Is YubiKey For Encrypted Email Worth It? (Pros & Cons)

Good password practices are the first step to keeping your emails and files secure. Creating a strong password and using password managers is essential. But if two-factor authentication (2FA) is an option, it is always better to have that extra layer of security. YubiKey is one way to make 2FA work for you, but would it be worth it to get a YubiKey for encrypted email?

YubiKey is effective at adding an additional layer of security to an already secure platform like encrypted email. Those with very sensitive emails may find YubiKey worth it for the improved security. Still, the added cost and limited mobile device support make it impractical for most home users.

Understanding the purpose of YubiKey, together with the limitations of encrypted email, is essential to determining whether YubiKey is worth it for encrypted email. Your current situation is also a crucial consideration in making this decision. Let’s assess all sides of the matter and then determine if you need YubiKey to help protect your encrypted emails.

is yubikey for encrypted email worth it

How Can A YubiKey Help Protect Encrypted Email?

First, we need to explain that when we talk about encrypted email, we are not talking about emails that are sent over SSL/TLS connections that are still unencrypted or partially visible on the server (like most popular email services). Proper encrypted email, like that offered by services like Tutanota and ProtonMail, is end-to-end encrypted.

This means that the email is never in an unencrypted state at any point between sender and recipient. Regardless of where the email may be hijacked, it will be encrypted, and its contents obscured from anyone who’s unauthorized to view it.

Best VPN Overall
Best VPN Features

The problem is that anyone with the necessary passwords can still gain access. It’s often easier to get someone’s password through a process of social engineering or phishing than it is to brute-force through encryption. So a password, no matter how strong, can be the weak spot in any secure, encrypted system. 

Multi-factor authentication is the logical solution to this. Even if someone gets access to your password, they still need the confirmation code or OTP to get access to your encrypted email. But there are also ways around this, using techniques like sim spoofing. 

Enter YubiKey. Having a physical device on your person that you can use to prove that you are who you say you are before being granted access to your emails means that there is an added, unhackable step involved. Depending on the version of the YubiKey, you will have to authenticate using an additional password or even biometrics.

But what if your YubiKey is stolen? That’s why you should never rely on ONLY the YubiKey as the authentication method. It should be an additional layer of authentication along with your strong password and 2FA. And if your YubiKey happens to be lost or stolen, it’s quick and easy enough to remove your association with that key and re-associate with a new one.

For those who have reason to be extra cautious about their security and privacy, using a YubiKey with encrypted email is a great solution. Not only are you sure that a compromised password alone won’t compromise your emails, but you can also know that your emails won’t be accessed without you explicitly knowing about it.

YubiKey And Encrypted Email: The Drawbacks

yubikey and encrypted email

As we mentioned, it could be beneficial to use YubiKey with your encrypted emails. However, there are a few drawbacks that could make it a little less worthwhile.

YubiKey Only Protects One End Of The Conversation

Remember that your end of the encrypted emails is not the only part that needs protection. The recipient has access to the same conversations, and if they don’t use encrypted emails, or if they don’t also use YubiKey, all your efforts may be in vain. A lot of the privacy of your conversations relies on the discretion of the recipient and their email provider.

YubiKey And Encrypted Email Both Have Price Tags

If you use a good, high-end encrypted email service, you are probably paying extra for it. This price will depend on the service you’re using, but all the best ones cost a bit of money. YubiKey adds some additional cost to this protection. Though it may not be much, with YubiKeys ranging between around $15 and $80, it’s still extra over and above the price of encrypted email.

YubiKey’s Mobile Device Support

YubiKey works on almost all platforms. It connects flawlessly with all PC platforms through its USB-A or USB-C connector, including Windows, macOS, and Linux. It also has NFC connectivity so that it can be used on most Android devices. However, support for Apple’s iOS and iPadOS is still not perfect, with a Lightning connector only recently added. Users of older YubiKey models will have problems.

iOS is one of the most widely used and popular mobile operating systems, so it’s good news that there is now an option to use YubiKey with it, especially since most encrypted email platforms have native iOS and iPadOS apps. But you must have one of the newer YubiKey models to be able to use this feature.

So Is YubiKey Worth It For Encrypted Email?

is yubikey worth it for encrypted email

YubiKey adds an additional layer of authentication, keeping your encrypted mailbox even safer than it already was. This is not to be underestimated because someone who desperately wants to get your password can often put in just enough effort to make a phishing or social engineering attempt look authentic. If your password is compromised, YubiKey is a lifesaver, sometimes literally.

But with all things considered, encrypted email is already a fragile thing, to begin with. Because you don’t usually have control over the recipient’s server, connections, or how they deal with their emails (like printing it out and forgetting it on a desk somewhere), there is already no guarantee that your conversations will remain safe, private, and encrypted.

Unfortunately, YubiKey offers no salvation from this flaw. User error is the primary weakness in any form of security, and your total vigilance could easily be made useless by the recipient’s lack of it. 

For this reason, more than any other, it is probably not worth using YubiKey for encrypted email. The only exception would be people like journalists or activists who need the added security, perhaps even to protect lives, and who are already using technology like a VPN or Tor to ensure that they are untraceable. 

If emails on the recipient’s end cannot be traced back to you even if they get leaked, a YubiKey can ensure that there’s absolutely no proof that the email originated from you. In that case, the added effort and cost may indeed be worthwhile.

Conclusion

YubiKey is an incredible device for all security-conscious netizens. Knowing that there’s one last, virtually unhackable layer of protection can be comforting. Most users have many potential uses for YubiKey, but encrypted email may not be one of them. Combining YubiKey with encrypted email may sound fantastic, but it’s not really worth it for most everyday internet users.

Best VPN Overall
Best VPN Features
Recommends:

Recommends: