Hey everyone, I’m thinking about getting a set of security keys mostly to play with as I think it might be a little outside my threat profile, but now I’m stuck deciding between the Yubico Security Key and the Yubikey 5 Series. I know this site recommends most users just go for the cheaper option (and since you’re buying two, it is something to consider) but thinking about services that don’t support key based authentication, is it worth upgrading to the 5 series to use yubico authenticator?
More generally, does the average person even really need hardware keys?
Absolutely not. If you’re pretty sure your threat model does not warrant it, I don’t recommend spending your money on them. They are more for other reasons where security is paramount.
But since you’re asking, why do you think you need them?
I would also add the option of using a hardware wallet as a security key.
For example a Trezor Safe 3 cost only around 79$, but supports U2F, FIDO2, many crypto currencies, has a display and because of the seed backup you only need one.
Note: U2F is directly derived from the seed, but FIDO2 needs to be backed up to a file, but the file is encrypted with the seed.