Within seconds of posting this video, a shill already put a thumbs down. LOL. If you're a Yubikey competitor, why don't you send me a review copy of your product instead? Zucked up!
Watch my video on creating 2FA without a phone number. That's my alternate factor. Unfortunately registering multiple hardware 2FA's is not universally allowed (example is Twitter). As the this video shows, if you have one form factor (USB-A), you will not be able to reuse the same hardware on a USB-C. If you go to the end of the video, my wishlist was to be able to sync multiple Yubikeys.
@@varun_chunduru No you cannot use converters of USB-A to USB-C. Which makes sense because if you can put one of these on a hub, then in theory you can intercept the traffic.
You may want to update this video. I’m researching these now and listening to your video it is outdated. 1 - you can use them with Windows now, 2 - you can use a USB-C to USB-3 converter to switch between devices. They are about the same size as the nano, 3 - some sites allow you to use multiple keys now. Probably not the best security option, but would allow you to have a backup key stored safely away. Good info though...
Thanks for the video! I have tested a USB A to USB C adapter and it worked on my Galaxy phone just fine for use with Yubico Authenticator. I could also use NFC of course but it is a pain to always have to turn on NFC and try to find just the right spot on the back of the phone that will read the key. Also the Static Password is super easy to set up and use with a user defined password, just choose the Scan Code button in the menu instead of Advanced, choose your keyboard type and then enter your desired password then write to key.
A very good description and use of the Yubiko Nano key. I am going to buy this key. You answered the many questions I had as I wasn't sure which Yubico 5 to buy. Thanks
0:47 2Fa 3:36 2 specific uses: 2Fa and static password 3:52 Yubikey and 2Fa 6:20 password manager 9:35 Yubikey on mobile phone 10:40 if you lose Yubikey 11:10 Yubikey and burner phone 11:28 Yubikey and computer: how it works 12:22 Yubikey nfc vs nano version 13:56 Yubikey static password vs 2Fa password 15:00 summarize
Rob, your video was the best one I found on the yubikey. I found that the static password works great for lastpass master but you can also add your own unique portion you type and then long press the yubikey to have the static fill in the rest of it. then short press for the 2fa from the yubikey. i got the nano based off your review and it's amazing on a laptop. i got the yubikey 5 nfc as my alternate and works great on anything including a lightning to usb adaptor i already had from apple ... and nfc to my iphone XR. these are cooler than you think because they allow you to stay logged out of password manager and log in quickly when desired.
The concern about having nfc in the usb seems moot as if you leave the key plugged in all the time - you risk someone just using/tapping the key and entering - this circumvents the advantage of 2FA (something you have rather than just know/password). It should always be kept with you.
@ about 17:20 or so: Factually incorrect. I am using my USB C -based Yubikey in my computer with an adapter to fit into a USB A slot. It works perfectly.
Interesting. If this is truly the case then maybe some adapters have combability issues while others do not. And maybe Braxman happened to have an incompatible one? I also have an adapter that I may try out. Not sure if there would also be a security concern in the case you buy some shady 3rd party adapters off like ebay that happen to be harboring malicious software.
Nice in-depth review, and dispelling common myths. Here is what I'm wondering: For any account that has a backup 2FA SMS enabled, isn't that still the weakest link in the security chain?
It is and I hate the use of phone numbers for many reasons to begin with. I have another video on doing SMS 2FA without a phone number. Is that any better? Better for privacy but someone with access to SS7 hacking can intercept the SMS. The better backup is TOTP (Google Aythenticator or Authy).
Consider using a number tied to a web service like Google Voice no SIM card, this can make it on par with email OTP in terms of security since someone would need access to your Voice account instead of just being able to scam your carrier into spoofing your sim card.
You can duplicate the Yubikeys I have done this for years. At 10 minutes the video says you can't have two identical Yubikeys that are the synced on two different computers. You should use the Yubikey configuration tool. You can wipe the Yubikeys and make them all the same.
When one changes (i.e. you add a new account), do you have to bring them back together to re-sync. them ? i.e. I can't have one in LA and one in NY permanently...I'd have to fly one to the other every time there's a new account ?
@@jacklewis100 I doesn't work that way you don't have to change the key configuration every time you add a new account. The keys are made identical if you want using their configuration tool. Then you can give two or more people no matter where they are a key. they all have the same level of account access. You just keep pairing any one of the keys to each new account you make then they all will work with that new account.
@@huestifer Ah... so the key doesn't actually store any accounts - it's the accounts/web services which become aware of the permitted keys! Thanks. That makes a lot more sense.
@@jacklewis100 There is also a corporate version of the yubikey that allows you to control logins to a corporate server, for example. They also have tools that allow businesses to create more than one key at a time for a large business enterprise.
I appreciate the videos, and no, you don’t have to make them shorter. I watch them as you go into depth which is what we need to understand it. I have questions: 1) I bought 2 yubikey 5 NSD 2) outlook live was tested first ad worked fine after it asked to create code 3) added 2nd and was fine 4) tried google, failed 5) tried in chrome, failed with endless spinning until it gave a message stating it needed to be plugged in 6) restarted computer, gmail failed again to sync with same errors 7) I have never found anything that explains how many emails you can apply 8) I haven’t found anything that wipes the whole thing to start from scratch or updates that don’t require intense DOS style script for each “applet” where directions are difficult to follow 9) support to LastPass and yubico has been sent and have gotten zero responses 10) how far am I off? Is it a software thing? I saw a video where the thickness of the usb section varied and could be part of the problem, no? Thanks in advance.
That's a long list! LOL. There's a lot that you didn't read. For example, Lastpass only supports Yubikey using their Premium version. But I don't use TOTP with Lastpass, I just use it as a master password. Which requires some setup. There are always ways to disengage TOTP from any of those websites. Just remove the 2FA and start again. Many websites don't allow two TOTP devices. If it failed, try it again something didn't get processed right. For example, if you tap on the device too long. It should be a brief tap. A long tap is considered to be the 2nd mode (which is for a password)
Does the Yuibkey have upgrades to the software? Who controls the software updates? I know this seems to be the best option in the market but I am always trying to see any possible vulnerabilities. No, I wasn't born skeptical, well, maybe I was.
Thank you for this video. This was extremely informative, very straightforward and the only video I have viewed on this subject that clearly explains the form factors, their names and respective uses and exactly how it might work (or might not) work with a password manager.
I've been using them since 2017 for online verification and always been able to use multiple Yubikeys with EVERY service that supported them. In fact a minimum of 2 has always been RECOMMENDED in case one is lost or damaged. I question the management of any service that allows 1 but not multiple Yubikeys. I have also been using USB A to USB C and Micro adapters for phone and tablets. If adapters didn't work for you that incompatibility was elsewhere.
