Yubico YubiKey 5 Nano Two Factor Authentication Security Key - Black - USB-A
- モデル番号を入力してください これが適合するか確認：
- このセキュリティキーで2つのファクター認証を利用して、オンライン アカウントを不正なアクセスから守ります。
- マルチプロトコル対応：FIDO2、FIDO U2F、Yubico ORMV、OATH-TOMP、OATH-HODP、スマートカード (PIV)、OpenPGP、Challenge-Response、アメリカ製。
YubiKey 5C Nano は、ユーザー名/パスワードと組み合わせてアイデンティティティを証明するUSBデバイスです。 シンプルなタッチで、YubiKey 5C Nano はコンピューター、ネットワーク、オンラインサービスへのアクセスを守ります。
オールインワン構成のセキュリティキーパフォーマンス：スマートカード(PIV)、Yubico ORMV、FIDO U2F、FIDO2、OpenPSP、OATH-TOMP、OATH-HODP、Challenge-Respons。 Yubicoは、YubiKeyを自分で設定する自由でオープンソースツールをご提供しています。
純正アプリより簡単かつ安全: SMS または SMS 経由で受け取ったり、認証アプリから受信するスマートフォンにもう一切手間がかかりません。 YubiKeyを差し込むだけで、タップするだけで、残りのものになります。
数百種類のアプリケーションで箱から取り出せます: Facebook、Gmail、GitHub、Dropbox、Dashlane、LastPas、Salesforce、Duo、Docker、Centrify、何百ものもの間の人気のあるサービスで使用できます。 コンピュータログイン（Windows、Mac、Linux）に設定可能。 YubiKeyを登録するために、各サービスが提供する指示に従ってください。
YubiKey: YubiKeyを各サービスでYubiKeyを登録する方法についてはyubico.com/setupに進みます。 YubiKey 5C Nano をサービスとサービスに変化させることができます。 Yubico は自分のテストに基づき、指示に従って、そのサービスにリンクを供給しています。
USB Type A互換: USB Type Aポートに接続。 ライトニングやUSB-Cポートを搭載したデバイス用のアダプターを購入して、1回のパスワードを実行します。
非常に高い耐久性 (IP67クラス評価IEC 60529): 高品質、耐クラッシュ、防水。
1) The product does not come with a manual. Instead, it points you to Yubico's Getting Started site which is not a helpful site. Trying to find further documentation using Yubico's support site is an exercise in frustration.
2) Getting the YubiKey 5 setup with 1Password is confusing, even for a tech-head like myself.
3) The YubiKey 5 does not work with 1Password. I can enable 2FA on my 1Password account using the YubiKey 5 and I can use it to unlock my account when using 1Password on a computer. However, I cannot unlock 1Password on my phone using the YubiKey because 1Password has not written the necessary code to allow 1Password to use the YubiKey 5's NFC feature. Since the YubiKey 5 obviously cannot be plugged into an iPhone, 1Password becomes completely unusable on iPhones.
4) Yubico advertises that the YubiKey 5 works seamlessly with password managers such as 1Password, but this could not be further from the truth. Enabling 2FA on my 1Password account using a YubiKey requires that I also use the Yubico Authenticator app. Rather than simply inserting my YubiKey into the computer and logging in, I am required to first insert the YubiKey, then open the Yubico Authenticator app, find the login I need a code for, copy that code to my clipboard, navigate over to 1Password, paste the code, and only then can I finally unlock the application. This is not a seamless process.
In order to improve, the YubiKey 5 needs to dramatically improve the quality of their setup documentation and support website. Yubico also needs to provide a much more honest description of the process involved in using the YubiKey 5 with password managers such as 1Password.
Until changes are made to the YubiKey 5, I definitely cannot recommend the product to anyone who uses 1Password.
If you are serious about 2 factor authentication, then this is a great product!
Most large companies such as Microsoft and Google will support this key natively within their account security settings. You can only count on support growing in the future. The odds are high that iOS 13 will introduce native support for FIDO2 authentication within Safari over NFC... and Yubico has a lightning version in the works currently.
That being said I’m puzzled at the one-star reviews. It shouldn’t take hours or even days to plug in a device to your USB port, and paying for LastPass Premium has absolutely nothing to do with this product.
In short, I think it's a really neat device, which can help improve your digital security, if you're willing to invest the time/energy to research it. I bet your identity is worth more than $45.
