Yubico Security Key NFC

A cut-down Yubikey, the Security Key Series provides a classic form with wide function at a lower price.

Vendor Website Purchase from Yubico Purchase on Amazon

Yubico Security Key NFC

CTAP 2.1

Supports CTAP 2.1, including features like enforced PIN complexity, credBlob, largeBlob, and alwaysUv

More Info

FIDO2 Certification

Certified by the FIDO Alliance as conforming to FIDO2 standards

More Info

FIDO L2 Certification

Certified by the FIDO Alliance to meet L2 Security Standards

More Info

Resident Cryptographic Keys

Supports WebAuthn discoverable resident credentials, the building block of passkeys

More Info

Resident ECDSA keys

Supports ECDSA discoverable keys

Resident ED25519 keys

Supports ED25519 discoverable keys

U2F Authentication

Conforms to the U2F Authenticator and WebAuthn standard

More Info

The Yubico Security Key NFC is the FIDO only sibling of the Yubikey 5. It drops PIV smart card, OpenPGP, OATH, YubiOTP, and the static password slots, and keeps the parts most people actually use: FIDO2 and WebAuthn, including discoverable credentials for passkeys.

It comes in a USB-A plus NFC variant and a USB-C plus NFC variant. The USB-C model has its own page at Yubico Security Key C NFC. Yubico also sells a Security Key Enterprise Edition of both keys, which adds enterprise attestation for organisations that want serial numbers tied to registrations.

U2F SSH

The Security Key supports Ed25519 and ECDSA stored keys. Generating them and using them is identical to the Yubikey 5.

EUCLEAK

The Security Key Series is built on the same NXP A700x secure element as the Yubikey 5 and is therefore in scope of the EUCLEAK side channel disclosed in September 2024. Keys with firmware 5.7 or later contain the fix. Older keys cannot be updated and remain vulnerable to a well funded attacker with physical access. For most threat models the key is still safe to use, but if your threat model includes nation state actors who can take your key for an afternoon, replace pre 5.7 units.