Connect with us

Hi, what are you looking for?


Identity & Access

New YubiKey 5C NFC Security Key Brings NFC, USB-C Connections

YubiKey 5C NFC

Yubico on Wednesday announced the release of YubiKey 5C NFC, the latest YubiKey 5 series security key, which allows users to authenticate through either near-field communication (NFC) or USB-C.

YubiKey 5C NFC

Yubico on Wednesday announced the release of YubiKey 5C NFC, the latest YubiKey 5 series security key, which allows users to authenticate through either near-field communication (NFC) or USB-C.

Yubico has been offering hardware-based authentication solutions with both NFC and USB-C, but this is the first device that combines both — the company says this is one of its “most sought-after security keys.”

The YubiKey 5C NFC can be used to authenticate on many email, IAM, VPN, social media, collaboration, and password management services accessed through smartphones, laptops and desktop computers running Windows, macOS, Linux, Android or iOS.

The list of supported authentication protocols includes FIDO2 (WebAuthn), FIDO U2F, PIV, OATH-HOTP and OATH-TOTP, OpenPGP, YubiOTP, and challenge-response.

The YubiKey 5C NFC, sold for $55, is protected against physical damage by a fiberglass-reinforced body and military-grade hardened gold. It’s also advertised as water- and crush-resistant.

Yubico says the new security key is also ideal for enterprises, which can use its YubiEnterprise services for fast and cost-effective procurement and delivery of the devices.

“Users are no longer tied to just one device or service, nor do they want to be,” said Guido Appenzeller, chief product officer at Yubico. “That’s why the YubiKey 5C NFC is one of our most sought-after security keys — it’s compatible with a majority of modern-day computers and mobile phones and works well across a range of legacy and modern applications. At the end of the day, our customers crave security that ‘just works’ no matter what.”

Security keys are considered a highly secure and efficient authentication solution but, just like any other product, they can also have vulnerabilities.

Advertisement. Scroll to continue reading.

Yubico last year replaced YubiKey FIPS security keys following the discovery of a cryptography-related issue that could cause RSA keys and ECDSA signatures generated on the device to have reduced strength.

Google also offered a free replacement for its Titan dongles last year due to a potentially serious vulnerability that exposed the devices to Bluetooth attacks.

Related: Yubico Replacing YubiKey FIPS Devices Due to Security Issue

Related: New YubiKey 5Ci Has Both USB-C and Lightning Connectors

Related: Google’s Titan Security Keys Vulnerable to Bluetooth Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...


The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...