He's conflating WebAuthn and/or FIDO2 with YubiOTP. There are services that only allow one YubiOTP entry (though Lastpass allows up to five, so it's not a technical limitation), but any that use then as Fido(2) / WebAuthn allow and even recommend setting up more than one.
You can register a second physical key. It is great as a backup in-case of lost/stolen or damaged keys. (And if you get two different USB types then that solves this issue.(btw NFC authentication doesn't work with most mobile browsers. Apps only.)
Thank you. you cleared up a lot of information in an easy to understand manner. I look forward to seeing more of your videos. I've subscribed. R. Varela
I don't see them giving the ability to sync multiple keys. That would be a security issue because it would make it possible to clone them. The whole point behind the secure element is that it can't be read/replicated once it's manufactured. They could create duplicate physical keys in the factory, and maybe that's something they should off (like a set of 2 identical keys) but it would really reduce the security if they could be altered after manufacturing.
Not true. You can use two keys at the same time. I have both the nfc YubiKey and the 5ci YubiKey. Whenever you set up 2FA, you get a QRcode from the website. You just scan the code with the YubiKey app, swap your key, then scan it again. Now both keys will have the 2FA codes.
@@marcespina1 what Retro is saying is of course true. He is saying that a private key should never leave an HSM. You are saying that several public keys can be registered as authorized keys to access a service. So you are both right, you are just talking about different things.
I appreciate your insights. I've been coming across your videos a lot recently as I'm starting to take internet privacy seriously. Byproduct of studying cybersec in preperation to switch careers. Thanks virus!
Rob, they make a combination Yubikey which has both USB-A and USB-C connectors on the one Yubikey. Moreover, you can program/clone more than 1 yubikey so it shows up as the same key across multiple devices.
Sooo if i'm getting this right, if I had 2 yubikeys and say yubikey #1 was used for my Google account. If I clone the 2nd yubikey to be identical to the 1st, and then lost yubikey #1, I could use #2 in it's place for logging in?
Anyone who uses a Yubikey with LastPass; LastPass allows you to register multiple keys. This allows me to have one key in my private laptop and have a separate (NFC enabled) key in my bag when I leave home without a laptop. It also gives me the ability to access my personal vault when on business travel with just a business laptop and business related Yubikey. When it comes to using a hardware key with KeePass, I really never used a browser plugin but just used Auto-Type function to fill the username and password fields. In case someone would like to use that combination, try it and see if that's what you were looking for.
I subscribed to your channel. I am using a Yubikey that I just received from the manf., I think that this type of security management is going to be the next BEST think. I remember when we used some software in a project way back when and it would NOT allow you to use that package w/o the dongle that is what they were called then and I thought it was great and a pain in the ass sometimes because it was used on multiple machines, each needing it's own expensive key! Thanks for the in depth review.
Rob, leaving your key plugged in leaves a physical security risk as a person couldclone the key, given time and physical access. Most people dont worry about this at home, but having had a PI break into my house (your home is not nearly as secure as you think!) I learned to not assume anything. Bathroom break at home, ok. Leave it when you go to work...nope!
I have the same experience and could live with it and so I have decided to return the product. It also did not work properly with android NFC. I will give this another go it they have fixed what you have mention in the last section of your video. Great video by the way.
If you're going to use the static password facility of the key, you should have a prefix that is NOT on the Yubikey that is appended by the "fixed" password stored on the key in case the Yubikey is lost or stolen. In other words, if the static password is "hd7QWh%^87hd", then make your "master" password something like "6592" (typed by hand) + "hd7QWh%^87hd" (activated by the Yubikey).
love your videos, I more or less figured out quite a few of the same concepts myself over the years- the only thing i'd say is there's a lack of open source since I think the 3 - neo , and for all the RF stuff they offer, i'm sure a capable chap such as yourself could brush past a phone with near field switched on (for these keys and their convenience) and steal a bunch of creds from the phone concerned. If you build one of those and go to a concert you can walk out a millionaire... Other than that , I do like the things, just switch off NF on your phone.
It would be extremely close and obnoxiously noticeable. Less than 3 inches, and you must also tap the yubikey button to trigger it. Dont try this near someone's back pocket. If they step back slightly and touch your hand, you may end up being charged with groping and wind up on a sex offender registry. Yes, NFC is that close.
Assuming one could get close enough, how exactly would an NFC-enabled hacking device steal creds from a victim's phone? The two devices need to be configured to trust each other first, no?
@10m00s: You can only use one device with one key on one account. You can't sync multiple different form factor Yubikey's and access the same account via different hardware. Uhh, okay, wow. Thank you for saving me the time and effort!
Helpful review, I learn a lot. It sounds complicated. It can only store one password? If it is lost, what are the steps to protect ourselves, is there a revocation process?
the other thing i'd add is I agree don't buy two - the marketing is that if you lose your first one you're stuffed - but if you're concerned and want to start out exactly where you left off - these are factory produced things, so all you do is with Yubikey #1 - get the hexadecimal crypto stuff from the manager, print it off and shove it under your floorboards and hope you never need it - but if you do, just buy another one and put the same hex data in. pwSafe is a good password management option to use with, it'll do PK authentication so with your long password in the regular box it's pretty much unbreakable as it's 256AES
@@nathandrake981 I use Bitwarden so I'm biased, but it's a great program and I see no real reason why you should pay for a password manager. Definitely go with Bitwarden.
Thanks for the vid Rob. I have been researching tightening up my security in all areas, and considering Yubikey as well. I like the idea of using it as a ststaic password for my Mac as well, though it comes to mind that if you were to leave the nano plugged in, or your yubikey around, and some one managed to gets physical access, in the event of a theft, break in, or confiscation, which I have heard is happening more often at airports now so they can access all your data. But thats a story for another day. Isnt this leaving you very unprotected? Seems it would make accessing your computer and files even easier.
Do sites where you use a Yubikey store data about your fingerprint if you use a biometric key/ phone if you use an NFC key? i.e. would Amazon be able to see your fingerprint/ IMEI of your device if you were to use these keys to log in? Also, does Yubikey themselves collect any sort of data via these keys?? Heard a lot of these 'third party authenticator apps' mine a bunch of personal data. LOVE your vids Rob. Greetings from the UK!
You can use multiple yubikeys. You should have a backup because if you want all the benefits of using a secure key then you ought to be turning off other weaker methods of authentication like cellphone/mobile authentication.
Hello Rob, I realize this video is 4yrs. Old, I just to know if you have any new opinions on yubikeys? I.e are they reliable, user-friendly and most importantly which brand you can recommend. Thanks
As this type of 2FA devices offer some level of security, it brings a whole host of inconveniences and other issues. I think I will stay with my existing security protocol with very strong password management with 2FA and leave it at that!
In another video you asked why is everyone so interested in Bitwarden now? I would like to suggest, although I may wrong, that is possibly because the recent surge in interest in crypto currency and hence A. Antonopoluss channel and in his Ledger Hack/cyber security videos they mention Bitwarden as one of the main open source password managers.
