Look into Solo key, Nitro key, OnlyKey, and Tillitis Tkey for varying levels of functionality. View Black Friday Deal at Amazon. Simply connect your Nitrokey 3 to the computer and the graphical interface will automatically detect the device and guide you through the firmware update process. The YubiKey 5Ci with Lightning connector and USB-C connector is priced at $75. When you're ready, click on Security Key, and then Add Security Key. At first glance, both the Yubikey and FIDO may not have stark differences between them, as they are both U2F security keys. You can look up the difference between Yubico Security Key and YubiKey 5 series yourself. Make sure to install a firmware more recent than version 1. Nitrokey Storage also allows you to create hidden volumes whose existence can be plausibly denied. The yubikey is faster and feels sturdier without needing a cap. The majority difference is instead of a USB-A connector it has a USB-C and Lightning connector. Henry5321. The U2F model is still the basis for FIDO2 and compatibility for existing U2F deployments is provided in the FIDO2 specs. NitroKey seems to be the most recommended, and version 3 promises some great new features. Solokey is a Level1 fido device, meaning it is safe from general malware, but not an OS compromise. 2. The new Nitrokey 3 is the best Nitrokey we have ever developed. proprietary Y*** OTP. The YubiKey 5Ci FIPS is FIPS 140-2 certified (Overall Level 1 and Level 2, Physical Security Level 3) and based on the YubiKey 5Ci. It offers NFC, USB-C and USB-A Mini (optional) for the first time. Additionally, RSA and Yubico’s FIDO-based authentication solution for the enterprise, YubiKey for RSA SecurID® Access, is expected to be generally available on March 9, 2020 for current and prospective RSA customers. Help center. Keychain vs Nano) you want. The Nitrokey is much bulkier than the Security Key NFC and can’t match its build quality. There also are areas where the YubiKey 5 series and certain Nitrokey models offer more features than the Librem Key. Yubiko: Similar functionality, robustness (Water, Dust, mechanical impact), no driver/addon required. FIDO CTAP2 is responsible for the external factor, like a security key (link to security key page in glossary), communicating with the website or account using the authenticator. However, they designed it using stronger security software,. 3 should solve this by introducing main window, which is shown right on application's start. Safari comes with full support. Interestingly, this costs close to twice as much as the 5 NFC version. Other nitrokeys are open hardware but run a smartcard (hsm or pgpcard) and those firmwares are not fully open. it has become so easy for people to hack into your. GnuPG successfully recognizes the Nitrokey 3 as an OpenPGP Card (development version of the firmware required). g. Secondly: I would like to pass my Nitrokey HSM 2 and/or a YubiKey 5 Series to a VM, but they're not listed as a devices capable of being passed through. Improved compatibility with OpenSSH: If you use OpenSSH with resident keys, you can now. It's our recommended security key for first-time buyers or. Support for the Nitrokey 3 was added in libccid 1. Find the YubiKey product right for you or your company. onlykey. omg - stay. I use ed25519 where i can (some sites don't support it) and RSA keys for sites that don't support it (azure devops *cough* *cough*). This has the added benefit that I can store part of my os decryption password on my OnlyKey and have the OnlyKey enter it for me. and ships from Amazon Fulfillment. I confirm what @ricsi says - the secure element cannot be powered over NFC at the moment. Once you have made sure that both your user account and. Security Key NFC can be used to log into Gmail and Google. It's our recommended security key for first-time buyers or. These two qualities mean that. The Yubikey 5 series, on the other hand, is the most advanced in terms of looks and features – coming in the USB-A, Nano, and USB-C. prajaybasu. Growth - month over month growth in stars. But for any other service that doesn't use FIDO2 as 2FA, you'll have. Passwordless Login and Two-Factor Authentication; Secure Administration of Servers and IoT With SSH; Phishing Protection; Security For Cryptocurrency Exchanges And Bitcoin Startups; Support. Ideal for remote maintenance and for ensuring product authenticity. Also per usb Kabel (pc) oder per Powerbank,. Compared to the. 5 Understanding the LED indicator 3. 8. 2. With the YubiKey product finder quiz, you will find the solution that fits your unique needs. Defend against remote attacks and eliminate remote extraction of private keys by storing cryptographic keys securely on hardware. If you're on the fence, buy the 5 now, it's well worth it and will last you years. 