Unlocking The Power Of Your Yubico 2fa Key: Expert Tips And Tricks!

Поделиться
HTML-код
  • Опубликовано: 27 ноя 2024

Комментарии • 133

  • @ShannonMorse
    @ShannonMorse  6 месяцев назад +4

    Links mentioned:Go to my link, yubi.co/shannon-2024 to automatically get $5 off a Yubikey 5 NFC and start securing your accounts today!
    Where to find key covers: www.etsy.com/search?q=yubikey holder&ref=auto-1&as_prefix=yubikey
    amzn.to/440gbD0
    Design info: www.yubico.com/blog/why-we-designed-the-yubikey-the-way-we-did/
    My 2FA Playlist ruclips.net/p/PLeYHKbaShxTE4NCIUP88sEZmW0NgPORSB&si=flzjgeDw4Pv5AQqK

    • @ChrisBogy
      @ChrisBogy 5 месяцев назад +1

      Coupon doesn’t work for the 5 series USB-C. It does work for the USB-A key. What a bummer! I purchased the USB-C anyway without the discount.

    • @xavierlevaux621
      @xavierlevaux621 4 месяца назад

      Link does not work. Trying to buy in Europe a 5C NFC, code is considered invalid.

  • @LazyJones
    @LazyJones 6 месяцев назад +35

    I have a USB-A Neo version from 2012 on my car keychain with a bunch of other keys. Carried in my jeans, dumped in the centre car console, exposed USB-A pins and all. Still working fine with daily use. Basically bomb proof. They don’t need to be coddled

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад +11

      They really don't need to be coddled at all! My oldest one is about that old as well and still works.

    • @Jaabaa_Prime
      @Jaabaa_Prime 6 месяцев назад +3

      Same here, I have a couple of USB-A to USB-C adapters for those that don't support USB-A or NFC. I always have one on my key chain and never had any issues with it.

    • @Dobbo314
      @Dobbo314 6 месяцев назад +3

      I have two Yubico keys, got them over a year ago with a discount from Shannon. One lives on my keychain, the other on a lanyard by my Workstation. The one on my keychain guarantees. I always have one with me.

    • @manny7886
      @manny7886 6 месяцев назад +5

      I have one about that old. I lost it in an airport parking lot where I used to work. Luckily I found it the following day. By the look of it, cars run over it several times. Still works to this day.

    • @2011k1500
      @2011k1500 6 месяцев назад +5

      I've carried one in my pocket on a key ring for all of 5 years. Never had a problem with it. It has never been coddled.

  • @ThatGuy.75
    @ThatGuy.75 6 месяцев назад +4

    I have 2 Yubikey 5 NFC keys and am so happy with them. They are worth the money and security.

  • @n2hobbes
    @n2hobbes 6 месяцев назад +6

    I appreciate that your explanations are always thorough. The house key/locksmith example to explain the concept of security key management is great!

  • @tomg4260
    @tomg4260 5 месяцев назад +2

    Thank you for answering these questions! I've been searching for answers to this stuff but all the videos i've seen are the basic tutorials and why you should use them. This was great.

  • @xileets
    @xileets 6 месяцев назад +1

    Forcing re-auth should be a personal choice. As Shannon says, your life is yours to design for your personal security.
    What I didn't hear Shannon say, if you're being forced to re-auth each time with a password, look for the "skip password when possible setting in security settings", and/or make sure that you're allowing that site to store cookie data on your device/browser. (I'm not making recommendations, just troubleshooting.)
    Great vid as always, Shannon!

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад

      Yup! I didn't go into tons of detail in this overview video, but I have explained similar in my "cookies" video.

  • @OinkPink1
    @OinkPink1 6 месяцев назад +3

    Thanks for this video! The Yubikey I have on my key chain I use a Keyport Pivot 2.0 to protect it from being damaged. Works pretty well.

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад +2

      Thanks for the info!

    • @Makaveli6103
      @Makaveli6103 6 месяцев назад +2

      Bought one after I saw your comment. Great recommendation! It is great and holds the few keys I have and my yubikey.

    • @OinkPink1
      @OinkPink1 6 месяцев назад

      @@Makaveli6103 Awesome! Glad I could help

  • @wjadams2
    @wjadams2 6 месяцев назад +2

    I recently bought a set of 5 NFC yubikeys. This video series has been very helpful. Thanks Shannon!

    • @Jaabaa_Prime
      @Jaabaa_Prime 6 месяцев назад +1

      I bought the coloured sticker skins, so I name them in the various apps with the sticker colour.