* Very versatile, lots of features
* Cutting edge security, WebAuthn is now a web standard (March 2019)
* Backed by significant tech players
* NFC wireless connectivity
* Should work with most Android devices
* Durable build
* Documentation is limited and scattershot, you will need to teach yourself
* More expensive than some alernatives
* Limited FIDO2/WebAuthn support right now (April 2019)
* Limited iOS/iPhone support right now
* Many overlapping, confusing tools available
* Only some functionality exposed in GUI tools, there is much, much more on command line and via APIs
* No firmware upgrades
* Can't backup or copy a YubiKey
* Closed source, proprietary design -- no possibility of independent audits
The documentation is admittedly scattershot, so here is a summary of what I've learned. Think of the YubiKey 5 NFC as having three separate, built-in apps: 1) FIDO, 2) CCID, 3) OTP. Each of these apps has multiple functions.
--1) FIDO app--
* FIDO2: The newest standard, supported by most web browsers now, expect to see more websites transitioning to FIDO2/WebAuthn logins in the coming years. DropBox and Google are two notable websites that support it today.
* U2F: The old pre-FIDO2 approach, partially supported by some browsers and websites.
--2) CCID app--
* OATH: Install the Yubico Authenticator to configure this. Similar to Authy, Google Authenticator, etc. TOTP provides time-based one-time passwords, HOTP provides counter-based one-time passwords. More secure replacement for the SMS- and email-based 6-digit login codes you may be receiving now, if you have 2FA enabled on your accounts.
* PIV smartcard: Can be configured for logging into some computers.
* OpenPGP: Useful for email encryption, signature verification, SSH logins.
--3) OTP app--
* You get two configurable slots, they can be: Yubico OTP, challenge-response, static password, or OATH-HOTP.
To summarize, you get FIDO2, U2F, OATH, PIV, and OpenPGP apps out of the box, plus you can choose how to configure two *additional* slots to suit your needs. One of them is pre-configured with Yubico OTP, which requires internet access and registration with Yubico.
The most useful feature to the average user will be the FIDO app, although currently (April 2019) there is almost nowhere to use it. Buying this today is like being on the bleeding edge, although Yubico contributed to the FIDO2 standards. WebAuthn means websites don't store passwords anymore (not even encrypted), and phishing becomes far more difficult, as your authenticator device is only associated with a single website. The idea is to use devices like the YubiKey, an optional PIN, as well as biometric data (fingerprints, iris scans, etc) to identify the user, instead of relying on a shared password. The YubiKey can store "unlimited" FIDO credentials.
The second most useful feature is the OATH app. To use this, you must install the Yubico Authenticator app on your computer or mobile device. When you insert the YubiKey, you will see the list of one-time passwords. However, there is a limit of only 32 slots. NOTE: OATH-HOTP uses a counter and will eventually roll over, so it has limited uses, but TOTP is time-based and should work indefinitely.
Equally useful is the static password option, which you can enable in an OTP slot. This lets the YubiKey "type" in a password on your computer, in many situations where other authentication isn't possible. For example, you can type your own easy-to-remember password, and then add the YubiKey static password at the end. This should work universally on devices supporting USB input.
The other options are more specific and for the advanced or power user with some IT background. Configuring OpenPGP properly is not trivial, nor is it likely to be used by the average person. However, if you are in IT or need the added security, you can add your encryption, signing, and even authentication keys to the YubiKey (once stored, they cannot be retrieved). I've successfully logged into SSH servers and committed to GitHub using this technique -- it works perfectly. You will need GPG or similar installed to configure this.
If you don't know what PIV smart cards are, you likely won't have a use for them, however you can configure Linux and Mac boxes to take advantage of this for logging in, as well as on Windows domains. I imagine this is more useful in large organizations.
The downsides are not inconsiderable. You are essentially trusting a closed, proprietary device, but it has been proven time and again that "security through obscurity" doesn't work. If there's a critical bug in the design, you are stuck with it, as there is no way to upgrade the firmware. You cannot retrieve secret data from the YubiKey, but this means you can't make a backup or copy once it has been configured. You need to duplicate the key *during* configuration, or save a record of all the secret data. Keep that in mind.
A final note is that the YubiKey has both USB and NFC connectivity. If your smartphone supports NFC, you can simply hold the YubiKey against it to authenticate. If you can't use NFC or don't want it, you can disable it with the YubiKey Manager. You can selectively disable USB and NFC for each app. NOTE: you can buy a cheap USB OTG adapter and still use your YubiKey with your smartphone, to an extent.
The support service was among the best I have ever received. Chis and especially Daniele were just superb. Thank you guys your are stars. Following their help made the setup quite easy.
Great product useless documentation.