At 16:19, I don't think this statement is quite accurate. For websites that support U2F (e.g. Google) or Yubico OTP (e.g. LastPass premium), you can configure multiple Yubikeys for the same account. Similarly for OATH OTP (which is what app-based 2FA uses), you can configure multiple Yubikeys for the same account by registering the same secret key multiple times. The easiest way to do that is by using the Yubico Authenticator app, which works just like other 2FA apps, but stores the secret keys on your Yubikey. If you want to be able to add additional Yubikeys for 2FA later, you can take a screenshot of the QR code, print it out, and store it somewhere safe. Obviously that's not super convenient, so ideally more websites will support U2F and FIDO2 in the future.
I use the yubikey usb a and usb c with their own converters to switch with computer and mobile, it is best used with 3.0 converter that will make it work. If using the standard converters that aren’t 3.0 then it doesn’t function properly.
Do you know if consumers can use the 5C FIPS series keys? I'm wondering if the regular 5 NFC series differs from the 5 FIPS series other than the added level of security on the FIPS. I ask because I'm wondering if let's say you want to secure your gmail account with the regular 5 series, can you also do it with the 5 FIPS series? Or are most accounts the average user utilizes only compatible with the regular 5 series and not the FIPS series? If I can still use the FIPS series that has government level 3 encryption vs. the regular 5 series, which only has level 1 encryption, than I'd rather just make the investment and pay slightly more for the FIPS version and get added security but I'm not sure if it's ONLY for government use or can regular consumers use it to and for the most part it would still function like the regular 5 series but with the added protection? Thanks for making your content, it's valuable in today's digital world 👍❗
Hi Rob, I have the yubikey 5C and 5NFC. THE YUBIKEY 5NFC works fine on my laptop but the Yubikey 5 C does not work on my Samsung Tab A nor my Samsung A40 Smart phone, it either takes too long to load or does not recognise my Yubikey 5c at all. I am a disabled person who uses social media often and I desperately want to use Yubikey on all my devices. Best wishes from UK.
There is good reason why you cannot sync or copy to another key, and likewise you cannot copy the same to Google Authenticator. If you could, it would make this whole thing useless because the hacker or someone with momentary access to the key could just steal everything without your knowledge. Instead just add your backup key as a second device to unlock your account.
Great review. Do you know if the USB C key has the option to configure 2 static passwords. BTW have you figured out how to configure your own static password?
I don't know if they've changed the software since but at the time I made the video, you can only configure one additional use (static or TOTP). The way it works is by touch time. If you touch it for a few seconds it is mode 1. Longer (10 seconds or so), then you get mode 2. So if you use a Yubikey for static only, in theory you can get 2 static modes. Or 2 TOTP modes are any combination of 2.
You said you only can register one key at a time and u need to use either usb-c or usb-a. But I just got two yubikey 5 nfc usb-a version. and the services I've tried so far have let me registered both keys and it worked on my phone both with nfc and using a usb-a to usb-c adapter. Did u mean the adapter is a security flaw maybe?
Sir, in your opinion do printable backup codes make an account protected with security keys more vulnerable? For example, Google back up codes are only 8 digits.
its not the code length. Its that if someone manages a password heist and logs in once, they can copy codes and use them in place of 2FA and lock you out of your account if they so choose. I had my comcast xfinity account hijaacked by a PI due to their poor security practices. I then had 2 different gmails hijacked that were used to impersonate me while I am locked out of them. That is beyond the scope of a normal PI, Its just creepy, but consider that in order to do that job you have to have no ethics anyway...
> If you're using Yubikey on your Windows computer that has a USB A and is semi-permanently plugged in there like the nano here, It's not gonna work with another computer that's only using USB C like the new MacBook. Umm, No you can. Maybe your USB-A to USB-C adapter is just broken (assuming you really did test it). I use both systems for work (Mac OS and Windows 10). And I can 100% confirm it works (Yubikey with USB-A using an adapter to USB-C for Mac OS). I use it on a daily basis. ----- You can use 2fa on Windows Login via Yubico Login Windows. It's a direct replacement of the "Windows Logon Tool" which also replaces YubiKey for Windows Hello app. That was sunset around September 2019, 5 months after this video aired. 🤦🏻♂️ So I'm not sure which tool Rob is saying that was deprecated at the time of this video recording. Where clearly Yubico release 3 different apps to use for Window logins for 2fa, albeit its for local accounts. Link of the article: support.yubico.com/support/solutions/articles/15000006472-using-your-yubikey-4-or-neo-with-the-windows-hello-app And here's how you get 2FA for Windows with their new software: support.yubico.com/support/solutions/articles/15000028729-yubico-login-for-windows-configuration-guide
I have been using a yubikey daily for years; they really are nice. This video doesn't cover all the features; and the best ones are for holding gpg keys. Generate them offline, put subkeys on the yubikey; then password store can just be gpg encrypted files. There are even front ends for doing this called "password-store" - much better usage than the "fixed password" use; I have that totally disabled. GPG is a much better password manager
I’m not sure you accurately described how it works according to a video explaining the U2F protocol. The device does more than act as a simple keyboard macro, according to other sources.
If the websites you use Yubikey with can just fall back to SMS or email then there is any real security advantage to using a hardware key apart from phishing attacks if you are careless and end up putting your OTP into a fake website?
OTP doesn't work like that! It's 'Time-based One Time Password' (TOTP). Cannot ever be used again. Only the company that has the original private key can validate it. You can pass multiple TOTP results to anyone else and it's meaningless
Rob Braxman Tech I’m referring to a phishing site where someone enters their password and TOTP. If the website doesn’t require a new TOTP for disabling 2-fa someone can hijack your account (if they are inputting the information into the real site immediately).
How would the phishing site know you have a Yubikey? Next, if I were to do Phishing, I'd just accept any password since one of the things I want to collect is the password. Then I will ignore the TOTP since I don't even know it exists. Then I present the fake website. TOTP is not even connected to this story. It has to do with knowing what you're clicking
Rob Braxman Tech My original comment was referring to one of the pitfalls of TOTP/Google Authenticator. It appears prevention of phishing attacks is the only advantage I can see of a yubikey from my limited understanding of the device. This is why Binance doesn’t allow withdrawals within 2 minutes of logging in so that you are forced to use a new TOTP code for withdrawal.
It's a different issue when you talk about how someone might hack 2FA with SMS. So if you allow a downgrade to SMS, then you can intercept the SMS with SS7 attack on SMS, or if you've prehacked the email, through email. The downgrade attack is an issue even on security of LTE. But without the ability to downgrade, then the usability is a problem. So yes it is not perfect
It would be nice if you could do an update on that. So many sites now ask to take a pic of an on-screen QR code, as a 2FA method, can this be done with the Ubikey and is it as safe?
