Skip to content

Securitykey - My review

Created: 17th October 2022 - Updated: 26th January 2023


In every situation, i want to up my security a little higher all the time.
This time i found out about Yubikeys, but did not buy before Cloudflare gave away keys for a discounted price.

My experience and info

I have now had them for a few weeks, and can see now that im going to continue using Yubikeys beacuse its more secure, but also makes login faster than TOTP or APP-confirmation.

Some of the services also have some red flags when using Securitykeys.
Some requires a less-secure factor to be set, but in my eyes, this then lowers the security to the weakest factor in the mix.
Take Protonmail as an example, it requires TOTP as a factor when having Securitykeys, then the security-bar is set to the height of TOTP and not the Securitykey, lack of security in my eyes.

Microsoft is also lacking when they require Email or SMS as fallback, i can see from their perspective that you will NEED a non-key factor to login to services from them without having a windows machine, but Email or SMS? No thanks.
If i want to have security-key only auth, then give me the option
If i need to accept warnings and sign-in problems, then okay, BUT GIVE ME THE OPTION.

Some requires FIDO-PIN to be set, some does not.
FIDO-PIN is set either through the Yubikey manager, or when registering the key to a service that requires FIDO-PIN.
If you forget the PIN, then you will not be able to login to websites you have enrolled your key to (Where PIN is required)

I have gathered and documented the services that i use that support Yubikeys, but also the ones that supports the use of Android or Mac as securitykey as well. And what services that requires FIDO-PIN to be set.

I have in this table opted to only use FIDO/U2F 2-factor options and not OTP options.


Site Yubikey Support Android-Key Support Mac-Key Support 🚩 Red Flags 🚩
1Password ✅ ✅ 🚫 TOTP required as fallback
Apple ✅ PIN required 🚫 🚫 Needs iPhone, iPad or Mac to setup or change key settings.
Sign in on Apple Watch, Apple TV, or HomePod requires a iPhone or iPad
Bitfinex ✅ ✅ 🚫
Cloudflare ✅ PIN required ✅ ✅
Coinbase ✅ ✅ 🚫
Dropbox ✅ ✅ ✅ SMS or TOTP required as fallback
Ebay ✅ PIN required ✅ 🚫 SMS or APP required as fallback, 1 key only
Facebook ✅ PIN required ✅ 🚫
Github ✅ ✅ ✅ TOTP or SMS required as fallback
Google ✅ ✅ 🚫
Hetzner ❎ OTP
Microsoft (Personal) ✅ PIN required ✅ 🚫 Login to Desktop apps is not possible on non-Windows machines,
2 fallback options required (Email or SMS).
Microsoft (Azure AD) ✅ PIN required 🚫 🚫 Login to Desktop apps is not possible on non-Windows machines
Nicehash ❎ OTP
NordVPN ✅ ✅ 🚫
OVH ✅ 🚫 🚫 Requires setup with legacy U2F, this does not work on chromium based browsers
Paypal ✅ 🚫 🚫 Buggy setup, Other Method required, 1 key only
Protonmail ✅ ✅ ✅ TOTP required as fallback
Stripe ✅ ✅ ✅
Twitter ✅ ✅ 🚫
Wordpress ✅ PIN required ✅ ✅ TOTP or SMS required as fallback