  • @frozentwiddlelump
    @frozentwiddlelump 2 месяца назад

    I've been carrying around one of my YubiKeys on my keychain since 2016 and have never had a problem with it. No cover or protection on it, it's banged up and the plastic has some scrapes on it but absolutely no issues with it not working. (I *am* currently replacing them with new ones, just in case since they are almost ten years old...)

  • @Jaabaa_Prime
    @Jaabaa_Prime 6 месяцев назад +4

    One thing I think people really have to do is set a PIN on the YubiKey. If it is lost or stolen it adds another hurdle to authenticating with your hardware token.

    • @Jaabaa_Prime
      @Jaabaa_Prime 6 месяцев назад

      @@beatrix_victoriastation I don't think you understand, the key allows only a limited number of "wrong pins" then it deletes the contents. There is no way to brute force a YubiKey with a PIN.

  • @AngryIrishman0007
    @AngryIrishman0007 6 месяцев назад +1

    Thank You Shannon! Another great video! I wish more websites offered Yubi key. I am sick of being hacked!

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад

      You are so welcome!

    • @AngryIrishman0007
      @AngryIrishman0007 6 месяцев назад

      @@ShannonMorse I am looking for a Ai device modem, VPN, router that has Ai built in that would help prevent hackers. Do you have any suggestions?

    • @VollkinSea
      @VollkinSea 2 месяца назад

      ​@@AngryIrishman0007I don't think you understand where AI would fit into this. Network protection is done through leaving as few holes as possible, just enough for you and your data and nothing else. An AI that somehow had access to your data or machine, that presumably would be trying to stop threats, would be a moving part that's changing configurations beyond their defaults, beyond what "works" and would easily accidentally open up security holes. If you want a secure device that can be set up exactly to your needs, I'd recommend looking for a pfsense/openwrt compatible router or making your own. Open software like that is usually simpler and more secure, as it is held up to much higher testing and scrutiny standards.

  • @ion_q
    @ion_q 6 месяцев назад

    Ahhh, my trusty Yubikey! At my side each and every day!

  • @TomTerrific
    @TomTerrific 6 месяцев назад +1

    Id like to see you do a video about tracking while you are in your car and what if anything you can do to either stop this or reduce it.

  • @freerange1776
    @freerange1776 6 месяцев назад +1

    I accidentally put my 5C nano in the washing machine (it was in my pocket) and then it went through TWO dry cycles until my wife found it getting the next load from the dryer.
    Works fine, no issues. Not recommended, but these things are tough.

  • @usastl1390
    @usastl1390 Месяц назад +1

    Thanks for the videos. They are very informative. If my wife and I each have a Yubikey, can we share a third one as a backup just in case one of the primary keys is lost? We share our bank accounts anyway. We have different login ID to every site.

    • @ShannonMorse
      @ShannonMorse  Месяц назад

      Yes you can. Just add that third yubikey to each site like you usually would. If you have more than one login for a website, the Yubikey won't care - it can be added to both logins.

    • @usastl1390
      @usastl1390 Месяц назад

      Thanks!

  • @timherty5238
    @timherty5238 3 месяца назад

    I have them on my Keychain. I sit on them, throw them arround, they get wet but they never break.
    I really enjoy that all recent Versions of SSH support SK Type keys. So more more fiddeling with OpenPGP for SSH.

  • @AirmanDan916
    @AirmanDan916 6 месяцев назад

    Great video, Shannon. I do enjoy this series. @6:03 that jeans pocket was designed for a pocket watch.

  • @JoePesos
    @JoePesos 5 месяцев назад +1

    I have had a usb-c nfc on my keychain with a bunch of keys for years, no protection at all. It has always worked flawlessly durability is not a significant concern.

  • @pudelz
    @pudelz 6 месяцев назад

    Interesting about the cases for the yubikey, I always keep my main one (5C NFC) on my keychain with one of those little lanyard things. On the same keychain, I have a flash drive (also with a lanyard) with my house keys. These come with me daily, multiple times a day too since the dog demands her walks! 😂 I haven't had any issues though I do keep a spare in a safe just in case I do ever destroy/lose it. I did start to get chipped corners before the 5 series but it still worked and obviously eventually replaced it when the 5 series was released.

  • @netuser258
    @netuser258 5 месяцев назад +1

    I keep hearing passkeys don't require a password but I see most implementations require a pin code, which is something you still have to know and type. Is this an optional layer of security?

  • @jeffhale1189
    @jeffhale1189 6 месяцев назад +2

    Thanks for sharing. Blessings on your day.