So wait a minute you’re cool with using AWS for your cloud storage? I’m trying to move away from them as much as I can because if there is Susie as him about the surveillance state
This is mostly old information. For up to date info on yubikey look at more recent videos. In 2024 things have changed regarding this security key and points made on this video.
Wait You're telling me that this keys don't work with adapters? I saw a video with the RUclipsr using an adapter for his type c key to plug it into his PC. I need to check that with my keys.
If you said most systems default to email or text when you loose the key then how safe is the key if email or text can be hacked? I would think it should be key or backup key or nothing. Please let me know how to protect against a hacker that can claim they lost their yubikey?
Aaand why exactly you "cant use converter" to connect USB-A to USB-C port for example? Yubikeys all electrically USB 2.0 (you dont need speed here at all) devices, connectors is different, protocol is same. Even more, you can connect USB key...to phone! Phones have USB host for years and adapters is present too.
So a great idea, but could be impractical. If you have one or maybe two sites that absolutely must have Good security, then...For the rest maybe use authenticator
I don't know about a PC, but I AM able to use USB-A to Micro converter for the Yubikey 5 on my Samsung 10 tablet. -->CableCreation Micro USB 2.0 OTG Cable Flat On The Go Adapter Micro USB Male to USB Female for Samsung S7 S6 Edge S4 S3 Android or Other Smart Phones Tablets with OTG Function 6 Inch, Black ON AMAZON
Hey Rob , As per Yubico if Yubikey 5C version works with Android Mobile, Yubikey 5 NFC should also work with a converter. So this makes your testing as wrong. Please try again :)
Hi Varun, my testing isn't wrong. But I don't have the same devices that Yubico may have used. I tried THREE different USB-C/USB-A converters and none of them worked. I checked their website and they point to 3 or so models that work and many that didn't work. As far as averages go, trying 3 that don't work are bad odds. I may have a 4th style around someplace and I can also try a UBC-A hub to USB-C.
Is there a way to protect your crypto if you've made a mistake and used a wallet from a wallet provider who are the scammers themselves? Is there a way a Yubikey can protect you in this case? I don't think they stole my crypto using a Trojan keylogger to gain access to my password for the wallet, but if the wallet providers themselves just randomly steal from the wallet user base, can a hardware device like still help?
WHY ON EARTH... would you use a Yubikey as as static password for a password safe, giving access to every one of your online/service accounts in one go? If your laptop is grabbed with the Yubikey in, you're in trouble - they have your safe and the key. Sure, when you sleep, MAYBE you put the Yubikey in a very strong, uncrackable wall safe (but where's the key to that?)... but do you do that every time you use the bathroom or make a coffee? Nooooo ! A password safe is so important that one of its unlocking factors must ONLY ever be something you know - i.e. a strong password. Tell me why I'm wrong...
@@robbraxmantech Matrix makes messages permanent in what way? And how is it a problem if I'm hosting the server? I mean really, if there's a better chat solution (a realistic solution that I can use with family), then I want to know
@@vidarreturns8632 Matrix is great if you want to say something political for example and don't want anyone to ever remove it or censor it. It runs on decentralized servers so there's multiple copies like any peer to peer (like blockchains). Now just like blockchain, this makes the message immutable. Yes it can be encrypted but the immutability leaves meta data of a conversation. Plus the fact that quantum computers could break that encryption at some point. Nothing is perfect unfortunately
@@robbraxmantech Very good. Yes, quantum computers could potentially break open all encryption everywhere at some unknown future time. From my humble perspective, Matrix is currently the best solution for secure messaging with large groups of people. Unfortunately, it isn't as friendly to use as it could be. Thanks for the dialog, Rob.
How does it reflect on the manufacturer that this is by far, the best information available. Yubikey is the quintessential example of, the poster-child for, the anti-patent movement. A demonstrably, a provably incompetently run organization somehow secures patent rights to a beneficial security product, which company is utterly, and apparently shamelessly clueless in developing to market. They lack the wisdom and awareness to know how screwed up they are.
Many factual mistakes. He's using the wrong Yubi app to setup static passwords. He should be using YubiKey Manager not the Personalization tool. Also, most all websites allow registration of multiple (5 on Google) YubiKeys so form factor is only a matter of buying another one.
Within seconds of posting this video, a shill already put a thumbs down. LOL. If you're a Yubikey competitor, why don't you send me a review copy of your product instead? Zucked up!
Watch my video on creating 2FA without a phone number. That's my alternate factor. Unfortunately registering multiple hardware 2FA's is not universally allowed (example is Twitter). As the this video shows, if you have one form factor (USB-A), you will not be able to reuse the same hardware on a USB-C. If you go to the end of the video, my wishlist was to be able to sync multiple Yubikeys.
So you're saying that we cannot use a Yubikey 5 NFC with Android mobile using a type-A to type-C converter ??
@@varun_chunduru No you cannot use converters of USB-A to USB-C. Which makes sense because if you can put one of these on a hub, then in theory you can intercept the traffic.
@@robbraxmantech Have you tested it ? Using Yubikey (type - A) using converter to a Android mobile ??
@@varun_chunduru Yes of course I tested it.
This whip smart, honest, humble man is on our side and is working to protect us. Valuable gift to us.
You may want to update this video. I’m researching these now and listening to your video it is outdated. 1 - you can use them with Windows now, 2 - you can use a USB-C to USB-3 converter to switch between devices. They are about the same size as the nano, 3 - some sites allow you to use multiple keys now. Probably not the best security option, but would allow you to have a backup key stored safely away. Good info though...
Thanks for the video! I have tested a USB A to USB C adapter and it worked on my Galaxy phone just fine for use with Yubico Authenticator. I could also use NFC of course but it is a pain to always have to turn on NFC and try to find just the right spot on the back of the phone that will read the key. Also the Static Password is super easy to set up and use with a user defined password, just choose the Scan Code button in the menu instead of Advanced, choose your keyboard type and then enter your desired password then write to key.
This setup works just fine with my Xiaomi 9T phone.
A very good description and use of the Yubiko Nano key. I am going to buy this key. You answered the many questions I had as I wasn't sure which Yubico 5 to buy.
Thanks
Thank you for watching!
0:47 2Fa
3:36 2 specific uses: 2Fa and static password
3:52 Yubikey and 2Fa
6:20 password manager
9:35 Yubikey on mobile phone
10:40 if you lose Yubikey
11:10 Yubikey and burner phone
11:28 Yubikey and computer: how it works
12:22 Yubikey nfc vs nano version
13:56 Yubikey static password vs 2Fa password
15:00 summarize
I LOVE my YubiKey 5 (nfc) used for iPhone X and computers.
