• expired

50% off 2x YubiKey 5 NFCs, 2x YubiKey 5C NFCs, 1x YubiKey 5 NFCs & 1x YubiKey 5C NFCs + $5 Delivery @ Yubico

1480
BRAVE50

Best deal I've seen from the offical YubiKey store. Even thou the AUD dollar isn't the greatest at the moment this is a pretty good deal.
I saw this offer while using my Brave browser. But it looks like you can still purchase on Google Chrome browser.

coupon code wasn't implemented right so it works against one. add two, apply, remove one. Credit to maybe a bot.

Note:
• All prices are in USD. Shipping to Australia = $5 USD.
• International transaction fees may apply on your credit or debit card. (I use my ING debit card which waves the fees)
• Might need to use the Brave browser to purchase.

Choose from:
• Two YubiKey 5 NFCs (2pack)
• Two YubiKey 5C NFCs (2pack)
• One YubiKey 5 NFCs and One YubiKey 5C NFCs (2pack)

*Coupon Promotion Terms:
This coupon will expire on August 26, 2021 at 11:59pm PT and is valid only at Yubico.com/store. This redemption is valid for 50% off two keys, including YubiKey 5 NFC and YubiKey 5C NFC. Keys procured with this redemption are Not For Resale. A maximum of two keys may be present in the cart for this coupon to work. No other products from the Yubico store may be present in the cart. Redemption code cannot be combined with other offers or redemption codes. Standard shipping and handling rates may apply. International shipments may be subject to customs fees and duties. Yubico reserves the right to cancel and refund orders associated with this discount code. No cash or value for code or product. Redemption code required at time of checkout.

Related Stores

Yubico
Yubico

closed Comments

  • +22

    coupon code wasn't implemented right so it works against one. add two, apply, remove one.

  • +18

    You can get a (single) "free" yubikey if you subscribe to ArsTechnica for $50 - a very high quality tech news site (that I read daily).

    20% off the 2nd key you buy.

    • Which model

      • New Ars Pro++ subscribers get their choice of the YubiKey 5 NFC (a $45 value) or the YubiKey 5C (a $50 value), both of which add convenient 2FA security to protect your online accounts, networks, and more. In addition, Ars Pro++ subscribers get a code good for $20 off when you order 2 YubiKey 5 Series keys or more. Doesn’t apply to Yubico’s Security Key Series. Free shipping to almost anywhere!**

  • +2

    literally bought 3 like a week ago :(

    • +1

      same here, just bought 3 about week ago…

      • +2

        what do you use these for?

        • you can use these wherever hardware-based authentication is necessary,
          eg. with Bullish.com

          it's a physical "key" (like a password)

        • I store my GPG private key on it, but it can also be used a 2FA device to generate codes during sign in

          • @mbm: What are you using GPG for?

      • +1

        Are we seriously aiming for triple redundancy MFA now? I'm just thinking about getting a second since that's actually recommended

        • +1

          1 - primary
          2 - on-site backup
          3 - off-site backup

        • I'm cheap so my 3 lets my wife and I have 1 each and a shared backup.

  • +1

    I think the discount was implemented right, the wording at checkout says "+ 50% OFF up to two keys. Max order size two." which implies an order of 1 is okay

    • yeah their terms are weird. still, it seems like it was promoted to OP primarily in a bundle of 2.

      im ordering 2 anyway, im not taking the chance of losing my damn keys and my accounts at the same time

  • I really must read up more on these things. Are they a form of 2FA, in a physical form?

  • Wondering if that could be useful to connect to work VPN in one touch instead of inputting credentials every single day ?

    • -2

      No

      • +1

        Actually it works for my work (Cisco VPN). Check with your IT team. You enter credentials then MFA with key tap.

        • Ah yeah, nah, we don't use MFA so I guess I'll still have to input credentials

        • +1

          instead of inputting credentials

          You enter credentials

          Actually

      • Yes, depends

      • lol

    • +1

      Yes it's possible depending on your companies infrastructure. It's called passwordless authentication and is in their website documentation. Forward the link to your IT team to see if they can configure it for you.

    • +1

      Yes depending on your VPN config at work.

      Our setup allows staff members to authenticate via their Smart Card or via Yubi Key if they're accessing content on their phone.

