|Item model number||Y-072|
|Item Weight||0.16 ounces|
|Product Dimensions||1.77 x 0.71 x 0.12 inches|
|Item Dimensions LxWxH||1.77 x 0.71 x 0.12 inches|
|Is Discontinued By Manufacturer||No|
|Date First Available||September 12, 2014|
Consider these available items
Yubico - YubiKey NEO - USB-A, NFC, Two-Factor Authentication
We don't know when or if this item will be back in stock.
About this item
- Make sure this fits by entering your model number.
- The YubiKey NEO has been upgraded and replaced with the YubiKey 5 NFC.
- View the YubiKey 5 NFC at https://www.amazon.com/dp/B07HBD71HL
- Search “YubiKey 5 NFC” in the Amazon search bar.
Customers who viewed this item also viewed
More to consider from our brands
Customers also viewed these products
Have a question?
Find answers in product info, Q&As, reviews
Your question might be answered by sellers, manufacturers, or customers who bought this product.
Please make sure that you are posting in the form of a question.
Please enter a question.
The YubiKey combines hardware-based authentication and public key cryptography to eliminate account takeovers. Simply tap the YubiKey NEO to your NFC enabled device or insert into a USB-A slot and authenticate with a touch. YubiKey authentication is four times faster than typing a One Time Passcode and does not require a battery nor network connectivity so it is always on and accessible.
- Strong two-factor hardware based authentication
- Easy and fast authentication with a single touch or tap to NFC enabled device
- Reduces IT operational costs
- Crush resistant & waterproof
- Multiprotocol support on a single key
- Made in the USA & Sweden
- Supported protocols: FIDO U2F, smart card (PIV), Yubico OTP, OpenPGP, OATH-TOTP, OATH-HOTP, and Challenge-Response
- Secure element hardware to protect cryptographic keys
- Crypto Algorithms: RSA 2048 and ECC p256
- Interface: USB-A and NFC
- Works on Microsoft Windows, Mac OS X, Linux, Chrome OS operating systems, and on major browsers
- Now works with Twitter! Learn more
- PIV smart card compatible, minidriver available on Windows
- Support for PKCS#11
- Size: 18mm x 45mm x 3.3mm, 3g
- Weight: 3G
Keep YubiKey NEO nearby, wherever you go. Its high quality and crush-resistant body stands up to life's little dings.
Whether it's a puddle or a washing machine, YubiKey NEO beats water with a sealed design, no batteries, and no moving parts.
Authenticate on the go with YubiKey NEO's NFC functionality. Simply tap the key to your NFC enabled device.
Follow the easy instructions provided by the services where you choose to pair your YubiKey NEO. No software required.
Strong authentication across leading mobile platforms
YubiKey NEO works among iOS, Android, Windows 10 smartphones and tablets.
Compare with similar items
Not for use with computers that have non-compliant power systems.
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
You visit myaccount on google, you click 2-Step Verification, and you click "Add Security Key". It then prompts you to plug-in your YubiKey and tap the button. Nothing happens. Now you're stuck.
By default, at least on mine, only OTP mode is enabled on the device. U2F mode is disabled by default, which is required by Google for it to work. In order to enable it, you'll need to download the YubiKey NEO Manager on their website. Once downloaded, run the application, plugin your device and click the "Change connection mode [OTP]" button. Here you'll have an option to enable U2F! And voila! It now works with your Google account. You also have an option to enable CCID in here, but I left it off as I'm not 100% sure what that's for, but may be needed some time in the future.
Hope this helps! I would have given this a 5 star review if only there was better documentation out there to explain this. You would assume that a device that says it supports U2F would have it enabled. There was no intuitive way of knowing this, and quite disappointing for a $50 product.
Here's the deal. If you use PasswordSafe or some other well known tool that is Yubikey friendly, you'll love this thing. If you want to use it for OAUTH or using really long safe passwords, it's quite well suited to that took. I use ridiculous passwords and change them frequently and that's why these are so 'must have' or me.
Fair warning though - installation and use are going to probably be a real challenge for the uninitiated. I can almost guarantee that. There is plenty of support material for it from Yubico, there are plenty of people blogging about it and there are plenty of videos, but until you understand what you're doing it's going to be tough at first. IMHO, it's well worth the hassle of learning and the learning process is tremendously valuable in and of itself.
However, that's where I can't emphasize a point strongly enough. MAKE BACKUPS. It's very easy to change the configuration in a way that you end up locking yourself out of important apps you have precisely b/c it does its job so well. It's a feature that can behave like a bug as the expression says but it's easily remedied by just using backups every time before making a change. Buy two of them if you get one just so you have a backup, you don't want to be stuck if you lose it and have to wait for another one to arrive.