999. ago. arrow_forward. Yubikey 5Ci has a dual-connector (USB-C + Lightning) allowing use with pretty much any iPhone. The bottom line is that if you can afford the Yubikey 5 NFC get it as you have additional functional over the Security key. If you’re Google-centric your existing keys are great. only uses fido2 level 1 not level 2. The YubiKey 5 NFC is $50 and, along with the other variants in the YubiKey 5 series, it supports all the standards of the Security Key NFC but also OATH-TOTP,. To use security keys from the YubiKey 5 FIPS Series as a Level 2, more stringent initialization is required than for Level 1. Yubikey 5 has incorporated the improved Fast Identity Online-FIDO 2 standards and the Universal 2 nd Factor-U2F standards. That provides the baseline time of GnuPG decrypting the file. Now we focus on the support of a first elliptic curve. The YubiKey 5 NFC looks like a very thin flash drive. 676772] usb 1-1:. With a simple touch, it protects access to computers, networks, and online services for the world’s largest. For this it is mandatory to update to a current pynitrokey version (>= 0. Two-factor authentication and passwordless login for unlimited number of accounts (FIDO U2F, FIDO2) Signed firmware updates. Extra-Locksmith-1142 • 2 yr. Yubico’s YubiKey 5 NFC — which uses both a USB-A connector and wireless NFC — is the best key for logging into your online accounts. kdbx file and enable the network. g. The Nitrokey HSM2 and YubiKey 5 NFC provide hardware-level protection to SSH authentication, making it more secure than traditional password-based. The overall objective for FIDO2 is to provide an extended set of functionality to cover additional use-cases, with the main driver being passwordless login flows. Near Field Communication (NFC) Keep your online accounts safe from hackers with the Security Key by Yubico. It works by generating 2-step verification codes on either your mobile or desktop device through OATH-TOTP security protocol. VAT. Onlykey: Is manufactured in the U. It's small—a little shorter than a house key. These keys offer an additional layer of security that goes beyond passwords or two-factor authentication. 218: There we see the performance of the four keycards I tested, compared with the same operations done without a keycard: the "CPU" device. There is a tear point on the back of the card which exposes the key. It offers NFC, USB-C and USB-A Mini (optional) for the first time. The ykman tool used to manage YubiKey is user-friendly and provides a simple interface. A Company minimum standard of 6 chrs is not enforceable on. iOS also comes with complete support. Most important changes: The Secrets functionality is now enabled and available. Is the Security Key Series right for you? When choosing between our keys, you have multiple options, such as the Security Key Series or the YubiKey 5 Series YubiKeys. They're perfect for every laptop or desktop PC, and models with NFC work great for Android phones. Kunzisoft. Afterwards you can begin to generate new keys. The Nitrokey Fido U2F security key delivers two-factor authentication for the most popular sites on the web, and does so with impressive open-source bona fides. Insert the YubiKey and press its button. But overall I highly recommend it. Nitrokey vs. 4. When logging into an account with a YubiKey registered, the user must have the account login credentials (username+password), and the YubiKey registered to the account. If you just want U2F/FIDO/Webauth the security key is the right choice. The Trezor is mainly a hardware wallet, which enables you to store your coins safely, as well as receive and send a massive range of cryptocurrencies – not just Bitcoin. 59 x 0. The YubiKey 5 Series prices range from $45 for the 5 NFC to $60 for the 5C Nano. I have already successfully stored an OpenPGP certificate on the Yubikey. Your Nitrokey FIDO2 does not have NFC but still costs a few more: 29 EUROs, though such a small price difference does not matter. When I check the Nextbox app>Remote Access - Status. This link says you can use Yubikey PIV Manager to enforce some basic PIN complexity requirements (require at least 3 different character types in the PIN). 