      We can enable passwordless login but due to security reasons staff members will still have to click the link sent to their phones to authenticate the sign in process.

  • +4

    Just bought a single type a key, ended up being A$39.61 delivered through paypal. Not bad at all, thanks op

    • how sway?

      • +1

        Probably got the USB-A single for 27.5USD delivered

        • Yep, added two yubikey 5 NFC to cart and removed one, code still applies as other commenters found

  • Doesn't work with windows Hello. Bit disappointed.

    • Is Hello the same as Outlook online? If yes, it works for me with Hotmail account.

      • +1

        I guess not then, yubikey says on the product page that WIndows Hello isn't supported at this time.

    • Confirmed. Would love to use these in a corporate environment alongside Windows Hello authentication. Not possible at the moment.

      • Various Yubi Keys do work with hello, you just have to make sure you get a compatible one. Yubi have a table of which ones work.

        • I should have been more specific - I mean enterprise level, centrally managed Windows Hello with Azure AD joined and managed (eg. Autopilot) devices, Azure AD identities (AAD Connect synced to AD). No one I know has been able to get it working with any Yubikey (5 series or security key series).

          If you know anyone who has been successful please point me in their direction.

          • @airtime: Which company?

            • @sqeeksqeek: Not sure what you mean. If you mean which company employs me, I am not going to say here.

              • @airtime: Why not? You've got the… airtime 🤣

                • @sqeeksqeek: Most corporate organisations have policies that guide employees in what they can and cannot do re: public comment. I can't say who employs me without risking disciplinary action. In any case, the rationale behind such policies are mostly sound and they exist for good reasons.

          • @airtime: I did it previously with Autopilot/Intune managed however that was using now defunct Yubi Key app. There are 3rd party solutions now that specifically offer Yubi Key for Azure AD joined devices with WHFB

            • @gromit: Thanks gromit. Do you know the names/websites of the 3rd party apps? We have looked into solutions like those offered by SecureW2 and others - but they don't uses the TOTP functionality of the Yubikey, rather they just use the Yubikey to store a certificate - not much different to using a standard USB key.

              • @airtime: no all the ones I have looked at use certificate, though what is wrong with that? Certs on the key are just as good as a TOTP as long as you are managing the Certs correctly.

                PS: and no it is not the just the same as putting the cert on a USB as a USB doesn't prevent the private keys being exported or the key being copied.

                • @gromit: It's mainly an issue with value/cost. If you are just using the Yubikey as a certificate store / USB based certificate delivery, there are much cheaper ways of performing that.

                  edit: re, your addition under ps - the key only has to hold the public key, not the private key.

                  Thank you for your suggestions and input.

                  • @airtime: you should NEVER be using a public key for authentication, if you are then yes it would be no better than a USB stick with the cert on it. the key has to hold BOTH, the public key being accessible the private key not. So while I haven't used the 3rd party solutions I would be shocked if they relied only on the public key being present.

                    • @gromit: ?

                      Public key is used to encrypt the combination of a nounce, timestamp, and perhaps other ID info. That cypher text is sent to secure central server that decrypts with private key. If it confirms the plaintext is valid, authentication is allowed for that factor. Obviously the process is a bit more complicated than that. But it is perfectly secure encrypting using only your public key. Having ONLY the public key available on the portable authentication factor is FAR more secure. I am a bit baffled why you think having both private and public key available is more secure to just having the public key available.

                      Keep in mind these devices are SOMETHING YOU HAVE. The are an additional factor used alongside other factors. I've never seen one where you have to authenticate to the key first before use.

                      Anyway, this is off topic for this thread.

                      • +1

                        @airtime: Interesting and very strange way to do it. It is supposed to be the reverse, you encrypt with the private key and use the public key to verify. If that is the way they do it then I agree it is awful and breaks every rule around certs and security. Private key should never leave the device and is the proof you are you. A public key can be put anywhere and is easily moved or exported. Private keys should not be accessible to your authenticating service and no having the public key only is not more secure, it is significantly weaker as it can be moved from the device, private key should exist is precisely one place and never leave that place and that is in the hands of the authenticating device.

                        PS: and thankfully a quick read on SecureW2 it doesn't work the way you are suggesting, it does it properly with the private key.