  • @DerekWilsonProgrammer
    @DerekWilsonProgrammer 6 месяцев назад +2

    A good tip is if you have multiple keys, take some nail polish or mark them some way to differentiate between them. I put some dots in different colors, and name the keys after the colors. So if I have a red key and a green key, and I lost my green key, I can go into the website and delete that green key.
    Also, to correct a misunderstanding out there - these 'touch to activate' they don't use your fingerprint, they don't store your fingerprint, it's just like pressing a button. Just in case some website randomly asks you for your key, and you're not setting up authentication, that you don't touch it and cancel the prompt.

  • @speedracer9132
    @speedracer9132 6 месяцев назад +1

    I understand the premise of asking an out of state friend/family to store a backup, but how do you update it when you add new accounts? Sounds like a burden on whoever is storing the backup if they need to send it back to me once in a while

  • @MarceldeJong
    @MarceldeJong 6 месяцев назад +1

    I find the keys quite expensive (even with the discount), especially considering you advise people to buy 2.
    And perhaps yubico should provide a multi pack. (2 for 90 or something like that)

    • @Supermath101
      @Supermath101 6 месяцев назад +2

      If you only need the FIDO2 capabilities, the Security Key series is $25-$29 per key.

  • @saltycrusader3107
    @saltycrusader3107 2 месяца назад

    I have a question, should I be putting my spare keys in a faraday/emp bag? Or would they be A. “Protected” already or B. For some reason be damaged by being in one of those bags

  • @Fuxy22
    @Fuxy22 6 месяцев назад

    They're fine on a keychain... it's pretty much all covered (injection molded) in plastic... you are more likely to loose it if you keep it in a case separately.

  • @gilbertgiroux1115
    @gilbertgiroux1115 3 месяца назад

    Thank you Shannon

  • @evodefense
    @evodefense 6 месяцев назад

    Oh and add a magnetic USB break adapter and run buskill with a lanyard around wrist like a jetski kill leash, autolock!

  • @Firecul
    @Firecul 6 месяцев назад

    3:30 A one time purchase, apart from everyone recommending you buy 2 of them.

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад +1

      Buying two at once is still a one time purchase. There is no subscription fee or membership. 😊

  • @Panicthescaredycat
    @Panicthescaredycat 6 месяцев назад

    Can you answer this question please.. If I'm using Bitwarden, and have 2FA running on it too, but only way to access my Bitwarden is having my yubikey, is this safe? Or do you recommend not having 2FA's on Bitwarden in general?

  • @MrEric377
    @MrEric377 6 месяцев назад

    Ok, you convinced me, but I want to use the $5 discount, but will not let me get the
    YubiKey 5C NFC 😞

  • @zaffora
    @zaffora 6 месяцев назад +1

    With passkeys being accepted so widely now, is it worth a non celebrity to purchase a $50 more more hardware 2fa key?

    • @gotaproblemwithmyname9331
      @gotaproblemwithmyname9331 6 месяцев назад

      I think the real question to ask is how much damage could someone do to you if they had access to your important account information. Also consider your understanding of security, you may not have much exposure to bad habits. If 50$ can save you frome losing that money and you aren't 100% confident in your security habits, I say it's worth it easily

  • @jbinfa7k
    @jbinfa7k 6 месяцев назад

    Some websites still only accept one phone with a camera (biomatric) to create PassKeys and no secondary Passkeys allowed. The problem is that I could not trust a phone as much as a hardware key.
    The waiting is just too long.

  • @michaelekpo4011
    @michaelekpo4011 6 месяцев назад

    Great video Shannon! Quick question: How does having your Yubico key scanned with x-ray while going through a security check at the airport affect the functionality of your 2fa key?

    • @LazyJones
      @LazyJones 6 месяцев назад +1

      I travel with mine quite a bit and they don’t seem to be impacted at all by X-ray. It’s just the same as throwing your laptop and mobile through

    • @michaelekpo4011
      @michaelekpo4011 6 месяцев назад

      @@LazyJones Thanks! I've had my laptop scanned multiple times too. Currently studying for one of the CompTIA certifications and I came across somewhere that suggests you could request the security officials at the airport to do a manual check of your laptop instead of sending it through the x-ray to prevent any damage to the internal components. That left me thinking that a 2fa key might suffer same fate.

    • @LazyJones
      @LazyJones 6 месяцев назад +1

      @@michaelekpo4011 Always a risk I guess. Has to be weighed against the risk of being delayed while they do a cavity search because you asked for something odd and made them do some additional work. I’m the type of guy that installs PC hardware without a static strap, so take my advice with a grain of salt 😀
      Gamma irradiation sterilisation, that can sometimes occur to baggage, is probably where the “Xray damages hardware” myth came from. Gamma will mess up a lot of hardware but I’ve never had Xray do that.

