Yubico - YubiKey 4 - USB-A, Two-Factor Authentication

An excellent multi-factor authentication token. As a programmer, it supports everything I need: HOTP, Yubico OTP, U2F, static passwords, OpenPGP smartcard support, and the most recent version of the Yubkey 4 with the 4.3.1 firmeware even supports attestation features for cryptographic signatures, etc. It also supports TOTP, but due to the lack of a clock on the device, you must synchronize the clock through a separate authenticator application. There is no iOS version of this authenticator, but desktop and Android versions exist. It's otherwise standard TOTP RFC compliant, much like Google Authenticator.Note that this model does not support NFC (and the Yubikey with NFC support doesn't have all the Y4 features, either). So, make your choices wisely.If you are a programmer and want to add 2FA to your applications, the Yubico OTP option is an excellent choice, even if non standard. All Yubikeys are preconfigured by default to use a Yubico OTP configuration in their default slot, and these are registered when they ship you the device. This makes initial rollout dramatically simpler. The Yubico OTP API is also very easy to use for the most part, and you can even run the authentication servers on your own (if you buy a compatible TPM module like the YubiHSM). I integrated Yubico OTP into one of my applications in an hour or so, and the net effect is anyone can plug in a newly bought Yubikey, right out of the box, and add 2FA to their device in seconds, without QR codes or smartphones.The addition of U2F is nice. Unfortunately it is only supported by Chrome at the moment, or Firefox with a 3rd party extension. I'm a Chrome user mostly, but I still find this particular bit somewhat disappointing - it's somewhat of a minor amount of lock in. If you're using U2F, I strongly suggest also making sure you support regular TOTP or Yubico authentication as a backup for any users, of course, who want to migrate. Hopefully Mozilla, Microsoft and Apple will follow through with U2F support in time.As a programmer, in particular, having a stable smartcard compatible device to manage GPG and SSH keys is also extremely powerful, but I admit I have not taken the plunge yet. This requires GnuPGP 2.1 at minimum for the most recent features, like ECC support. These devices also do not support every signing or cryptographic protocol, obviously. From what I can tell: if you're using 2k/4k RSA keys, then you're good for PIV/attestation, GPG and SSH support. If you'd like to use ECC, you will have to settle on ECDSA via NIST P-256 or NIST P-384 for your GPG and SSH keys. Finally, if you want ECC for PIV/attestation, you *only* get secp256r1 or secp384r1. If you're like me and have ed25519 keys, you're totally out of luck.However, overall this is an excellent product, and I highly recommend it. Having used a previous Gen2 Yubikey for years, they are near indestructable, cheap, easily provisionable, and have good management software.

I got this so you cant log into my Gmail without it. I got it so you cant log into my PC without it. Sure, its a pain to always whip this out. But i know my pc is safe, do you? I know my emails are safe, do you? I dont use the phone codes or text codes, so if i ever get one i know there is a problem and would sort it out immediatly. Having this key puts me at ease with my devices. I got one of the nfc for the mobile but yet to get a phone that corresponds as the new samsung is 700. Waiting to get an upgrade with my carrier and then will use it with the mobile as well. I feel these should of been mainstream so long ago. Not until Gmail started having a section in your account where you could see what devices/ip's were logging in and out of your email did i think i would need some extra security. One day i woke up with someone from new jersey logged into my email, then facebook as well. The idea of needing a physical key to log into one's accounts is in my opinion the only way to go. You guys who dont think so, well then i guess you dont mind the thought someone could easily impersonate you or delete your crucial emails ect. Any one who uses logmein or teamviewer you are leaving your devices open to the world. Identity theft is the new racket. 20 years ago they were selling cigarette cartons and roughing up business owners for weekly payments. Why go though all that hassle when they can steal a few numbers and charge your account to the max and move on. I can think of so many reasons this should go mainstream. If your thinking of getting this product then get it because its about 50$ to protect your information. Small price to pay.

This is an excellent 2FA token. I've been using it for a few months and I like the form factor, build quality, and it always works correctly.Below is copied direct from the YubiKey Website.SPECIAL YUBIKEY 4 FEATURESWorks on Microsoft Windows, Mac OS X, Linux operating systems, and on major browsersSupports multiple authentication protocols, including Yubico OTP, smart card (PIV), and FIDO U2FHardware secure elements guard your encryption keysRSA 4096 for OpenPGPSupport for PKCS#11CORE YUBIKEY FEATURESWorks instantly, no need to re-type passcodes from a device — replacing SMS texts, authenticator apps, legacy OTP tokens, and similar devicesIdentifies as a USB keyboard, smart card and smart card reader — no client software or drivers need to be installed, no batteries, no moving parts — and works over USBCrush-resistant and waterproof; YubiKey 4 is practically indestructible during normal useThe keychain size weighs only 3g, and attaches to your keychain alongside your house and car keys; the smaller nano size weighs only 1g and fits inside your USB portIntegration within minutes with free and open source server softwareManufactured in USA and Sweden with high security and qualityFIDO U2F is an emerging open authentication standard, with native support in platforms and browsers. U2F breaks the mold for high security public key authentication, removing the complexity of drivers, specialized client software, and the traditional costly CA model. With FIDO U2F, one single YubiKey 4 or YubiKey 4 Nano supports any number of online services, with no user information or encryption keys shared between the service providers.