      • But it can be used in a corporate environment without using Windows Hello can't it? We don't use Windows Hello where I work.

  • Just a newbie need to know which one to go for 5 NFC or 5C NFC ?, i have never used this

    • +5

      5C NFC if you have USB-C ports on your computer (and/or phone)
      5 NFC is you have the older USB-A type ports on your computer

      • Phones have NFC so USBA gives you more coverage.

        • … and a ruling is due soon that might make Apple have USB-C for EU iPhones. I went for 5C as I have a C->A adaptor 🤷🏻‍♂️

          • +1

            @sqeeksqeek: lol if this happens then I will be buying my first iPhone.

          • +1

            @sqeeksqeek: Apple will almost certainly remove the charging port entirely if they can't use lightening. They've been moving that direction for years anyway. The EU is also looking at the supported wireless standards but Apple supports Qi which is the most common, so chances are they can comply with any legislation by outright removing the port which many people think they are going to do soon enough anyway.

            There's very little Apple accessories or devices aimed at the iPhone that need the port. Even their latest battery pack uses wireless instead of the port. CarPlays the only really problematic area as uptake of wireless CarPlay has been a bit slow, but they can probably create a wireless adapter to convert cabled units to wireless anyway if needed (and some third parties already have options to do this).

    • +2

      Depends what you want to plug it into. If you have Mac made in the last five years or a newer Windows machine with USB-C, you want to 5C.

    • +2

      5 NFC is for the normal USB type A port.

      5C NFC as the name suggest, for USB-C. This will fit all modern laptop and phone.

      • *5Ci if you have modern laptop and iPhone

        • +2

          Surely for iPhone and any phone with NFC you'd use that over it plugging in? Curious if there's a use case for plugging it into phones, as I'm thinking getting USB-A for backwards compatability.

          • +3

            @tycho: USB-A for more compatibility + seems more durable imo. Even with future USB-C dongles will most likely have USB-A port

            • @dingdong3000: This is why I hate Apple's decision to remove USB-A from their Macbooks.

          • @tycho: Oh yeah, good point.
            I have no idea why Ci exists then.

  • Awesome, wanted a Yubikey for a while, but needed two for the redundancy and it was feeling a bit expensive.

  • I saw this offer [for a 2FA device] while using my Brave browser

    Tell us you're privacy/security-conscious without telling us you're privacy/security-conscious.

    • I thought the same thing but then I noticed the coupon code is 'BRAVE50'.

  • +3

    does anyone use together with bitwarden?

    • +2

      You'll need to be on one of the paid plans or self-host vaultwarden for that.

      If you self-host, obviously make sure that you have the database backing up to somewhere remote on a regular basis.

    • +3

      Yes, I use these with Bitwarden.

      Please note - if you turn on 2FA with Bitwarden it applies to all devices you use Bitwarden on. In my case that means I need a 5 NFC, 5C NFC and 5Ci to cover all devices and allow off-site redundancy.

      MacBook Pro = 5C, 5C NFC or 5Ci
      Older Windows laptop = 5 NFC
      Newer Windows laptop = 5C, 5C NFC or 5Ci
      iPhone = and of the NFC versions or 5Ci
      iPad 8th Gen = 5Ci (non-pro iPads don't have NFC)

      So I must have a 5Ci and 5 NFC but also have an extra 5C NFC setup for off-site redundancy.

    • Yes, would highly recommend. Pay $10 for bitwarden premium, worth every penny IMO.
      PC - 5c
      Iphone and ipad - 5ci x 2

  • Nice. Literally was thinking about replacing my 2 old USBA keys for NFC.

  • +1

    Just note that the most important services (imo) like major banks, don't support this MFA. Quite disappointing. Use it for my emails mostly.

    • +5

      I've not once seen a bank that had anything other than dogshit security/authentication. The only upside is knowing your assets are backed by their insurance should anything happen.

      • +4

        Too right.

        Westpac IB is the worst I’ve seen:
        • no 2FA
        • max 6 digit password

        • +2

          Can’t agree more on this, Westpac IB security is worse. I couldn’t believe they force you have short password

          • +3

            @naru6705: Troy Hunt, who is a respected voice on cyber security, has done a blog post about arbitrary restrictions on passwords imposed by banks, and how that's bad, but not as bad as it seems.

            https://www.troyhunt.com/banks-arbitrary-password-restrictio...

