Is my Yubikey 5 NFC safe to use right right after unpacking it or should I set it up, change its settings, sprinkle it with holy water?
Example answers:
I'm going to stray from technicality here, but I would say that it would be very bad for Yubico's image if they supplied brand new keys that had been compromised from the supply chain.
I've had a non-NFC Yubikey for a few years now and it's so durable and nice to use I just bought a pair of NFC ones tonight. I could have saved a little bit of money getting them from Amazon but I went ahead and bought straight from the Yubico website. I won't be reprogramming the keys. I will use them straight outta the box as I never had trouble with my old key. The only possible compromise I could think of (this is for the over-paranoid) is that a government state may have knowledge of the keycode from the factory. But live with that sort of paranoia is not a healthy way to behave. The keys are great. The fact that you've bought one show that you're leagues ahead of anyone without one already, in terms of online security.