00 $ 50. The number of passkeys on a security key may be limited, however. They. The YubiKey is an extra layer of security to your online accounts. The YubiKey 5 FIPS Series hardware with the 5. $10. Nitrokey 3 Firmware Update 1. Purism Librem Key (Photo Credit: Purism, SPC) Figure 2. It provides the strongest level of authentication to Twitter, Facebook, Gmail, GitHub, Dropbox, Salesforce, Duo, Centrify and hundreds more U2F and FIDO2 compatible services. The YubiKey is an extra layer of security to your online accounts. Yubico OTP. In order to protect your KeePass database using a YubiKey, follow these steps: Start a text editor (like Notepad). Yubico has been the pioneer in this sector and many of us use Yubico keys every day. There’s a bunch of other keys available, what makes nitrokey stand out?Once a YubiKey is registered, the user’s PIN should be changed if the default value (123456) is still set. Security, privacy and ease of use with modern hardware and software updates until 2028. Therefore I won’t benefit from a Yubikey giving me TOTP codes for 2FA. after you log in on the client pc then it will take you though importing the cert and setting up the pin for the yubikey 6. Made in the USA and Sweden. The new Nitrokey 3 is the best Nitrokey we have ever developed. The New Nitrokey 3 With NFC, USB-C, Rust, Common Criteria EAL 6+. That being said I think the main objection to the yubikey is that they're using closed source software on the key. The NitroPhone combines security, privacy and ease of use with modern hardware and many years of software updates. €65 EUR excl. I wrote to both companies why to buy their product. The majority difference is instead of a USB-A connector it has a USB-C and Lightning connector. I've never used an OnlyKey. ) allow an everyday user to store PGP keys and use them to encrypt email, harddrives and so on. They. Install OpenSC . 4. Yubikey is closed source and this posts bugger is closed as well. See the release notes on GitHub for more information. NitroTablet 1. Your Nitrokey FIDO2 does not have NFC but still costs a few more: 29 EUROs, though such a small price difference does not matter. I wrote to both companies why to buy their product. There is nitrotool as a more comfortable frontend to OpenSC. In terms of accessibility, the Yubikey 5 is more advanced in its use, since you can use it for both computer/laptop and mobile. Our development of the OpenPGP Card application for the Nitrokey 3 is beginning to bear fruit. 3+ with a FIDO2-supported browser. in the name of security via obscurity. Reply blueskin • Additional comment actions. 22 Wenn der Stick Strom hat. I am more concerned it is mentioned that even Nitrokey FIDO2 token has a chip weaker than NK Pro2 from a security point of view. The YubiKey 5 Series is the industry’s first set of multi-protocol security keys to support FIDO2 / WebAuthn, the open. The main benefit with your own server is that you are in full control over all AES keys programmed into the YubiKeys. I have a yubikey 4 and a nitrokey and I use the former on a daily basis (and the nitrokey as a backup). The Security Key C NFC is a simpler security key that sacrifices the features found in the YubiKey 4 Series for hefty cost savings. Update: the deal is for up to 10 Yubikey 5 NFC or 5c NFC! The code they email you is good for one purchase. I believe NitroKey has been trying to compete, but a lot of their features are still in "To Be Announced" phase. It will work with just about every account that. They offer the most wide variety of protocols. Though Nitrokey have been audited by Cure53. Not really. For that, it's excellent. #. In my opinion its not worth paying $100-120 (depending upon region) for a security key when other cheaper better alternatives available. dedyn. LastPass does not use FIDO/U2F, it uses Yubico OTP. . Activity is a relative number indicating how actively a project is being developed. • 3 yr. KeePassXC kann kostenlos hier. Typical USB tokens (Nitrokey, YubiKey. In configuration. Once the user has logged into his account, he can change the PIN of a YubiKey connected to his system as follows: Use Ctrl+Alt+Del to enter the lock screen. Currently the discount code YK18EG gives 20% of Yubikeys but not the Security Key NFC or Yubikey FIPS. NitroKey (everything is on Github : code + hardware + layout)/OpenPGP cards (card readers are expensive and not so common). Strong hardware-based security ensures the highest bar for protection of sensitive information and data. YubiKey 5 NFC ($45) supports all the functions of the Security Key NFC ($27) and a bit more. On the other hand, the Nitrokey Pro is a. Nitrokey offers Nitrokey Storage 2, Nitrokey Pro 2, Nitrokey Start, Nitrokey HSM, and Nitrokey FIDO U2F. The Yubico one is cheaper, supports NFC, and exists with USB-c so you can use with smartphones, but the Nitrokey is open source. . 21 and you can get your hands on the USB drive solution for a small price. 