And make really sure that you understand the basics objectives of what it's intended to do. Products that are friendly to it are being added regularly and as useful and just plain awesome as these things are, I'm sure that will grow. However the initial configuration coupled with learning what you're doing is enough to make many people want to throw up their hands and rage quit. I certainly felt like that at first. The learning process alone justifies the cost of buying one. Plan on spending at least two hours minimum learning what it does and how to configure it and realistically, if you want to really 'trick it out' plan on spending quite a bit more time. That said, if you even remotely care about security, every second of that learning time will be useful. Not just because it will help you learn to use the tool, but by seeing that certain features are even available you'll learn a lot about good security practice and you'll probably end up changing the way you do things to become more security focused. These aren't cheap and Yubico has lower priced models that accomplish much of the same but within 3 days of getting my first one, I wanted to upgrade and then I want for a Nano as well.
I love this so much that I actually purchased several for friends of mine, employees and peers that care about security just because I want to see these take off. I don't want to scare you off about the initial configuration but the best way to say it is that some not everything is plug and play. Like most things of real value, you're not going to be able to just run a wizard and be an expert at it. In this case, you'll likely spend a little while frustrated at first getting it to work with whatever the first feature is you decide to use it for. From there you'll almost certainly find yourself in a position of wanting to 'see what else I can do with it' which is where the backups become critical. And like I said, if you only have one, you're vulnerable to being stuck if you lose it so redundancy is your friend here. I've purchased around 20 different keys and all three models and I'll be buying more. I am so smitten with it that I find myself looking to try to convince people who aren't security conscious of how vulnerable they make themselves and convincing them to change their behavior.. Because of my enthusiasm and people seeing what it does for me (for instance, if I look at DropBox or Facebook from my phone people see me putting it up to my phone and asking what I'm doing), I've convinced a few people to adopt them. The others were already looking to try them but hearing my excitement was enough to get them to adopt it. These aren't that cheap that I'd typically go around and indiscriminately buy them for people just to get them to try it but that's what it's done. And so far, I've had two people say "not interested', another 2 give up in frustration and the rest have become as fanatical about them as I am.
Also, you can use the app that Google provides for Gmail and its other services but there's a risk of introducing a vulenerability by using that. Like anything security related, you trade convenience for security. I wasn't overly worried about someone pulling off the attack before when I was using Google's app but it's still there depending on how important the stuff you want to protect is. Nonetheless, so many other services now support Yubikeys, PasswordSafe being the initial impetus for trying it (I have no connection to this company or Password safe, but Bruce Schneier turned me on to PasswordSafe and I definitely trust his judgment on anything security related. If you are security focused you'll know who he is, if you're not, I'd encourage you to check out his blog and follow his advice. In that regard, think about it this way. Is there anything in your email or dropbox or facebook that you wouldn't want the world knowing? Note how many popular YouTubers for instance have had their accounts hacked and commandeered recently. None of them woke up that morning thinking "I'm about to lose control of my stuff". And once your information is taken from you, there's not putting that genie back in the bottle. You 'leak' more information than you can possibly fathom these days and even if you password protect your phone, losing it means the only thing protecting your personal information and secrets from the world seeing them is some malicious person using a Cellebrite machine or similar tool to get through your password. You may think I'm being dramatic but if you think I'm exaggerating in the least (i'm actually not doing the threat justice) go look around at Cellebrite's UFED or similar tools and see how 30 seconds is the only speedbump someone would hit if they had access to your phone and the desire to get your info.
The YubiKey NEO has really set the bar for where these types of devices need to be heading. Many improvements have been made, additional support has been provided, and the device itself has proven to be functional, durable, and secure. I'll just go over some of the basic aspects of the NEO and point out some of the important aspects of the device.
*** WHY BUY IT? ***
I think the first question many people ask is, "why do I need this?" It really all depends on what type of information you need/want to protect. If all you do is browse the internet, not making any online payments or using any services that require a secure password, there's no need for a YubiKey. If you're using LastPass or another program designed to save all of your passwords in one spot using a "master password", you don't necessarily need a YubiKey, although I'd strongly recommend it, especially after the notorious "Heartbleed Bug" hit the news.The Heartbleed Bug is a very serious OpenSSL vulnerability that allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.)
I was originally introduced to the NEO when I was searching for a security key that would help protect my Google account and services. U2F was a necessary service so that narrowed the list down quite a bit. I originally looked at the cheaper keys but settled on this one mainly because of its versatility in terms of usage. I now use it for LastPass in addition to several other services, including several services with 3-step verification (password, challenge question, YubiKey.)
***WHAT IT STORES ***
The YubiKey come with two (2) configuration slots which I use for OTP and U2F (downloading the NEO Manager is needed to set up U2F and it's a program you'll want to have anyway.) U2F is supposedly the security protocol that the industry is headed towards, although at the moment, only Chrome OS, version 38 and up (right now we're on Version 41) and a couple other services use the U2F protocol.
*** SETUP ***
Setup is literally plug-and-play for the most part, unless of course you need to enable advanced features, in which case you would download the YubiKey Manager software.
