Sorry, this deal has expired. Get notified of deals like this in the future. Add Deal Alert for this Item
Frontpage Deal

Yubico: Buy Two YubiKey 5 Series Keys and Get a Third YubiKey 5 NFC Key EXPIRED

B2G1 Free
+ Free Shipping
+70 Deal Score
76,734 Views
Yubico is offering Buy Two YubiKey 5 Series Keys, Get a Third YubiKey 5 NFC Key for Free. Shipping is free. Thanks jhoffmann271

Note, you must add 2 "single" Yubikey 5 keys and at least one Yubikey 5 NFC to cart to get the $45 discount.

Example DealAvailable Options
Share
Good deal?
You gave thanks to jhoffmann271 for this post.
Thank you!
jhoffmann271 posted this deal. Say thanks!

Original Post

Written by
Edited March 27, 2020 at 08:02 PM by
Yubico [yubico.com] has offer Buy two YubiKey 5 Series keys, get the third YubiKey 5 NFC for FREE.

Offer Terms: Customer must add the YubiKey 5 NFC to cart; the key is not automatically added. Discount is automatic in cart. Redeem at yubico.com only. Standard shipping and handling rates apply. Cannot be combined with other offers or coupons. Not valid for resale. No cash back. No cash value. Offer valid through March 31, 2020.

YubiKey 5 Series keys:
  • YubiKey 5 NFC
  • YubiKey 5 Nano
  • YubiKey 5Ci
  • YubiKey 5C
  • YubiKey 5C Nano

https://www.yubico.com/store/worldbackupday
If you purchase something through a post on our site, Slickdeals may get a small share of the sale.
Frontpage Deal
$9
92 118
$30.00
69 59
Frontpage Deal
$399
+ Free Shipping
72 107
Frontpage Deal
$279
+ Free Shipping
119 248
Frontpage Deal
Deal
Score
+70
76,734 Views
B2G1 Free

133 Comments

9

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2019
L2: Beginner
29 Posts
Original Poster
Pro
#121
Quote from aqan
:
thx... that explains the B2G1 dealhttps://static.slickdealscdn.com/ima...lies/smile.gif
do many financial institutions support the Yubikey? I understand you can still use the password manager and yubikey combination to protect the sites/apps which don't provide the native support.
Unfortunately, many financial services do not support the use of security keys:
https://twofactorauth.org/#banking
https://twofactorauth.org/#cryptocurrencies
https://twofactorauth.org/#finance
https://twofactorauth.org/#investing
https://twofactorauth.org/#payments

However, securing your email accounts, password managers, and other online services is still crucial as those can provide direct access to your financial services. For example, if your email account was compromised, they could reset your password and receive authentication codes sent to your email. I'm sure more and more services will adopt the use of YubiKeys in the future.
1
0
0
0
Reply
Last edited by jhoffmann271 March 28, 2020 at 04:39 PM.
This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2019
L2: Beginner
29 Posts
Original Poster
Pro
#122
Quote from alaindesjardins
:
I tried desktop, laptop and phone and can't click the button. It's not working for me. Idk why.
Try to submit a support ticket [yubico.com] or email them directly: order[at]yubico[dot]com
1
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2018
New User
7 Posts
10 Reputation
#123
Quote from sirlockeholmes
:
Pssh, not even FIPS 140-2 compliant.
Where my security nerds at?
They do have a FIPS certified model available if you're looking for one. https://csrc.nist.gov/projects/cr...icate/3517

However, this does not necessarily mean that the devices are any less secure or less useful. They simply have not submitted all models or the products in their entirety to be reviewed and certified. Without looking at their specs of each model, Yubico could claim FIPS compliant, where they believe they followed all of the necessary steps to meet certification level, but have not submitted them to be certified by NIST.

At the end of the day, most customers will not require FIPS 140-2 certification for the encryption modules unless attempting to achieve a level of compliance in their organization like NIST 800-171 or the upcoming CMMC. Even then, I believe you can suffice compliance requirements of the above without FIPS with workarounds and other means of checking off the box, so to speak.

edit: for typos and proper verbiage.
2
0
0
0
Reply
Last edited by UpbeatPickle641 March 28, 2020 at 07:03 PM.
This comment has been rated as unhelpful by Slickdeals users
Joined Apr 2018
L3: Novice
137 Posts
34 Reputation
#124
i might get this
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2013
L5: Journeyman
563 Posts
45 Reputation
#125
Quote from jhoffmann271
:
Try to submit a support ticket [yubico.com] or email them directly: order[at]yubico[dot]com
I disabled my ad blocking (Pi-Hole) and it loaded fine after that. Got my code within minutes of applying.
1
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Oct 2006
L3: Novice
293 Posts
63 Reputation
Our community has rated this post as helpful. If you agree, why not thank ?
#126
Quote from MrHalliday
:
Interesting... need to research the various models,
I have one old one that came free with a WIRED sub,
but have been waiting until I buy a spare.

