Yubikey 5

Yubico’s flagship product, the Yubikey 5 is one of the most feature complete security tokens on the market.

Vendor Website Purchase from Yubico Purchase on Amazon

Yubikey 5

FIDO2 Certification

Has been certified by the FIDO Alliance as conforming to FIDO2 standards

More Info

FIDO L1 Certification

Certified by the FIDO Alliance to meet L1 Security Standards

More Info

Management Application

Vendor provides applications that extend or configure the device

Android management application

Management application runs on Android smartphones with appropriate hardware (NFC, BLE, etc)

MacOS management application

Management application runs on MacOS

Windows management application

Management application runs on Windows

Resident Cryptographic Keys

Supports U2F/WebAuthn discoverable/resident authentication keys

More Info

Resident ECDSA keys

Supports ECDSA discoverable keys

Resident ED25519 keys

Supports ED25519 discoverable keys

PKCS#11 SmartCard

Conforms to PKCS11 SmartCard interface standards

More Info

Stored passwords

Supports stored, static passwords, usually configured with a vendor-specific application

U2F Authentication

Conforms to the U2F Authenticator/WebAuthn standard

More Info

YubiOTP

Enables use of Yubico YubiOTP one-time-passwords

More Info

Yubikeys are credited with starting the personal USB token industry, and for good measure. With the fifth generation of yubikey comes a unification of the overall line. The 5ci and Nano lack NFC, but the classic Yubikey series has NFC as a standard feature.

In addition to U2F functions, the YubiKey supports PKCS#11 PIV (Smart Card) functionality. For more information, see Yubikey as a PIV Compatible Smart Card on the Yubico website.

Using the Yubikey with other services

The Yubikey series supports OpenPGP keys as well as other cryptographic functions through the SmartCard interface.

Several community guides exist on these topics:

• Configuring OpenPGP and Yubikeys (the “Ultimate Yubikey Setup Guide”)
• Yubikey GPG and SSH Auth on Windows and WSL

TOTP/HOTP and the Yubikey series

Yubikeys support TOTP and HOTP through the Yubico Authenticator application. This application allows adding and removing TOTP and HOTP credentials. These are stored on the key, not on the phone or desktop, however it is not possible to retrieve the secret once the values have been added.

ED25519 support in SSH U2F

Support for ED25519 is limited to firmware 5.2.3 and above (supporting FIDO2). (source) This may be important to you if you have concerns over ECDSA.