Correct, this is actually not the perfect use for a second slot. Actually I'm not using it anymore, but it is an option that I need to mention. Also there is the risk that you type the key in some chat (it happened ... more than you can think of) :(
Credit card number is a nice usage, after all you need also to know expire date and CVV. The only drawback is that if you have only 2 keys, the second slot is better to be used with OATH and KeepassXC in my life. I use static password on third and fourth key.
Hello, I liked your yubikey video very much and I applied it, but I have a question on my mind. I put a password on the piv and fido side as you did, but when I use services such as binance on the phone, it does not ask for a password, can I put a password on this? Because I feel so insecure this way.
If the service does not ask for a password it means that is using the key as second factor of authentication. If the service allow you to login only with the key without requiring the PIN, the service is (in my opinion) using the key in the wrong way. You should have two option Username+password then touch the key (used as 2FA) PIN+Key (FIDO2) But touching the key without requiring keyword pin is not security HAve you tried from an incognito browser tab? (Maybe you are still logged in and the site is asking only the key as 2FA)
@@codewrecks Now, when I check it on the computer, it works properly, first it verifies the pin and then the yubike. But I couldn't verify from the phone (I tried with Google). When I do it from the computer for Binance, it asks for the pin and then the yubike, but only the yubikey is enough on the phone. Is this their problem, right? Also, I installed yubico authenticator instead of authenticator and put a password there. Even if the wrong password is entered repeatedly, nothing happens. Is this normal? So, after a certain number of incorrect entries, there is no reset etc.?
@@slay1_1 If they do not require pin on the phone is their problem (but it seems strange to me because it means that they are only using 2FA part of the key). The password on yubico authenticator is used only to protect the 2FA stored inside the key, but there is not protection against incorrect entries. since it is used only for 2FA there is no need for this kind of protection. (yubico authenticator is the equivalent of google authenticator, with the sole difference that the seeds are inside your yubikey)
@@codewrecks Now I added the yubikey to the tutanota (mail service) phone application and it was added as U2f but it does not ask for my password. I think it doesn't require a password for the phone. Can you check that? Can you check if any phone app requires a password? I made the settings you made, I put a password on the fido side, I put a password on the piv side, but I did not set a password or any settings on the otp side. I made a password from the Yubico authenticator application and the password there works. I think I did something wrong or Yubikey is not working properly for the phone.
When key is used as two factor auth, it does not require the pin. What I suppose is that the application stores your credentials and uses yubikey only as 2FA. Usually all mail app on your phone does not ask credentials every time you open the app, it just stored them securely inside the phone. When you add your yubikey you are adding only the second factor, so it is normal that the pin is not requested. you should try to uninstall completely the app, reinstall again (or install in a new phone) then verify the login procedure. No application can use a FIDO2 credential inside your yubikey without entering the pin.
Hi, this an been a good feature to use on the PC, thanks. Would please know if its also possible to use OTP Long Touch (Slot 2) with an iPhone, I've tried to set-up but with no joy, thanks Paul
Hello, I registered the yubikey to binance Protection, but when binance asks for the yubikey over the phone, I show it to you, but it opens directly without asking for a password. I want it to ask for both yubikey and password, can I do this? I hope it was explanatory, I wrote it with translation.
I do not use binance so I do not know how they are using the key. Basically if the key is used as FIDO2 SINGLE source of auth, it should ask you the pin. Combination of KEY+PIN is enough to login. What you need is configure the key only as Second factor of authentication (but since I do not know binance, I do not know if it is possible and how to do it.)
![[DRAGON BALL LEGENDS REVEALS & STUFF] LEGENDS FESTIVAL 2024 Special Edition Part 1](http://i.ytimg.com/vi/mV5bGIswTtQ/mqdefault.jpg)
Grazie mille per condividere il tuo knowledge, Sto imparando tantissimo!
Love your Yubikey videos!
