Security news that informs and inspires

Yubico Adds NFC-Enabled and Lightning Security Keys


The people holding off on enabling strong two-factor authentication on their various accounts are quickly running out of reasonable excuses. This week, that list got even shorter when Yubico launched an NFC-enabled hardware security key that works wirelessly, as well as a separate key with a Lightning port connector for Apple hardware.

The Security Key NFC is a modified version of the existing YubiKey, which has a single USB-A connector. The addition of the NFC (near field communication) capability allows people to use it with some Android mobile devices as well as some Windows laptops that have NFC readers attached. Like the other Yubico keys, the Security Key NFC supports both the FIDO2 and U2F (universal 2d factor) protocols for 2FA.

“With the option of multiple communication methods, this one key is able to deliver a simple and seamless user experience across multiple devices for strong multi-factor, two-factor (2FA), and single-factor passwordless authentication,” Ronnie Manning of Yubico said in a post.

With many people using their mobile devices as their main computing and communications platforms now, NFC-based 2FA is becoming a vital feature for hardware security keys. The current generation of USB-based keys work well for laptops and desktops, but generally aren’t usable with mobile devices. Yubico last year announced an integration of its NEO keys with iOS, but that required some work on the part of app developers.

The new Security Key NFC isn’t the lone option for NFC-based 2FA. Google sells its own Titan security key bundle, which includes an NFC key and a separate USB key. Those keys are mainly meant for use with Google’s own services, such as Google Cloud and its Advanced Protection Program, but also can be used on third-party services. An open-source alternative also exists, the Solo Key, and the team behind that project plans to have an NFC-enabled key available in the coming months, as well.

The other new key Yubico introduced at the Consumer Electronics Show this week has both a USB-C and a Lightning connector, enabling people to use it with both iOS devices and macBooks. Current MacBooks only have USB-C ports, so using a hardware security key requires an adapter. The YubiKey for Lightning eliminates that requirement, and also adds the ability to use it with iPhones and iPads.

Many popular services, including much of Google’s portfolio, Facebook, Twitter, some online banking apps, and others give users the ability to use U2F hardware keys for 2FA, and more sites are making the option available all the time. Hardware keys give users a strong defense against account-takeover and phishing attacks and are considered much more resilient to attack than SMS-based 2FA schemes.