I have had these in my Amazon cart for awhile,
The original is $20 and the 5's are $45,
same as Yubico direct.

Free shipping, so $90 cash out.
Not sure I need this. But I want it.

Indeed, put 3 in cart and the free one is indicated.
This is from the top of my head, so take it with a grain of salt Smilie

There are two main products we talk about here: The Security Key (cheaper, blue in color) and the Yubikey 5 (more expensive, black).

To understand the differences between these, it's important to have a basic understanding of how they can work. Basically, the most common ways to use these devices are: TOTP (let's not consider HOTP for now, since it's not used very much), FIDO U2F, and Yubico OTP.

In TOTP mode, the key uses an authenticator app on your computer (much like the Google Authenticator app for your phone). In this case, however, the app stores the cryptographic information in the key itself. This is the equivalent of typing your authenticator code, but only slightly more convenient (I don't remember, but I think the key can throw the digits as if you're typing them, but you still need the app). This mode is not supported by the blue Security Key, only by the Yubikey. IMHO, if your website only supports TOTP, you'd be better off using a software only authenticator such as Authy (which even saves credentials in the cloud.).

The next mode, FIDO U2F is where things get interesting. Here, the browser talks directly to the key and requires you to push a button on the key. This mode is very convenient and safe. Support for it is growing. This is what Google, Facebook, Dropbox, Github and others use. Both products support this mode. You don't have to pay a lot for the Yubikey if this is all you want (which is probably true for most people.)

Last but not least, we have the Yubico OTP mode. This mode is used by very few websites (Lastpass being one that comes to mind, and I don't have it enabled as I would need to carry the key with me everywhere I go, which I don't do). In this mode, you hold the key contact when the website asks for a password, and the key generates a special, one time password. This password is really long and contains your key ID, which the website uses to cryptographically verify if you are who you say you are. Again, this is used by very few websites (that I know) but if you want to use a Yubikey with Lastpass, you'll need the Yubikey.

So, which one should you buy? In my opinion, neither. You can buy a yubikey 4 on eBay for $15 (Brand New). It does not include support for "FIDO 2" (which I honestly never seen anyone requiring as it is pretty new) or NFC (meaning that you cannot use it with your cell phone just with your desktop/laptop.)

TL;DR: If you want to use a Yubikey with an NFC enabled phone, buy the Yubikey 5. If all you need is to authenticate websites on your computer, buy the Yubikey 4 on eBay for $15 and save your money.
3
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2005
My # is bigger than yours
35,346 Posts
6,336 Reputation
#127
Quote from lobsang
:
This is from the top of my head, so take it with a grain of salt Smilie

There are two main products we talk about here: The Security Key (cheaper, blue in color) and the Yubikey 5 (more expensive, black).

To understand the differences between these, it's important to have a basic understanding of how they can work. Basically, the most common ways to use these devices are: TOTP (let's not consider HOTP for now, since it's not used very much), FIDO U2F, and Yubico OTP.

In TOTP mode, the key uses an authenticator app on your computer (much like the Google Authenticator app for your phone). In this case, however, the app stores the cryptographic information in the key itself. This is the equivalent of typing your authenticator code, but only slightly more convenient (I don't remember, but I think the key can throw the digits as if you're typing them, but you still need the app). This mode is not supported by the blue Security Key, only by the Yubikey. IMHO, if your website only supports TOTP, you'd be better off using a software only authenticator such as Authy (which even saves credentials in the cloud.).

The next mode, FIDO U2F is where things get interesting. Here, the browser talks directly to the key and requires you to push a button on the key. This mode is very convenient and safe. Support for it is growing. This is what Google, Facebook, Dropbox, Github and others use. Both products support this mode. You don't have to pay a lot for the Yubikey if this is all you want (which is probably true for most people.)

Last but not least, we have the Yubico OTP mode. This mode is used by very few websites (Lastpass being one that comes to mind, and I don't have it enabled as I would need to carry the key with me everywhere I go, which I don't do). In this mode, you hold the key contact when the website asks for a password, and the key generates a special, one time password. This password is really long and contains your key ID, which the website uses to cryptographically verify if you are who you say you are. Again, this is used by very few websites (that I know) but if you want to use a Yubikey with Lastpass, you'll need the Yubikey.