Rob, your video was the best one I found on the yubikey. I found that the static password works great for lastpass master but you can also add your own unique portion you type and then long press the yubikey to have the static fill in the rest of it. then short press for the 2fa from the yubikey. i got the nano based off your review and it's amazing on a laptop. i got the yubikey 5 nfc as my alternate and works great on anything including a lightning to usb adaptor
i already had from apple ... and nfc to my iphone XR. these are cooler than you think because they allow you to stay logged out of password manager and log in quickly when desired.
Awesome review, not like other sold out bias youtubers that only mention the good things and "forget" the bad, only because the receive free stuff.
The concern about having nfc in the usb seems moot as if you leave the key plugged in all the time - you risk someone just using/tapping the key and entering - this circumvents the advantage of 2FA (something you have rather than just know/password). It should always be kept with you.
@ about 17:20 or so: Factually incorrect. I am using my USB C -based Yubikey in my computer with an adapter to fit into a USB A slot. It works perfectly.
Interesting. If this is truly the case then maybe some adapters have combability issues while others do not. And maybe Braxman happened to have an incompatible one? I also have an adapter that I may try out. Not sure if there would also be a security concern in the case you buy some shady 3rd party adapters off like ebay that happen to be harboring malicious software.
@@StoicSimp My adapter is a standard, plain USB-C female to USB-A male adapter - it's even smaller than the Yubikey (but a bit thicker).
Nice in-depth review, and dispelling common myths. Here is what I'm wondering: For any account that has a backup 2FA SMS enabled, isn't that still the weakest link in the security chain?
It is and I hate the use of phone numbers for many reasons to begin with. I have another video on doing SMS 2FA without a phone number. Is that any better? Better for privacy but someone with access to SS7 hacking can intercept the SMS. The better backup is TOTP (Google Aythenticator or Authy).
Consider using a number tied to a web service like Google Voice no SIM card, this can make it on par with email OTP in terms of security since someone would need access to your Voice account instead of just being able to scam your carrier into spoofing your sim card.
You can duplicate the Yubikeys I have done this for years. At 10 minutes the video says you can't have two identical Yubikeys that are the synced on two different computers. You should use the Yubikey configuration tool. You can wipe the Yubikeys and make them all the same.
When one changes (i.e. you add a new account), do you have to bring them back together to re-sync. them ? i.e. I can't have one in LA and one in NY permanently...I'd have to fly one to the other every time there's a new account ?
@@jacklewis100 I doesn't work that way you don't have to change the key configuration every time you add a new account. The keys are made identical if you want using their configuration tool. Then you can give two or more people no matter where they are a key. they all have the same level of account access. You just keep pairing any one of the keys to each new account you make then they all will work with that new account.
@@huestifer Ah... so the key doesn't actually store any accounts - it's the accounts/web services which become aware of the permitted keys! Thanks. That makes a lot more sense.
@@jacklewis100 There is also a corporate version of the yubikey that allows you to control logins to a corporate server, for example. They also have tools that allow businesses to create more than one key at a time for a large business enterprise.
I appreciate the videos, and no, you don’t have to make them shorter. I watch them as you go into depth which is what we need to understand it. I have questions:
1) I bought 2 yubikey 5 NSD
2) outlook live was tested first ad worked fine after it asked to create code
3) added 2nd and was fine
4) tried google, failed
5) tried in chrome, failed with endless spinning until it gave a message stating it needed to be plugged in
6) restarted computer, gmail failed again to sync with same errors
7) I have never found anything that explains how many emails you can apply
8) I haven’t found anything that wipes the whole thing to start from scratch or updates that don’t require intense DOS style script for each “applet” where directions are difficult to follow
9) support to LastPass and yubico has been sent and have gotten zero responses
10) how far am I off? Is it a software thing? I saw a video where the thickness of the usb section varied and could be part of the problem, no?
Thanks in advance.
That's a long list! LOL. There's a lot that you didn't read. For example, Lastpass only supports Yubikey using their Premium version. But I don't use TOTP with Lastpass, I just use it as a master password. Which requires some setup.
There are always ways to disengage TOTP from any of those websites. Just remove the 2FA and start again. Many websites don't allow two TOTP devices. If it failed, try it again something didn't get processed right. For example, if you tap on the device too long. It should be a brief tap. A long tap is considered to be the 2nd mode (which is for a password)
Does the Yuibkey have upgrades to the software? Who controls the software updates? I know this seems to be the best option in the market but I am always trying to see any possible vulnerabilities. No, I wasn't born skeptical, well, maybe I was.
Thank you for this video. This was extremely informative, very straightforward and the only video I have viewed on this subject that clearly explains the form factors, their names and respective uses and exactly how it might work (or might not) work with a password manager.
i got me the 5Ci, with a seperate USB-C to USB-A adapter (€12) to use it on mac, iphone and windows machine
I've been using them since 2017 for online verification and always been able to use multiple Yubikeys with EVERY service that supported them. In fact a minimum of 2 has always been RECOMMENDED in case one is lost or damaged. I question the management of any service that allows 1 but not multiple Yubikeys. I have also been using USB A to USB C and Micro adapters for phone and tablets. If adapters didn't work for you that incompatibility was elsewhere.
He's conflating WebAuthn and/or FIDO2 with YubiOTP. There are services that only allow one YubiOTP entry (though Lastpass allows up to five, so it's not a technical limitation), but any that use then as Fido(2) / WebAuthn allow and even recommend setting up more than one.
I love this guy. Thanks for all you do Rob. Life changing info on every video.
You can register a second physical key. It is great as a backup in-case of lost/stolen or damaged keys. (And if you get two different USB types then that solves this issue.(btw NFC authentication doesn't work with most mobile browsers. Apps only.)
Not every site allows 2 keys. But you're right it only makes sense to allow 2 for backup reasons.
Thank you. you cleared up a lot of information in an easy to understand manner. I look forward to seeing more of your videos. I've subscribed. R. Varela
Thank you for the insights, your wishlist is the reason my yubikey isn't used.
I don't see them giving the ability to sync multiple keys. That would be a security issue because it would make it possible to clone them. The whole point behind the secure element is that it can't be read/replicated once it's manufactured. They could create duplicate physical keys in the factory, and maybe that's something they should off (like a set of 2 identical keys) but it would really reduce the security if they could be altered after manufacturing.
Not true. You can use two keys at the same time. I have both the nfc YubiKey and the 5ci YubiKey. Whenever you set up 2FA, you get a QRcode from the website. You just scan the code with the YubiKey app, swap your key, then scan it again. Now both keys will have the 2FA codes.
@@marcespina1 what Retro is saying is of course true. He is saying that a private key should never leave an HSM. You are saying that several public keys can be registered as authorized keys to access a service. So you are both right, you are just talking about different things.
You can register more than one USB key to an account and for 2fFA APP you can assign more than one key..
What is “2fFA APP”?
