Yubico Yubikey - increasing your authentication for services

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,089
Location
USA
Anyone else here use or consider using a 2FA key like Yubico's YubiKey 5 NFC? If you're not familiar with these, they are a physical token that is used to provide strong authentication for many different services/devices. They have a quiz if you are curious what version of their device to consider if you're interested.

I just bought two keys right from their site and they have a 20% off code (YK18EG) that can be used on the YubiKey 5 NFC for up to three keys. The typical recommendation is to buy two keys and keep one in a safe spot in case you lose the primary one. I won't have mine for a few days to give any feedback but was curious what others think about using physical keys to help improve their authentication and security.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
Anyone else here use or consider using a 2FA key like Yubico's YubiKey 5 NFC? If you're not familiar with these, they are a physical token that is used to provide strong authentication for many different services/devices. They have a quiz if you are curious what version of their device to consider if you're interested.

I just bought two keys right from their site and they have a 20% off code (YK18EG) that can be used on the YubiKey 5 NFC for up to three keys. The typical recommendation is to buy two keys and keep one in a safe spot in case you lose the primary one. I won't have mine for a few days to give any feedback but was curious what others think about using physical keys to help improve their authentication and security.
I don't quite understand the need. Would this device automatically log into SF for example when it is plugged into any computer?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
I have one in a drawer. The only place I deployed it properly was when I was very active in the bitcoin stuff. Google Authenticator is just so much easier for most things, and adds at least 50% of the security?

@LunarMist: It doesn't make logging into stuff easier, instead it makes your accounts more secure. In addition to using a password, you also have to use the thing to authenticate. This makes password compromises much less effective.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,089
Location
USA
Something must be broken with your web browser if it's not loading. The page loaded the list in less than 3 seconds for me. Yes this YubiKey (and other versions) work with Microsoft accounts. Check out the video in the link.

This YubiKey should be better than those old RSA key generators. The YubiKeys are rugged and should have more than enough session counters to last you 7+ years or longer. They also support the RSA SecurID via FIDO U2F so you can use it in lieu of the RSA key fob.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
Yeah, it is Windows 7. Of course if Yubiclo is a good idea and works well I'm 100% sure we won't implement it. :(
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,089
Location
USA
Our upper exec's (ceo/cofounder/etc) at work are required to use these keys for their accounts.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
We've considered it, but probably won't be able to until a few older members of management retire. Next couple years ;)
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,089
Location
USA
I got my YubiKeys in the mail and I spent some time going through accounts to enabled them. They seemed to work seamlessly so far. Even when logging in on my phone I can scan the key via NFC very easily. Now I have reduced some potential security threats when it comes to authentication via mobile SMS. I've disabled SMS authentication making it more challenging if I ever become a target/victim of sim swapping. Obviously nothing is full-proof or 100% certain but this cuts down on some potential factors.
 

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,552
Location
USA
I was thinking about getting one to use with LastPass as a 2nd way to have 2FA. I use the authentication app right now but the YubiKey seems like a good backup if I don't have access to the app.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,089
Location
USA
Looks like they're taking care of it. Mine wasn't affected based on the list.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,699
Location
Michigan
They handed these out to us at work and are making us use them for access to our Google account (e-mail, drive, etc.) starting Jan. 1 2020.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
I suppose that is better than the stupid emails with codes that I receive practically every day from MS for the 2nd factorial ID. :(
 

Newtun

Storage is nice
Joined
Nov 21, 2002
Messages
308
Location
Virginia
At my old job, we got YubiKeys, but they set it up so we could alternatively use the PingID app on our phone, which was more convenient to me.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,089
Location
USA
I very rarely need to use my YubiKey once a system has been logged in with it. At times when it's not in the same room as me and I need to log in, I can use the google authenticator app as a backup method. The keys have not caused me any grief so far.

The biggest pain I've had related to 2FA is that I cannot export/backup my google authenticator app config. I had to wipe my mobile device a few weeks ago and it was a huge pain to go back through and reactivate 2FA on all my sites.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,696
Location
Left Coast
I think that I'd prefer a huge pain than losing 2FA to someone who managed to break into my phone.
 
Top