So, which one should you buy? In my opinion, neither. You can buy a yubikey 4 on eBay for $15 (Brand New). It does not include support for "FIDO 2" (which I honestly never seen anyone requiring as it is pretty new) or NFC (meaning that you cannot use it with your cell phone just with your desktop/laptop.)

TL;DR: If you want to use a Yubikey with an NFC enabled phone, buy the Yubikey 5. If all you need is to authenticate websites on your computer, buy the Yubikey 4 on eBay for $15 and save your money.
Iagree
0
0
0
1
Reply

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2016
New User
1 Posts
10 Reputation
#128
Quote from lobsang
:
So, which one should you buy? In my opinion, neither. You can buy a yubikey 4 on eBay for $15 (Brand New). It does not include support for "FIDO 2" (which I honestly never seen anyone requiring as it is pretty new) or NFC (meaning that you cannot use it with your cell phone just with your desktop/laptop.)
Isn't it risky to buy a security device, like a yubikey, in ebay?
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2018
New User
7 Posts
10 Reputation
#129
Quote from Nebur
:
Isn't it risky to buy a security device, like a yubikey, in ebay?
In my professional opinion, yes, it's absolutely a risk. Especially so far below normal list price (the YubiKey 4 usually retailed for $40-$45 each). Direct from manufacturer, trusted/known partnered vendor or distributor recommended. Prevents everything from refurbs advertised as new, knock-offs/imitations, and tampering/hidden components on board. Plus warranty/easier returns if there's an issue.

Couple extra bucks for peace at mind.
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2016
New User
16 Posts
10 Reputation
#130
How do I get this deal to work?
1
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2019
L2: Beginner
29 Posts
Original Poster
Pro
#131
Quote from BrettD8652
:
How do I get this deal to work?
Unfortunately, this deal is no longer valid. The promotion ended sometime yesterday. I will mark this deal as expired.
1
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Oct 2006
L3: Novice
293 Posts
63 Reputation
#132
Quote from UpbeatPickle641
:
In my professional opinion, yes, it's absolutely a risk. Especially so far below normal list price (the YubiKey 4 usually retailed for $40-$45 each). Direct from manufacturer, trusted/known partnered vendor or distributor recommended. Prevents everything from refurbs advertised as new, knock-offs/imitations, and tampering/hidden components on board. Plus warranty/easier returns if there's an issue.

Couple extra bucks for peace at mind.
What attack profile can you imagine here?

BTW, yubikey has a page where they verify if your key is genuine: https://www.yubico.com/genuine/
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Oct 2006
L3: Novice
293 Posts
63 Reputation
#133
Quote from Nebur
:
Isn't it risky to buy a security device, like a yubikey, in ebay?
It should be safe. Their firmware is non-upgradeable, so people cannot replace it with a malign version. From the security standpoint, it's actually riskier buying a low end USB drive on eBay than a yubikey. Their blog entry says so itself, with details: https://www.yubico.com/blog/yubikey-badusb/. Also, you can always check if your key is genuine online at https://www.yubico.com/genuine.

Don't listen to fear-mongering about the keys on eBay being much cheaper. The price you see on the yubikey website is very different from the price wholesalers (and liquidators) get.
0
0
0
0
Reply
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2018
New User
7 Posts
10 Reputation
#134
Quote from lobsang
:
What attack profile can you imagine here?

BTW, yubikey has a page where they verify if your key is genuine: https://www.yubico.com/genuine/

I've already listed the biggest one that comes to mind from a security standpoint; imitation. Something that looks like a Yubikey, but has another function. Someone who is familiar or previously owned a Yubikey would likely pick up on it. However, new users would be unsuspecting.

Additionally, take a look at anything on BadUSB, O.MG cable/USBHarpoon, etc..
With cheap microcontrollers under $5 and $10, and storage options available that are the size of your fingernail, just about anything has the ability to be weaponized.

Is it likely to occur? Eh, probably slim unless you're a high value target or the threat actor is looking for mass deployment, throwing mud to see what sticks.
Is it possible? Absolutely.
Is this a legitimate attack vector or recon opportunity? I would say yes

In regards to your verification tip, which is great. (Thanks for sharing that). The problem with one of the scenarios is that it requires you to plug the device in:
"Insert your security key, click verify device..."
At which point it may already be too late or has done its damage if there is something malicious at play.

As for your fear mongering comment, it's fine to disagree. That's the neat part about opinions; everyone has one and they're never wrong.

You never know if you've been too careful, but you know when you weren't careful enough.
0
0
0
0
Reply
Page 9 of 9
9
Join the Conversation
Add a Comment
 
Link Copied to Clipboard