I appreciate your insights. I've been coming across your videos a lot recently as I'm starting to take internet privacy seriously. Byproduct of studying cybersec in preperation to switch careers. Thanks virus!
Rob, they make a combination Yubikey which has both USB-A and USB-C connectors on the one Yubikey. Moreover, you can program/clone more than 1 yubikey so it shows up as the same key across multiple devices.
Can you provide a link please? I found only combination of usb c and lightning
Sooo if i'm getting this right, if I had 2 yubikeys and say yubikey #1 was used for my Google account. If I clone the 2nd yubikey to be identical to the 1st, and then lost yubikey #1, I could use #2 in it's place for logging in?
@@uniquechannelnames You can't clone Yubikeys. But you can register more than one.
Anyone who uses a Yubikey with LastPass; LastPass allows you to register multiple keys. This allows me to have one key in my private laptop and have a separate (NFC enabled) key in my bag when I leave home without a laptop. It also gives me the ability to access my personal vault when on business travel with just a business laptop and business related Yubikey.
When it comes to using a hardware key with KeePass, I really never used a browser plugin but just used Auto-Type function to fill the username and password fields. In case someone would like to use that combination, try it and see if that's what you were looking for.
I subscribed to your channel. I am using a Yubikey that I just received from the manf., I think that this type of security management is going to be the next BEST think. I remember when we used some software in a project way back when and it would NOT allow you to use that package w/o the dongle that is what they were called then and I thought it was great and a pain in the ass sometimes because it was used on multiple machines, each needing it's own expensive key! Thanks for the in depth review.
Rob, leaving your key plugged in leaves a physical security risk as a person couldclone the key, given time and physical access. Most people dont worry about this at home, but having had a PI break into my house (your home is not nearly as secure as you think!) I learned to not assume anything. Bathroom break at home, ok. Leave it when you go to work...nope!
Thanks very much for this - I'll look up something more recent too but this was a good intro to user thoughts.
I have the same experience and could live with it and so I have decided to return the product. It also did not work properly with android NFC. I will give this another go it they have fixed what you have mention in the last section of your video. Great video by the way.
Thank you. I don't use it much now myself. I'm mostly using TOTP (Authy etc).
If you're going to use the static password facility of the key, you should have a prefix that is NOT on the Yubikey that is appended by the "fixed" password stored on the key in case the Yubikey is lost or stolen.
In other words, if the static password is "hd7QWh%^87hd", then make your "master" password something like "6592" (typed by hand) + "hd7QWh%^87hd" (activated by the Yubikey).
Nice idea
very smart! Prevents access by device cloning. 😎
love your videos, I more or less figured out quite a few of the same concepts myself over the years- the only thing i'd say is there's a lack of open source since I think the 3 - neo , and for all the RF stuff they offer, i'm sure a capable chap such as yourself could brush past a phone with near field switched on (for these keys and their convenience) and steal a bunch of creds from the phone concerned. If you build one of those and go to a concert you can walk out a millionaire... Other than that , I do like the things, just switch off NF on your phone.
It would be extremely close and obnoxiously noticeable. Less than 3 inches, and you must also tap the yubikey button to trigger it. Dont try this near someone's back pocket. If they step back slightly and touch your hand, you may end up being charged with groping and wind up on a sex offender registry. Yes, NFC is that close.
Assuming one could get close enough, how exactly would an NFC-enabled hacking device steal creds from a victim's phone? The two devices need to be configured to trust each other first, no?
@10m00s: You can only use one device with one key on one account. You can't sync multiple different form factor Yubikey's and access the same account via different hardware. Uhh, okay, wow. Thank you for saving me the time and effort!
Its not true, you can setup multiple keys to the same acounts and have them as backups, I dont know where this man got all his misinformation from..
Your review lacks demonstrations for completeness. But overall good review, thanks.
Helpful review, I learn a lot. It sounds complicated. It can only store one password? If it is lost, what are the steps to protect ourselves, is there a revocation process?
the USB-C with an USB-C to USB-A adapter solves your problem, also most apps/accounts support a second / third backup key
Video already cpl years old, he also mention the hardware should change maybe every year.
the other thing i'd add is I agree don't buy two - the marketing is that if you lose your first one you're stuffed - but if you're concerned and want to start out exactly where you left off - these are factory produced things, so all you do is with Yubikey #1 - get the hexadecimal crypto stuff from the manager, print it off and shove it under your floorboards and hope you never need it - but if you do, just buy another one and put the same hex data in. pwSafe is a good password management option to use with, it'll do PK authentication so with your long password in the regular box it's pretty much unbreakable as it's 256AES
Hi Rob, you can in fact use the series 5 usb A on a USB C computer, with a converter dongle.
Just using any Password Manager would be a 10000% security increase for most people
@@nathandrake981 Generally Bitwarden would be considered better as it is open source, meaning anyone can inspect the code.
@@nathandrake981 I use Bitwarden so I'm biased, but it's a great program and I see no real reason why you should pay for a password manager. Definitely go with Bitwarden.
Thanks for the vid Rob.
I have been researching tightening up my security in all areas, and considering Yubikey as well.
I like the idea of using it as a ststaic password for my Mac as well, though it comes to mind that if you were to leave the nano plugged in, or your yubikey around, and some one managed to gets physical access, in the event of a theft, break in, or confiscation, which I have heard is happening more often at airports now so they can access all your data. But thats a story for another day. Isnt this leaving you very unprotected? Seems it would make accessing your computer and files even easier.
I would only use a static password case if I were sure of my physical security like at home. I wouldn't use it in an open work environment.
You can also use the static password and add your own extra characters to the end of it for better security.
Do sites where you use a Yubikey store data about your fingerprint if you use a biometric key/ phone if you use an NFC key? i.e. would Amazon be able to see your fingerprint/ IMEI of your device if you were to use these keys to log in? Also, does Yubikey themselves collect any sort of data via these keys?? Heard a lot of these 'third party authenticator apps' mine a bunch of personal data.
LOVE your vids Rob. Greetings from the UK!
You can use multiple yubikeys. You should have a backup because if you want all the benefits of using a secure key then you ought to be turning off other weaker methods of authentication like cellphone/mobile authentication.
Hello Rob,
I realize this video is 4yrs. Old, I just to know if you have any new opinions on yubikeys? I.e are they reliable, user-friendly and most importantly which brand you can recommend.
Thanks
As this type of 2FA devices offer some level of security, it brings a whole host of inconveniences and other issues. I think I will stay with my existing security protocol with very strong password management with 2FA and leave it at that!
In another video you asked why is everyone so interested in Bitwarden now? I would like to suggest, although I may wrong, that is possibly because the recent surge in interest in crypto currency and hence A. Antonopoluss channel and in his Ledger Hack/cyber security videos they mention Bitwarden as one of the main open source password managers.
At 16:19, I don't think this statement is quite accurate. For websites that support U2F (e.g. Google) or Yubico OTP (e.g. LastPass premium), you can configure multiple Yubikeys for the same account.
