YubiKey 5C NFC hands-on: How this tiny gadget keeps your online accounts super-secure

A YubiKey 5C NFC resting on a wooden surface alongside an Android phone and a laptop.
(Image credit: Yubico)

Responding to popular demand, security-key maker Yubico today (Sept. 9) released its latest model: the YubiKey 5C NFC, which combines a USB-C male plug with wireless near-field-communications (NFC) for truly secure two-factor authentication (2FA).

The new YubiKey retails for $55 and can be used to log into any Windows, Mac, Linux, Android or iOS device that has either a USB-C port (such as most modern laptops, Android phones and iPad Pros) or NFC support (most Android phones, iPhones running iOS 13.3 or later, iPads running iPadOS 13.3 or later). 

"The YubiKey 5C NFC is one of our most sought-after security keys," said Yubico Chief Product Officer Guido Appenzeller in a press statement. "It's compatible with a majority of modern-day computers and mobile phones and works well across a range of legacy and modern applications."

Of all the various 2FA second factors -- texted codes, authenticator apps that generate codes, push notifications, and so on -- hardware security keys are arguably the most secure. 

Physical security keys can't be phished or spoofed like texted or generated codes. Google claims that it has had no successful phishing attacks upon its employees since it began making them use security keys for 2FA. 

The only downsides are that you've got to buy the security keys (prices start at about $10 but can go up to $70) and then have them physically nearby when you're setting up a new account, setting up an app or logging into an account from a new device. 

It's best to register more than one security key for each account, and then carry one with your regular house and car keys while storing the other in a safe place.

A YubiKey 5C NFC on a keychain with a YubiKey 5Ci.

(Image credit: Yubico)

Hands-on with the YubiKey 5C NFC

We received an YubiKey 5C NFC in advance and tried it out. Setting up our Google account with the YubiKey 5C NFC took just a few seconds. Plugging the key into the USB-C port on our Windows 10 PC, we were able to log into Gmail using the Brave browser with no problem. 

Setting up the YubiKey 5C NFC with LastPass, then using USB-C port to log into the LastPass Chrome extension on Windows 10 was just as easy. So was setting up the YubiKey 5C NFC with our GitHub account, then logging into GitHub on Chrome.

However, we had a harder time using the YubiKey 5C NFC on our OnePlus 5 Android phone. We couldn't use it to log into the Google or GitHub websites in the Brave browser, whether by plugging it into our phone's USB-C port or by tapping it to the back of the phone to get the NFC reader to notice. Nor could we get it to log into the LastPass Android app.

A YubiKey 5C NFC on a flat surface with an iPhone and a MacBook.

(Image credit: Yubico)

That's probably not Yubico's fault. We couldn't get any NFC-enabled keys, including a YubiKey Neo and a Google Titan Key, to log into Gmail or GitHub through the Brave browser. Plugging the YubiKey 5Ci into the USB-C port didn't work either. 

We finally had success with the GitHub Android app. It didn't recognize the YubiKey 5C NFC when it was plugged into the phone's USB-C port. But when we tapped the key to the back of the phone and pressed the button, the phone let out a happy chirp acknowledging an NFC connection and logged us into GitHub. 

For the moment, you might want to keep an authenticator app, such as Authy, Google Authenticator, Microsoft Authenticator or Yubico's own authenticator app, as a backup in case a security key doesn't work on your phone. But using a security key like the Yubico 5C NFC with a desktop or laptop is an easy way to greatly improve your account security.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.