            Summary

            So wrapping it all up in reverse order, arbitrary low limits on length and character composition are bad. They look bad, they lead to negative speculation about security posture and they break tools like password managers.

            But would I stop using a bank (as I've seen suggested in the past) solely due to their password policy? No, because authentication in this sector (and the other security controls that often accompany it) go far beyond just string-matching credentials.

            Let's keep pushing banks to do better, but not lose our minds about it in the process.

            • @ragrum: The only secondary authentication I've had with Westpac is SMS 2FA and only when transferring money. It's yet another feature that's lacking. I'm positive they also use other data like geolocation, ISP data, matched browser profiles and such but so does every other half baked service out there.

      • This is why you should use a password manager, secured 2FA, and have unique passwords for every thing you have.

  • I don't want to use up my Type-C port on my computers so it's better to get the Type-A right?

    • It doesn't have to stay in, once you are in, take it out

      • Isn't it a hassle to plug and unplug every time you need to login to something?

        • If it's always plugged in and someone gets remote access, then it's not really working.

          • +2

            @kulprit: Aren't you supposed to touch it?

            • +1

              @Yanoflies: Correct. Leaving it plugged it won’t hurt. Obviously bad idea to leave it unattended though.

              • +1

                @fault: Turns out the Nano versions aren't included so I will try the portable one to use as a take-with-me key.

                • @Yanoflies: Same here, looking for Nano version, but not included in the promo

  • "This coupon will expire on August 26, 2021 at 11:59pm PT"
    Isn't that 4:59 AM on August 27 in AEST? As in ~7 hours ago?

    • +1

      No, PT is -7 GMT so in about 4 hours 45 mins from now. Currently PT time is 7:15pm on the 26th.

  • Question for those in the know - are there downsides/compatability issues related to the FIPS version? The extra price seems small for what appears (on the face of it) to be compliance with a higher security accrediation standard.

  • We currently use Authy for the 2FA and use it on multiple devices. Just wondering what would be the major benefit of Yubikey over it (assuming that we get two of the keys).

    • +3

      Little bit simpler than entering a code, you just plug it in and press the button (Also don't have to worry about time expiry)

    • +1

      I would also add "stronger" authentication. There are different forms of 2FA. Some are "stronger" than others. Authy primarily supports TOTP which is widely adopted. YubiKeys support this too in addition to others including a "stronger" one: WebAuthn. This is what people generally refer to as the "touch it when prompted" experience.

      WebAuthn is stronger because it's phishing resistant — it doesn't rely on a shared key/seed (it uses public key cryptography & you never disclose your private key which is securely stored on the security key), there are no 6 digit codes to send (and therefore be phished & be used in replay attacks), there is origin binding (in simple terms, that means a fake phishing site won't be effective), etc.

      • +1

        Thanks. I have been using TOTP with Authy and I thought it was fairly secure. Having said that, I am open to better options. Grabbed two of these keys to test it out. The major challenge I have is convincing my partner to get on board. It was hard enough to convince them on Bitwarden/Authy combo.

        • +1

          Yep I hear you on the partner front :)

          TBH not many apps/services support security keys yet but I still get value out of it for the ones that do e.g., Google, the major cloud providers, GitHub, 1Password, etc.

          Tip: If you're ok with Google SSO to apps/services that support it, then you'll also get the "strong" authentication benefit there too by extension.

          • @fault: Good point. I usually do not use Google SSO but I suppose this would be a very strong reason to do so. Thanks for the info. Appreciate it.

  • +6

    Be patient with the delivery. Last Yubikeys that I ordered directly from Yubico took 2 months to arrive in Sydney.

  • I've got some Solokeys that are still taking their time to arrive, as a first foray into utilising physical keys. As I haven't been able to play around with them yet, is it possible for the 2 different types of keys to co-exist interchangeably?

    • Most websites will allow you to register multiple security keys.

  • I am getting "This coupon isn't valid."

    Edit: seems to work in incognito window

  • Thanks, picked up 2x 5C NFC.

  • Can I plug the usb C into the Mx Keys wireless KB and have it work?

Login or Join to leave a comment