Similarly for OATH OTP (which is what app-based 2FA uses), you can configure multiple Yubikeys for the same account by registering the same secret key multiple times. The easiest way to do that is by using the Yubico Authenticator app, which works just like other 2FA apps, but stores the secret keys on your Yubikey. If you want to be able to add additional Yubikeys for 2FA later, you can take a screenshot of the QR code, print it out, and store it somewhere safe.
Obviously that's not super convenient, so ideally more websites will support U2F and FIDO2 in the future.
I use the yubikey usb a and usb c with their own converters to switch with computer and mobile, it is best used with 3.0 converter that will make it work. If using the standard converters that aren’t 3.0 then it doesn’t function properly.
Some apps and websites do allow for registering more than one yubikey. This is handy for having a back up yubikey that you can store.
Very nicely done with some good tips and arguments brought out.
Thank you!
Do you know if consumers can use the 5C FIPS series keys? I'm wondering if the regular 5 NFC series differs from the 5 FIPS series other than the added level of security on the FIPS. I ask because I'm wondering if let's say you want to secure your gmail account with the regular 5 series, can you also do it with the 5 FIPS series? Or are most accounts the average user utilizes only compatible with the regular 5 series and not the FIPS series? If I can still use the FIPS series that has government level 3 encryption vs. the regular 5 series, which only has level 1 encryption, than I'd rather just make the investment and pay slightly more for the FIPS version and get added security but I'm not sure if it's ONLY for government use or can regular consumers use it to and for the most part it would still function like the regular 5 series but with the added protection? Thanks for making your content, it's valuable in today's digital world 👍❗
Agree with your wish list 1000%
Hi Rob, I have the yubikey 5C and 5NFC. THE YUBIKEY 5NFC works fine on my laptop but the Yubikey 5 C does not work on my Samsung Tab A nor my Samsung A40 Smart phone, it either takes too long to load or does not recognise my Yubikey 5c at all. I am a disabled person who uses social media often and I desperately want to use Yubikey on all my devices. Best wishes from UK.
Sorry but we don't know what back doors are in this product.
AFAIK it is closed and proprietary
You can always use TOTP software like Authy or Google Authenicator which does the same thing. And they're clearly open source.
Thank you for sharing you are very smart
Loads of information trying to keep up
You'd think that a fairly simple solution to USB-C / USB-A would be to have both types, one at each end. Then you use whichever one you like.
Which I thought they did, but that was 5C and Lightning (Apple)
There is good reason why you cannot sync or copy to another key, and likewise you cannot copy the same to Google Authenticator. If you could, it would make this whole thing useless because the hacker or someone with momentary access to the key could just steal everything without your knowledge. Instead just add your backup key as a second device to unlock your account.
Very informative, thank you!
Great review. Do you know if the USB C key has the option to configure 2 static passwords. BTW have you figured out how to configure your own static password?
I don't know if they've changed the software since but at the time I made the video, you can only configure one additional use (static or TOTP). The way it works is by touch time. If you touch it for a few seconds it is mode 1. Longer (10 seconds or so), then you get mode 2. So if you use a Yubikey for static only, in theory you can get 2 static modes. Or 2 TOTP modes are any combination of 2.
My Yubikey is of USB-C form factor and I simply use a C-to-A adapter to make my key fit any device I may use.
You said you only can register one key at a time and u need to use either usb-c or usb-a. But I just got two yubikey 5 nfc usb-a version. and the services I've tried so far have let me registered both keys and it worked on my phone both with nfc and using a usb-a to usb-c adapter. Did u mean the adapter is a security flaw maybe?
This is an older video. This has been changed.
@@robbraxmantech ah :) damn fast response btw. 🤘🤘
Sir, in your opinion do printable backup codes make an account protected with security keys more vulnerable? For example, Google back up codes are only 8 digits.
its not the code length. Its that if someone manages a password heist and logs in once, they can copy codes and use them in place of 2FA and lock you out of your account if they so choose. I had my comcast xfinity account hijaacked by a PI due to their poor security practices. I then had 2 different gmails hijacked that were used to impersonate me while I am locked out of them. That is beyond the scope of a normal PI, Its just creepy, but consider that in order to do that job you have to have no ethics anyway...
> If you're using Yubikey on your Windows computer that has a USB A and is semi-permanently plugged in there like the nano here, It's not gonna work with another computer that's only using USB C like the new MacBook.
Umm, No you can. Maybe your USB-A to USB-C adapter is just broken (assuming you really did test it). I use both systems for work (Mac OS and Windows 10). And I can 100% confirm it works (Yubikey with USB-A using an adapter to USB-C for Mac OS). I use it on a daily basis.
-----
You can use 2fa on Windows Login via Yubico Login Windows. It's a direct replacement of the "Windows Logon Tool" which also replaces YubiKey for Windows Hello app. That was sunset around September 2019, 5 months after this video aired. 🤦🏻♂️ So I'm not sure which tool Rob is saying that was deprecated at the time of this video recording. Where clearly Yubico release 3 different apps to use for Window logins for 2fa, albeit its for local accounts.
Link of the article: support.yubico.com/support/solutions/articles/15000006472-using-your-yubikey-4-or-neo-with-the-windows-hello-app
And here's how you get 2FA for Windows with their new software: support.yubico.com/support/solutions/articles/15000028729-yubico-login-for-windows-configuration-guide
I mostly use another email as my 2FA. Its a pita but judging from the comments it sounds like yubikey could be a bigger pita.
I have been using a yubikey daily for years; they really are nice. This video doesn't cover all the features; and the best ones are for holding gpg keys. Generate them offline, put subkeys on the yubikey; then password store can just be gpg encrypted files. There are even front ends for doing this called "password-store" - much better usage than the "fixed password" use; I have that totally disabled. GPG is a much better password manager
I’m not sure you accurately described how it works according to a video explaining the U2F protocol. The device does more than act as a simple keyboard macro, according to other sources.
If the websites you use Yubikey with can just fall back to SMS or email then there is any real security advantage to using a hardware key apart from phishing attacks if you are careless and end up putting your OTP into a fake website?
OTP doesn't work like that! It's 'Time-based One Time Password' (TOTP). Cannot ever be used again. Only the company that has the original private key can validate it. You can pass multiple TOTP results to anyone else and it's meaningless
Rob Braxman Tech I’m referring to a phishing site where someone enters their password and TOTP. If the website doesn’t require a new TOTP for disabling 2-fa someone can hijack your account (if they are inputting the information into the real site immediately).