47 x 1. USB-C and lightning bolt. Nitrokey is an open source hardware USB key for data encryption and two-factor authentication with FIDO. Some of the features of the keys require client software provided for free by Yubico, or manual device configuration. 2. Look into Solo key, Nitro key, OnlyKey, and Tillitis Tkey for varying levels of functionality. Yubikey works with 2fA making it hard to break into your device with just a password. It is my. The best Nitrokey alternatives are Authy, YubiKey and Microsoft Authenticator. Our crowd-sourced lists contains more than 10 apps similar to Nitrokey for Android, Windows, Linux, iPhone and more. 3 Responding to a challenge (from version 2. g. With two-factor authentication (2FA), the Nitrokey 3 is checked in addition to the password. One-time passwords (OTP) and conventional static passwords are supported. The Nitrokey FIDO2 supports two-factor authentication (2FA) and passwordless authentication: With passwordless authentication, entering a password is replaced by logging in with the Nitrokey FIDO2 and a PIN. The 5Ci is the successor to the 5C. 3. Secondly: I would like to pass my Nitrokey HSM 2 and/or a YubiKey 5 Series to a VM, but they're not listed as a devices capable of being passed through. devices. Yubikey is by far the most popular and therefore might be compatible with the most services, but it's also closed source. $55 (-ish) keys also support GPG + PIV + HMAC + several other features. Yubikey Vs Solokey. Encrypt your emails with GnuPG, OpenPGP, S/MIME, Thunderbird or Outlook. GnuPG successfully recognizes the Nitrokey 3 as an OpenPGP Card (development version of the firmware required). 59 x 0. It has external keys to enter the pin which makes it for my understanding impossible to grab the pin (s) with a keylogger. Learn about my experience with this device after I've used it for over a year and whether it's worth getting. com at a retail price of $80 for the USB-A form-factor and $85 for the USB-C form-factor. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria. The Yubikey 5 series has functionality that only a small portion of users need. 2 Updating a static password (from version 2. That's almost too many for a Yubikey 5, and it's completely out of scope for the keys you are looking at. Unfortunately the supply of PCBs for Nitrokey 3C NFC has been delayed by three weeks. ago. The new Nitrokey 3 is the best Nitrokey we have ever developed. However, the most noticeable feature would be the variety of keys you can get in the Yubikey – totaling up to five. 0 interface as well as an NFC. The only difference between the 5 series keys is how they communicate with your devices. Interestingly, this costs close to twice as much as the 5 NFC version. 4. The New Nitrokey 3 With NFC, USB-C, Rust, Common Criteria EAL 6+. arrow_forward. Right now the keyfile in a DO is not protected by a PIN it seems. The YubiKey 5Ci with Lightning connector and USB-C connector is priced at $75. You will be redirected to the setup experience. 2 Set counter to 0. The first obvious observation is that using a keycard is slower: in the best scenario (FST. There's a touch-sensitive gold circle in the middle and a hole. dedyn. A recent discussion on Reddit indicates that Yubikey OTP sometimes causes trouble when logging in to Bitwarden, suggesting that the Yubikey OTP option should not be enabled for Bitwarden; on the other hand, another contribution to the same discussion states that Yubikey OTP is required to get NFC to work on iOS. Yubico changes the game for strong authentication, providing superior security with unmatched ease-of-use. It seems that Yubikey would be good for that because it has both Linux and Windows support. YubiKey 5. Look for instructions for yubikey ssh authentication using gpg-agent. Interestingly, the K10 is roughly $5 USD more than the T2F2-mini, while the feature-set between the two is the same. The Yubikey Authenticator app can accept both to set up the key. YubiKeys support multiple protocols including Smart Card and FIDO, offering true phishing-resistant MFA at scale, helping organizations bridge from legacy to modern authentication. Nitrokey 3 is an open source hardware USB/NFC key aiming for data encryption and two-factor authentication. Product documentation. The Yubikey 4 has multiple factors, being the Nano and the Yubikey 4 itself. But I have not found anything about the physical security of Fido2 keys (authentication keys as well as the HMAC-secret. However, the most noticeable feature would be the variety of keys you can get in the Yubikey – totaling up to five. 4. Generally speaking, firmware updates that add significant features would be a new model entirely. The built-in PIN pad, with functionality to erase the key after 10 failed attempts, gives it a different look and dynamic compared to others. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria EAL 6+ certified secure element,. The all-round best security key. There is nothing else included with the key. as it finally allows me to use my YubiKey for SSH authentication on my phone. Multi-protocol. Encrypt Emails. See full list on howtogeek. In theory it has USB, NFC and Bluetooth - so more options than YubiKey - but in practice it doesn't work for Microsoft account and I have contact issues using it in BitWarden Android. Tags. Can multiple 5 keys simultaneously work with the Yubikey TOTP Authenticator app (with the 4, the app says that more than one key can't be connected at the same time)? No. With older YubiKeys, logging in requires putting in a PIN and then tapping the key. 676772] usb 1-1:. Gamer10222 • 2 yr. Different models include different features, similar to NitroKey models. Open the decrypted file with KeePassXC by entering a password and pressing a Yubikey button for HMAC-SHA1. In KeePass' dialog for specifying/changing the master key (displayed when. The new Nitrokey 3 is the best Nitrokey we have ever developed. The Yubico YubiKey Bio does one thing very well: It protects your online accounts with biometric multi-factor authentication. The YubiKey 5 NFC does just about everything you could ask of a security key. 99. To diagnose issues with your Nitrokey 3 device, you can use the nitropy nk3 test command. Even if they did update the firmware in newer runs of the keys, there's no guarantee that the old ones have cleared the channel. Everything we recommend Our pick Yubico Security Key The best security keys $25 from Yubico (USB-A) Buy from Amazon (USB-A) Upgrade pick Yubico YubiKey 5 Series More features, but twice the. I will appreciate your help with these. And while I was prepeared to miss out on some features in return, the app provides every comfort I'm used to from my previous. The only true open hardware and open source key is the Nitrokey Start, running Gnuk firmware. Even among other Nitrokey products, the Nitrokey FIDO2 is a bit of an odd duck. 715. Now that USB-C is. Only Nitrokey HSM has advanced key management features such as m-of-n access protection, key policies etc. By the end of the year (2023), the infrastructure bits should mostly be all rolled out across the 3 large providers (Apple, Google and Microsoft). [deleted] • 2 yr. 0 final points. Only Nitrokey HSM has advanced key management features such as m-of-n access protection, key policies etc. 7. TermBot - SSH with YubiKey, Ni. Nitrokey HSM With Windows. Then, take that secret key and manually type it into a TOTP app: head -n 1 /home/ sammy /. 15. Trustworthy and easy-to-use, it's your key to a safer digital world. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria. The YubiKey 5 Series keys support a broad range of protocols, such as FIDO2/WebAuthn, U2F, Smart card, OpenPGP, and OTP. I have a Nitrokey FIDO2 key, which I have linked to various sites that support FIDO2 and FIDO U2F. Having a YubiKey removes the need, in many cases, to use SMS for two-factor. To protect your Apple ID with a security key on an iPhone or iPad, head to Settings and tap on your name at the top of the screen followed by Password & Security > Add Security Keys. $55 (-ish) keys also support GPG + PIV + HMAC + several other features. Edit: to slightly clarify because I've been unclear here - I understand the benefits of webauthn/FIDO2 generally, (even if I get the terminology mixed up sometimes 🤦♂️) but believe the FIDO2 spec that's used to authenticate for 2FA by a yubikey works in largely the same way and has largely the same level of security as passkeys using. The Yubico Security Key NFC is the most affordable security key you can get today, and one of the most well made keys available. The 5 Nano and 5C Nano cost $50 and $60 respectively, and are designed to live inside your ports semi-permanently. The New Nitrokey 3 With USB-A Mini, Rust, Common Criteria EAL 6+. Solokey is a Level1 fido device, meaning it is safe from general malware, but not an OS compromise. Both keys store different kinds of "files" of keys. Convenient: Connect the YubiKey 5 Nano to your your device via USB-A - The “nano” form-factor is designed to stay in your device, ensuring secure access to your accounts at all times. Dimensions: 0. That's where Yubikey keeps the market. YubiKey 5 NFC is easier to use than Nitrokey HSM2. Use the YubiKey Manager to configure FIDO2, OTP and PIV functionality on your YubiKey on Windows, macOS, and Linux operating systems. The Bottom Line. 11 of 11 Nitrokey alternatives. