At launch, the 5Ci supports a variety of popular password managers, including 1Password, Dashlane, LastPass and Bitwarden. It’s also compatible with authentication services like Okta. In all those instances, you’ll be able to plug in the 5Ci into your iPhone, launch the security app of your choice and log in to an online account without ever entering a password. And if you happen to use Brave instead of Safari for web browsing, the 5Ci removes the need to first open a password manager first in the case of some online services.

The 5Ci also includes a USB-C port for when you need to log in through an Android device or computer. However, one limitation of the 5Ci is that it currently doesn’t work with the 2018 iPad Pro. We’ve reached out to Yubikey to find the exact reason for this limitation, but we suspect it has something to do with restrictions iOS 12 places on USB-C connectivity. That could change when iOS 13 comes out this fall. The Yubikey 5Ci also doesn’t work with any FIDO-compliant service or app out of the box. In a statement to The Verge, Yubico said third-party developers must add support for the 5Ci to their apps individually. A full list of compatible services is available on the company’s website.

If you’re not familiar with physical security keys, they’re currently one of the most effective ways to protect yourself against online hackers because they remove the need for passwords and one-time codes, both of which malicious individuals can easily intercept in the right circumstances. In 2018, Google said it was able to reduce successful phishing attacks on its 85,000 employees to zero thanks to a new policy of mandatory security keys.

However, at $70 the 5Ci is one of the more expensive security keys out on the market. If you’re looking for something more affordable, Yubico also offers the $45 YubiKey 5 NFC, which is similarly compatible with the iPhone. Another option is Google’s $50 Titan security key, which has the advantage of also working through Bluetooth. And while a security key will help keep you as safe as possible, most people need to start with a simple password manager, as reused passwords are the single largest culprit behind hacked accounts. Once you have a password manager, a security key like the YubiKey 5Ci is a good next step if you want to further secure your online accounts.

The problem in question occurs after the security key powers up. According to Yubico, a bug keeps “some predictable content” inside the device’s data buffer that could impact the randomness of the keys generated. Security keys with ECDSA signatures are in particular danger. A total of 80 of the 256 bits generated by the key remain static, meaning an attacker who gains access to several signatures could recreate the private key.

Fortunately, any affected customers will receive a replacement key. This isn’t the first time a security company has issued a similar recall. Google earlier this year recalled some Titan security keys after finding a Bluetooth vulnerability.

Not all Titan Security Keys have the bug, which Google says is due to a misconfiguration in the key’s Bluetooth pairing protocols. Only the Bluetooth Low Energy (BLE) model of Titan Security Keys contain the bug. If your Titan Security Key has a “T1” or “T2” on the back of it, it means it has the security bug and is eligible for a replacement from Google.

But even if your Titan Security Key has the bug, don’t stop using it while waiting for a replacement. Google warns that even a key with a security bug is safer than using no key at all. Just take extra precautions, such as using your security key away from other people and immediately unpairing it after you sign-in to your Google account. Google has more specific instructions for iOS and Android devices, which you can read here.

The large number of security flaws found in Bluetooth-enabled devices in recent years has raised questions of whether the technology is safe. YubiCo, Google’s competitor in the security key space, criticized Google for launching a Bluetooth-enabled security key. “BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience,” wrote the company in a blog post last year.

But the scope of the threat impacting the Titan security keys appears to be pretty small, according to Lauren Weinstein of People for Internet Responsibility. She added that using the Bluetooth security key for two-factor authentication is far safer than turning it off altogether or relying on SMS authentication. “(…the Titan security bug) needs to be fixed of course, and Google is doing that by offering free replacement keys, but for most users it is unlikely to be a problem in practice,” said Weinstein in a direct message to Engadget.