Android. | Windows PC, Mac, Linux, Android. | Windows PC, Mac, Linux, Android. |
| Interface | USB-C | USB-C, NFC | USB-C | USB-A, NFC |
| Features | Windows Hello, TOTP, HOTP | Windows Hello, TOTP, HOTP | Windows Hello, TOTP, HOTP | Windows Hello, TOTP, HOTP |
| Security algorithm | RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384 | RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384 | RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384 | RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384 |
| Standard | FIDO2, U2F | FIDO2, U2F | FIDO2, U2F | FIDO2, U2F |
| Notes |
AAGuids
| Model | AAGuid |
| YubiKey 5C Nano | ee882879-721c-4913-9775-3dfcce97072a2a |
| YubiKey 5C NFC | 2fc0579f-8113-47ea-b116-bb5a8db9202a |
| YubiKey 5C | ee882879-721c-4913-9775-3dfcce97072a |
| Yubikey 5 NFC | 2fc0579f-8113-47ea-b116-bb5a8db9202a |
Azure AD integration
All provided security keys are working properly with Azure AD and Windows Hello for Business.
LAB details
In order to do the tests for this article I have created dedicated user called yubikeytester in my lab.
In my lab, I have created a dedicated group called Passwordless which is used for FIDO2 Security Key authentication method.
PIN Key setup
As always when you want to add new authentication method to your account – you have to go to mysignins.microsoft.com and add new Security Key and configure PIN
If needed you can set up it using Yubikey manager software available to download from this link: https://www.yubico.com/support/download/yubikey-manager/
Outro
As you most probably noticed I have shown you how those keys could work with Azure AD and related services.
The final comparison between other manufacturers’ keys will be described in the last episode of the series.
Test devices were provided by Yubico
https://www.yubico.com/
Comments are closed.