How would the phishing site know you have a Yubikey? Next, if I were to do Phishing, I'd just accept any password since one of the things I want to collect is the password. Then I will ignore the TOTP since I don't even know it exists. Then I present the fake website. TOTP is not even connected to this story. It has to do with knowing what you're clicking
Rob Braxman Tech My original comment was referring to one of the pitfalls of TOTP/Google Authenticator. It appears prevention of phishing attacks is the only advantage I can see of a yubikey from my limited understanding of the device. This is why Binance doesn’t allow withdrawals within 2 minutes of logging in so that you are forced to use a new TOTP code for withdrawal.
It's a different issue when you talk about how someone might hack 2FA with SMS. So if you allow a downgrade to SMS, then you can intercept the SMS with SS7 attack on SMS, or if you've prehacked the email, through email. The downgrade attack is an issue even on security of LTE. But without the ability to downgrade, then the usability is a problem. So yes it is not perfect
There should be a adapter over the top of USB-A, that can be USB C or Micro USB. This way you have all of them.
It would be nice if you could do an update on that. So many sites now ask to take a pic of an on-screen QR code, as a 2FA method, can this be done with the Ubikey and is it as safe?
WOW this was a really great video review !!
Have you looked in to ellipal titan let us know if they will comp you one for a review on a new video, thanks great content.
2FA is a second method of verifying your login details are correct, not necessarily your identity.
you can use OTG to convert USB to USBc or LIGHTNING
So wait a minute you’re cool with using AWS for your cloud storage? I’m trying to move away from them as much as I can because if there is Susie as him about the surveillance state
This is mostly old information. For up to date info on yubikey look at more recent videos. In 2024 things have changed regarding this security key and points made on this video.
Wait You're telling me that this keys don't work with adapters? I saw a video with the RUclipsr using an adapter for his type c key to plug it into his PC. I need to check that with my keys.
this is an old video. So adapters have improved
But if a ybikey is nominal, the login data goes to the Yubico server, they know every login we make and on which site, and IP etc.
I appreciate your review. Doe's it work with Yahoo?
Thanks for the video!
Hey Rob, thank you!
If you said most systems default to email or text when you loose the key then how safe is the key if email or text can be hacked? I would think it should be key or backup key or nothing. Please let me know how to protect against a hacker that can claim they lost their yubikey?
Aaand why exactly you "cant use converter" to connect USB-A to USB-C port for example? Yubikeys all electrically USB 2.0 (you dont need speed here at all) devices, connectors is different, protocol is same. Even more, you can connect USB key...to phone! Phones have USB host for years and adapters is present too.
Thank you, very informative video.
Thank you!
So a great idea, but could be impractical. If you have one or maybe two sites that absolutely must have Good security, then...For the rest maybe use authenticator
I don't know about a PC, but I AM able to use USB-A to Micro converter for the Yubikey 5 on my Samsung 10 tablet. -->CableCreation Micro USB 2.0 OTG Cable Flat On The Go Adapter Micro USB Male to USB Female for Samsung S7 S6 Edge S4 S3 Android or Other Smart Phones Tablets with OTG Function 6 Inch, Black ON AMAZON
I'm pretty sure google lets me use multiple FIDO U2F keys.
Hey Rob , As per Yubico if Yubikey 5C version works with Android Mobile, Yubikey 5 NFC should also work with a converter. So this makes your testing as wrong. Please try again :)
Hi Varun, my testing isn't wrong. But I don't have the same devices that Yubico may have used. I tried THREE different USB-C/USB-A converters and none of them worked. I checked their website and they point to 3 or so models that work and many that didn't work. As far as averages go, trying 3 that don't work are bad odds. I may have a 4th style around someplace and I can also try a UBC-A hub to USB-C.
Just to reiterate, I retested just NOW.
Is there a way to protect your crypto if you've made a mistake and used a wallet from a wallet provider who are the scammers themselves? Is there a way a Yubikey can protect you in this case? I don't think they stole my crypto using a Trojan keylogger to gain access to my password for the wallet, but if the wallet providers themselves just randomly steal from the wallet user base, can a hardware device like still help?
WHY ON EARTH... would you use a Yubikey as as static password for a password safe, giving access to every one of your online/service accounts in one go? If your laptop is grabbed with the Yubikey in, you're in trouble - they have your safe and the key. Sure, when you sleep, MAYBE you put the Yubikey in a very strong, uncrackable wall safe (but where's the key to that?)... but do you do that every time you use the bathroom or make a coffee? Nooooo ! A password safe is so important that one of its unlocking factors must ONLY ever be something you know - i.e. a strong password. Tell me why I'm wrong...
I think Rob has gone off the deep end with this one. Can we say -overkill-?
use a voip number as your burner phone number. can't be sim jacked and not tied to your identity. google offers a free one in the US
Thanks
Welcome
If you leave this in your computer and step away, can't I pop it in my computer, steal your master password, and put it back?
Wire and Matrix are encrypted chat services that don't require your phone number. Wire is more user friendly, but with Matrix you can self host
The problem with products like Matrix, which is a message store, is that it makes your message permanent.
@@robbraxmantech
Matrix makes messages permanent in what way? And how is it a problem if I'm hosting the server? I mean really, if there's a better chat solution (a realistic solution that I can use with family), then I want to know
@@vidarreturns8632 Matrix is great if you want to say something political for example and don't want anyone to ever remove it or censor it. It runs on decentralized servers so there's multiple copies like any peer to peer (like blockchains). Now just like blockchain, this makes the message immutable. Yes it can be encrypted but the immutability leaves meta data of a conversation. Plus the fact that quantum computers could break that encryption at some point. Nothing is perfect unfortunately
@@robbraxmantech
Very good. Yes, quantum computers could potentially break open all encryption everywhere at some unknown future time. From my humble perspective, Matrix is currently the best solution for secure messaging with large groups of people. Unfortunately, it isn't as friendly to use as it could be. Thanks for the dialog, Rob.
How does it reflect on the manufacturer that this is by far, the best information available. Yubikey is the quintessential example of, the poster-child for, the anti-patent movement. A demonstrably, a provably incompetently run organization somehow secures patent rights to a beneficial security product, which company is utterly, and apparently shamelessly clueless in developing to market. They lack the wisdom and awareness to know how screwed up they are.
I'm a bit unclear on the difference between a 2FA password and a fixed static password. Password's a password?
2FA is a secondary code or device, which you use after you enter your password. The 2FA proves physical access.
I didn't ask about 2FA, I asked about 2FA passwords.
Thanks good review
I need to know if it's made of metal, that's a make or break for me
Many factual mistakes. He's using the wrong Yubi app to setup static passwords. He should be using YubiKey Manager not the Personalization tool. Also, most all websites allow registration of multiple (5 on Google) YubiKeys so form factor is only a matter of buying another one.
You are correct. Usuathis guy is not this far off base.
Man... beside, 2FA, static password... yubikeys (not the cheap yubico security key) could also do OTP/PGP/smartcard etc.
could you make a video about USB fingerprint sensors that work when plugged in on Linux systems like a laptop on the go?