Hardware keys for 2FA

I currently use the Duo Mobile app for 2FA.
One point of friction is that to login to my uni or their vpn, I have to send a push to my phone.
It’s not terrible, but I’m wondering if a Yubikey or similar might allow me to just touch the key, rather than digging my phone out, waiting for it to unlock with my watch if masked, etc. Duo has a watch app, but it’s hit and miss as to whether it works, or if I need to use my phone.

My understanding is a Yubikey can be used in conjunction with 1Password (and others) as well.

I’ve looked at the website, but it’s a bewildering array of options and things I’m not familiar with.

Keep a nano installed? (Seems less secure)

Use NFC?

Use the 5C with NFC for phone and for USB-C with laptop/desktop?


The cheapie series?

Looked here on the forum, but there doesn’t seem to be a recent cohesive discussion.

Thanks for any advice, pointers to RTFM, or white papers.

It’s an excuse to buy an Apple Watch if you don’t already have one. Duo authentication is great on the watch!

Oh, I saw that it’s been hit or miss for you. It pretty much just works for me.


hardware (physical) security key is always the most reliable and secure option. Yubikey is one of the mainstream providers but tends to be more on the expensive side. However, they have many options to suit your needs. Personally, I use a 5Ci. It is a personal choice depending on the type of computers , gadgets you have

1 Like

Personally as a Yubikey user for many years with Google and Lastpass (Now moving on to bitwarden which also supports yubikeys) I can only recommend it.

Which one to get really depends on your usage and where to use it.
The Product finder quiz can help you deciding.

I am currently considering two new keys.
One Series 5 Nano and a Series 5C.
The Nano to sit in the laptop and maybe a lanyard to quickly take out the nano when not at the computer.
Or it might just be in the docking station at home and then I’ll use the 5C for when outside home.

And one of the reasons I use the series 5 is the possibility for putting GPG keys and certificates on the keys.

I can not tell you which one to use but I do hope my thoughts can help you.

1 Like