*** LAST PASS ***
YubiKey and LastPass work together so well, it seems like they were meant to be the combination of choice for 2-step authentication. I use the NEO for my LastPass account and it works great but honestly, as much as I love the functionality of LastPass, I wouldn't trust relying on it by itself unless it was secured by the NEO, too; Just entering a single "master password" in LastPass is not enough security in my opinion. LastPass also supports NFC which is great when using it on your mobile devices. More on the NFC functionality, below:
*** NFC (Near Field Communication) ***
The NEO makes good use of NFC (Near Field Communication) where you simply tap the NEO to the back of your Windows or Android Phone and the phone will sense and read the key, and you're good to go! Only iPhone 6 and iPhone 6 Plus support NFC so if you're using an older iPhone, you want have this functionality. As another reviewer pointed out last year (and is still the case as of 3/29/2015), U2F is not supported with NFC. I'll update the review if/when it is.
*** UNABLE TO UPDATE YOUR YUBIKEY NEO ***
Due to security reasons, YubiKey does not allow for the NEO to be updated should updates be released so whatever your current YubiKey supports is all it will ever support. I understand the reasoning behind this but it would be pretty annoying to buy a NEO and then a couple months later, the new ones are being shipped with updated firmware, supporting additional features.
*** I'll update the review if any new information is available. If you have a question not answered in the review, let me know in the comments section and I'll try to find out for you. ***
Top reviews from other countries
Eigentlich sollte der Yubikey definitiv 5 Sterne von mir bekommen. Einen anderen habe ich schon in Verwendung. Funktioniert auch prima und macht was er soll. Ich finde diese dreiste Aktion seitens des Resellers geht absolut nicht klar..
L'adoption de la norme U2F est très lente, alors que cela est supposé être le point fort de ces types de clés, mais le support OATH–TOTP permet d'utiliser la clé sur beaucoup d'autres sites (le TOTP étant utilisé via des applications mobile/desktop pour générer des clés de vérification temporaires).
L'entrée de mots de passe statiques par appui sur le bouton n'est pas adaptée à des OS réglés sur un clavier non-anglais, les lettres étant entrées en qwerty (un contournement assez complexe à mettre en oeuvre pour le grand public est possible mais n'a pas fonctionné sur mon modèle).
L'ergonomie des outils de gestion est assez peu intuitive et peut impliquer de partir à la recherche d'informations qui peuvent être cachées au fond du forum officiel (en anglais).
Le fait que le firmware soit en lecture seule, même si c'est une bonne chose pour la sécurité, oblige à racheter une clé pour bénéficier de mises à jour logicielles (même si il faut noter que dans le cas d'une faille de sécurité des échanges ont été proposés par Yubico) : l'hypothétique norme U2F v2.0 ne serait donc probablement pas supportée par les clés actuelles.
Ma YubiKey a cessé de fonctionner en USB après un an et demie, alors que la garantie est d'un an : je ne sais pas si je suis un cas isolé mais c'est à prendre en compte lors de l'achat, car vu le prix et le fait que ce soit un modèle "haut de gamme" c'est un peu gênant.
Je ne peux donc plus utiliser l'U2F mais comme sur tous mes sites U2F j'avais ajouté une double authentification TOTP sur la même YubiKey, je m'en sors (le TOTP fonctionnant encore avec l'Authenticator en NFC sur mon smartphone).
La FAQ du site indique "All YubiKeys are nearly indestructible." mais l'état du trou, usé uniquement par le métal d'un porte-clés, ne donne pas vraiment cette impression, tout comme le numéro de série et le QR code au dos qui s'estompent assez vite (ce qui peut s'avérer gênant pour l'inventaire si vous devez en gérer plusieurs).
Dommage que ce modèle ne soit pas mis à jour avec les capacités supplémentaires de la YubiKey 4, ou que la 4 n'ait pas le NFC : c'est ce que j'attends pour remplacer mon exemplaire.
Bref, j'aime le concept mais je souhaiterais aussi être en mesure d'aimer et de promouvoir le produit auprès du plus grand nombre (voire auprès de ma direction pour tous les employés, étant dans un service IT), mais ce n'est clairement pas possible actuellement.
Le manque d'alternatives sur ce secteur ne pousse pas non plus aux améliorations impliquées par une saine concurrence, et Yubico donne l'impression de se reposer sur ses lauriers.
The YubiKey NEO is an two-factor authentication USB device that you attach to a key-ring or lanyard. When inserted into your PC, the user only needs to touch the button on the YubiKey for it to work. It also supports NFC, so you can use the key with an Android device. The device registers as standard keyboards by default, so will work without having to install any drivers.
If you've ever used two-factor authentication, there's a good chance you've used Google Authenticator. But what if someone happens to unlock your phone Yubico's Authenticator app requires the user to tap their YubiKey NEO to the back of their phone before codes are displayed. The app can add any service that Google's Authenticator can. The added confidence in knowing that only someone with your physical YubiKey can access your accounts gives peace of mind to using password managers and online services.