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад +1

      I wear an anti static strap when I record myself on video building pcs... But I sure as heck throw my laptop in an X-ray and don't wear one of those straps whenever I build pcs off camera 😂😂😂. I think we are overly cautious sometimes as a whole. My circumstances don't really need that much caution. (And my devices are all fine).

    • @LazyJones
      @LazyJones 6 месяцев назад +1

      And besides, that's what the stickers on your laptop cover are for; Gamma, Cosmic and X-ray blocking. It's why Yubikey sell the vinyl skins ;)

  • @2011k1500
    @2011k1500 6 месяцев назад

    I have three Yubikeys. Occasionally I will misplace one...or maybe leave it at a friends house. I get real uncomfortable taking my only key out of the house when that happens. I've never lost one. The thought of being down to one key makes me uncomfortable. I don't like to set up codes as a backup if I don't have to. It is one more way for hackers to try and get in. I like just one way in.

  • @Ice_2192
    @Ice_2192 2 месяца назад

    What if someone has your yubikey and they have their own which is managed on their own yubikey app on windows and they plug yours in. They will still see the websites you log into and will only need the user and pass right (assuming you didnt put an additional 6 digit code everytime you use yours)?

  • @loneranger5928
    @loneranger5928 6 месяцев назад

    On installing yubico key a message flashed up handshake was captured. Is that normal?
    Thanks Shannon 👍

  • @patriciapification
    @patriciapification 6 месяцев назад +2

    Wow they have been around for over a decade and doesn't come with a cover to avoid dust/damage 🤨

  • @HoPPa8SkiT
    @HoPPa8SkiT 6 месяцев назад

    When will the ability to use Yubico instead of fingerprint or pin unlock the phone? It would have been something.

  • @loneranger5928
    @loneranger5928 6 месяцев назад

    Hi Shannon, on installing a Yubico key, a message flashed up on screen. Handshake was captured. Is that normal ?

  • @psychosmurfer
    @psychosmurfer 6 месяцев назад

    This may be a daft question, I recently got 2 yubikeys. I attempted to connect them to one of my gmail accounts. I ran into a problem where it didnt matter which key I used first it would then tell me I could not assign a key meaning I could never set up a backup key. I ended up deleting the key that I had set up as I didnt want to risk being locked out if I lost this ne key. Is this something you can advise on?

  • @evodefense
    @evodefense 6 месяцев назад

    What about the yubikey static password options, I type in a password then add the static password to the end so its less shoulder surfing vulnerable + it adds 32 extra characters to my memorized password.

  • @99999me1
    @99999me1 6 месяцев назад

    I've had my google fido1 on my keychain for 4 years.
    NFC still works but usb stopped working after 2 years. It's not detected when I plug it in a computer...

  • @garryholmberg6502
    @garryholmberg6502 6 месяцев назад

    I went to login to RUclips in my Tesla vehicle, on built-in screen. It asked for my YubiKey and I was like YIKES!, but after reading the screen more, I saw if I canceled I could choose another option to authenticate and thankfully I had also enabled my 2FA authenticator. So in some cases you may find the device won't accept a Yubikey. The Tesla may accept a Yubikey as there are USB ports, but I wasn't sure that would work, so I was glad I had enabled a second 2/M FA option. Anyone know if you can use a Yubikey to authenticate to Google in a Tesla?

  • @jmr
    @jmr 6 месяцев назад

    I like to name my keys and label them so I can tell which key might have been lost and which keys need to be added to an account. Otherwise it get's tricky fast.

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад

      Yup, that's what I do too! That's why the key I always show on my channel has that rainbow sticker on it.

  • @RowlandSaer
    @RowlandSaer 6 месяцев назад

    Hi, trying to buy 2 usb c keys but the system only applies the coupon to the usb a key, is that normal? do you have a link for usb c keys?

  • @kev2020-z9s
    @kev2020-z9s 6 месяцев назад

    2 problems with the yubikey. 1: flat contact area .I have had usb with flat contact area and they don't always make contact.2: Why doesn't the contact area retract back in like some usb key do.

  • @10_Roads
    @10_Roads 3 месяца назад

    Why do google need to see the make and model of the key? Is there any way to bypass this on Windows? My friend on Linux could just select "no" and still get the key working.

  • @Dreamneverdie.
    @Dreamneverdie. Месяц назад

    when sign in to gmail with yubico windows security does not show security key the one i used to enter with yubico i dont know why

  • @saltycrusader3107
    @saltycrusader3107 3 месяца назад

    My question is, how likely is it that people can spoof yubikeys?