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria EAL 6+ certified. The YubiKey 5 Series eliminates account takeovers by providing strong phishing defense using multi-protocol capabilities that can secure legacy and modern systems. Google Titan Key (USB-A) $30. Nitrokey offers Nitrokey Storage 2, Nitrokey Pro 2, Nitrokey Start, Nitrokey HSM, and Nitrokey FIDO U2F. Nitrokey HSM is based on the SmartCard-HSM, can store up to 60 ECC-256 bit keys or up to 48 RSA-2048 keys, enables administrative operations (e. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria EAL 6+ certified secure element,. They offer the most wide variety of protocols. Once you’ve recovered your existing key, you can either manually type it into your authenticator app or fill in the relevant details in the URL below and have Google generate a QR code for you to scan. 2. Nitrokey 3 - Test Firmware Release. Help me understand the differences with the YubiKey 5 NFC ? (other than price and name) I'm trying to figure out what improvements have been made and if I should switch to the YubiKey 5 NFC. 150: FST-01 : 8. Click the one that. On the other hand, the FIDO does not have. Criteria¶ Company policy says we have to compare/contrast at least three vendors during our selection process. The Nitrokey is much bulkier than the Security Key NFC and can’t match its build quality. For those that already enabled Yubikey support, it will be mostly minor changes. YubiKey Security token Peripheral Computer hardware Computer Information & communications technology Technology. 0) 4. It's our recommended security key for first-time buyers or. It offers NFC, USB-C and USB-A Mini (optional) for the first time. It also doesn't support NFC. The Series 5 also supports protocols like Smart card, OTP, and. borden July 11, 2023, 1:23pm 3. remove the 2FA from the account, 2. Only good thing about Nitrokey over yubikey 5 series is that it is using a open source firmware and firmware can be updated to add any additional features or fix a critical vulnerability. The 5 series offers additional functionalities. Image: Yubico. 7 by 2. The 5th generation YubiKey has arrived! Our new YubiKey 5 Series is comprised of four multi-protocol security keys, including two much anticipated new features: FIDO2 / WebAuthn and NFC (near field communication). Nitrokey 3 Firmware. EDIT about Thunderbird:If the Nitrokey 3 shows up, it is recognized correctly by pcscd and there might be an issue with the application that tries to access it. The YubiKey 5C NFC that I used in this review is priced at $55, and it can be purchased from the Yubico website. The Nitrokey 3 firmware is written in Rust. 3 by 0. YubiKey 5 Series – The world’s #1 multi-protocol security key. In particular, numerous. $25 USD. $50. re-enable 2FA on. (especially Yubikey, which was interesting for me because of the integrated button, and I decided for Nitrokey. The YubiKey 5 FIPS Series is IP68 rated, crush resistant, no batteries required, and no moving parts. GnuPG will now ask for the current Admin PIN, and the new Admin PIN. 3 to switch between the alpha and stable firmware for the Nitrokey 3. The Security Key is a stripped down, cheaper version of it, essentially. 21 and you can get your hands on the USB drive solution for a small price. Documentation for users is available in the Nitrokey 3 section on docs. The best security key of 2023 in full: (Image credit: Yubico) 1. 5 . [176309. NitroPad NS50. It performs a number of tests to determine the state of your device. Although every Git "blob" is hashed using SHA-1, this is only useful as an integrity check, i. fail to find the right spot! Q: What happens if I lose my device? When securing accounts using FIDO (two-factor authentication and passwordless login), you should. It seems that Yubikey would be good for that because it has both Linux and Windows support. 5 out of 5 stars 1,400 1 offer from $55. This update brings the following changes: Improved stability on Windows 10: The Nitrokey 3 works more reliably for Windows 10 users. I would recommend getting 2 YubiKey 5 NFC and if you cannot afford right now, get one, then get another when you can afford to. My usage: 4 YubiKeys. Only good thing about Nitrokey over yubikey 5 series is that it is using a open source firmware and firmware can be updated to add any additional features or fix a critical vulnerability. The YubiKey 5 NFC has six distinct applications, which are all independent of each other and can be used simultaneously. Two popular hardware security keys are the Nitrokey HSM2 and the YubiKey 5 NFC.