Am I right thinking that this does NOT protect from keyloggers, because this is a keyboard emulator?
Correct, this is actually not the perfect use for a second slot. Actually I'm not using it anymore, but it is an option that I need to mention. Also there is the risk that you type the key in some chat (it happened ... more than you can think of) :(
Thank you. very useful info! Super cute cat!
Thanks, in two months we rescued 7 kittens this year 😀, all now have new house
the long touch would be useful for typing credit card number
or setting up a uniform very long password for securing documents or Zip file.
Credit card number is a nice usage, after all you need also to know expire date and CVV. The only drawback is that if you have only 2 keys, the second slot is better to be used with OATH and KeepassXC in my life. I use static password on third and fourth key.
Hello, I liked your yubikey video very much and I applied it, but I have a question on my mind. I put a password on the piv and fido side as you did, but when I use services such as binance on the phone, it does not ask for a password, can I put a password on this? Because I feel so insecure this way.
If the service does not ask for a password it means that is using the key as second factor of authentication. If the service allow you to login only with the key without requiring the PIN, the service is (in my opinion) using the key in the wrong way. You should have two option
Username+password then touch the key (used as 2FA)
PIN+Key (FIDO2)
But touching the key without requiring keyword pin is not security
HAve you tried from an incognito browser tab? (Maybe you are still logged in and the site is asking only the key as 2FA)
@@codewrecks Now, when I check it on the computer, it works properly, first it verifies the pin and then the yubike. But I couldn't verify from the phone (I tried with Google). When I do it from the computer for Binance, it asks for the pin and then the yubike, but only the yubikey is enough on the phone. Is this their problem, right? Also, I installed yubico authenticator instead of authenticator and put a password there. Even if the wrong password is entered repeatedly, nothing happens. Is this normal? So, after a certain number of incorrect entries, there is no reset etc.?
@@slay1_1 If they do not require pin on the phone is their problem (but it seems strange to me because it means that they are only using 2FA part of the key). The password on yubico authenticator is used only to protect the 2FA stored inside the key, but there is not protection against incorrect entries. since it is used only for 2FA there is no need for this kind of protection. (yubico authenticator is the equivalent of google authenticator, with the sole difference that the seeds are inside your yubikey)
@@codewrecks Now I added the yubikey to the tutanota (mail service) phone application and it was added as U2f but it does not ask for my password. I think it doesn't require a password for the phone. Can you check that? Can you check if any phone app requires a password? I made the settings you made, I put a password on the fido side, I put a password on the piv side, but I did not set a password or any settings on the otp side. I made a password from the Yubico authenticator application and the password there works. I think I did something wrong or Yubikey is not working properly for the phone.
When key is used as two factor auth, it does not require the pin. What I suppose is that the application stores your credentials and uses yubikey only as 2FA. Usually all mail app on your phone does not ask credentials every time you open the app, it just stored them securely inside the phone. When you add your yubikey you are adding only the second factor, so it is normal that the pin is not requested.
you should try to uninstall completely the app, reinstall again (or install in a new phone) then verify the login procedure.
No application can use a FIDO2 credential inside your yubikey without entering the pin.
Hi, this an been a good feature to use on the PC, thanks.
Would please know if its also possible to use OTP Long Touch (Slot 2) with an iPhone, I've tried to set-up but with no joy, thanks Paul
I do not have an iPhone so I can't be sure, sorry
Hello, I registered the yubikey to binance Protection, but when binance asks for the yubikey over the phone, I show it to you, but it opens directly without asking for a password. I want it to ask for both yubikey and password, can I do this?
I hope it was explanatory, I wrote it with translation.
I do not use binance so I do not know how they are using the key. Basically if the key is used as FIDO2 SINGLE source of auth, it should ask you the pin. Combination of KEY+PIN is enough to login.
What you need is configure the key only as Second factor of authentication (but since I do not know binance, I do not know if it is possible and how to do it.)