Is a Yubikey backup always needed?

I’m getting a yubikey to use instead of app-based 2FA and was wondering if I need a backup key if I only ever use the key at home when asked for it. I won’t be prompted for the yubikey at every login so I wouldn’t be carrying it outside. Assuming I don’t travel, I don’t see the benefit of having a backup. For now, I’m not sure I should get the backup key now or only after I decide to travel.

the backup key isn’t just for traveling, it’s also for if/when a key goes bad or gets damaged enough to no longer work. so yes, you should get a backup key from the beginning. if the cost is too much, just save up until you can get two keys at once

5 Likes

If you plan to use yubikey as a security key (even the cheapest blue one supports FIDO2/WebAuthn, but only the pricier series can be used for yubico authenticator app), it still depends.
e.g. Proton services force you to opt in to TOTP and only then you can register your security key, Bitwarden allows for multiple 2FA methods simultaneously. Should you use FIDO2/WebAuthn alone, storing back-up key/ recovery code could theoretically do in case you lose your only one key, but here me out.
You can use other means for authentication, not just Yubikey. Any phone: iOS, stock android, heck even Pixel running GrapheneOS with Google play services installed can serve as an authenticator for many services asking for a security key. Windows Hello too, so your Yubikey can BE the backup.

1 Like

Pixels can be used as a security key but I don’t think iPhones can. For now, I’m probably getting a second key if/when I set the first one up and verify it works well on my devices.

I think it’s called passkey, been using it on the iPhone myself

iPhone passkey seems to allow you to add passkeys but not add the iPhone itself as a passkey