I must, sadly, withdraw my endorsement of yubikey 4 devices (and perhaps all newer yubikeys), as apparently Yubico has replaced all open-source components that made yubikey NEOs so awesome with proprietary closed-source code in Yubikey 4s:https://github.com/Yubico/ykneo-openpgp/issues/2#issuecomment-218446368
Our team will be evaluating NitroKey Pros as devices to replace yubikeys (https://www.nitrokey.com/
) and I will follow up here with the results and general recommendations once our testing is complete.
If you are already using yubikeys, there is no need to replace them, as this will not result in a net improvement in security -- especially if you are only using them for one-time password functionality (press the button to emit a 6-digit code). If you are looking to get a device for storing your private PGP keys, I recommend against using Yubikey 4 devices -- but NEOs are okay, as they still use open-source code.
I strongly believe that all security devices must be powered by libre software and I am saddened at the steps taken by Yubico to make yubikey 4 a black-box platform.