  • @Jaabaa_Prime
    @Jaabaa_Prime 6 месяцев назад

    5:32 So USB-C isn't durable for a hardware security token? An additional layer of damage protection for the HW is required? My "old" USB-A token (5th gen USB-+NFC) has been serving me well in my pocket on my keyring (with change, and all the other stuff that trouser pockets endure).. I think that the Lightning key is as hardy, but I really never thought of the "delicate" USB-C connectors being a problem, but they obviously are. Thanks for the heads up, sticking to hardier USB-A tokens in the future.

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад

      That's not what I said. If I was carrying a USB-A token, I'd put it in the same zippered pouch or pant pocket as well.
      tbh though, all of mine are still in excellent condition, including my older USB-A ones. I've shown all of them in my playlist of 2fa vids.

    • @Jaabaa_Prime
      @Jaabaa_Prime 6 месяцев назад

      @@ShannonMorse I was wondering though, you said about things being able to "poke the inner pieces of this little port". I think that statement is absolutely correct, if I had Key with USB-C, I would definitely want to keep that delicate connector protected. What we have been saying though, is without any additional protection, the older USB-A style keys are still going strong.

  • @janokartal5690
    @janokartal5690 6 месяцев назад +1

    Nice one 😊

  • @ion_q
    @ion_q 6 месяцев назад

    Wait if I get my new Yubikey, can my account be inked to 2 seperate keys?!

    • @AlexandruCucu
      @AlexandruCucu 6 месяцев назад

      Usually the answer is yes. Personally, I use two Yubikeys and a software passkey from Bitwarden for most of my accounts.

  • @kev2020-z9s
    @kev2020-z9s 6 месяцев назад +1

    Can you use then if you run linux os?

    • @bugdozer314
      @bugdozer314 6 месяцев назад

      Yes, everything seems to work fine on relatively modern distro (and has for several years). I use PopOS (ubuntu based), and the Yubikey Authenticator app is a simple package install already in the base repo. This includes browser integrations (chrome + firefox).
      If you want to use Yubikey for SSH key generation, prefer the 5 series. Either the 4 or 5 series works fine for OTP and U2F/FIDO stuff.

    • @StephanieDaugherty
      @StephanieDaugherty 6 месяцев назад

      Works perfectly well on Linux, on some really old distros you might have to tweak some udev rules before it works as a security key.
      Anything vaguely modern, and it will work out of the box on Linux. And all the various utilities that go with it work on Linux, such as yubioath (used for TOTP), or the personalization tool (used for configuration of some of the more obscure protocols the yubikey supports)
      If you just want it to work as a security key though, it will just work, and you won't need any extra software

    • @AlexandruCucu
      @AlexandruCucu 6 месяцев назад

      They works as a HID device so no special drivers are needed.

  • @BobCollins42
    @BobCollins42 6 месяцев назад

    I love the whole concept of a security key, but the sites that I care about just don't support them.
    Lack of support by important services such as financial are the real problem. Showing us how wonderful they are doesn't seem to be moving the needle.
    Sad.

  • @daneshskater101
    @daneshskater101 5 месяцев назад

    coupon code not working on site

  • @ichigokurosaki7945
    @ichigokurosaki7945 6 месяцев назад

    Security say's aaaah. Everyday😂😂😂😅

  • @ion_q
    @ion_q 6 месяцев назад

    I heard the username as " At Nip Dawg" hahaa

  • @MarshallLevin
    @MarshallLevin 6 месяцев назад

    9:34 that sounds like a huge pain

    • @ShannonMorse
      @ShannonMorse  6 месяцев назад

      not really, if you also use a password manager they will autofill.

  • @Longjohnsilver58
    @Longjohnsilver58 6 месяцев назад +2

    I am new to security keys. I like them a lot, but there are two things people must understand. One, you need to make sure you think about OTHER 2FA’s. If you leave phones, emails, passkeys, or biometrics turned on, then you and hackers can still go around your security key. You need to turn that stuff off or remove it if you want to go all in on security keys. Two, just because a particular company allows keys for their website does not mean they also allow them for their app. Vanguard is one such company. Even you opt not to use the app, a hacker can still get in if they figure out your password and your security question (Assuming you leave 2FA by cell phone or email turned off). Don’t get me wrong, this is good, but it’s not on the same level as a security key. This oversight does not speak well of the company, but aside from that, it is important you check both websites and apps to make sure they are both work.

  • @ginabray2574
    @ginabray2574 6 месяцев назад +1

    I wasn’t signing into a new device I had purchased 100 and $200 at least on three UB keys. Nobody gives the barn and I had to change my 20 year banking routing and account you know and now you’re saying all I need is one key I have never heard that but then again Iwatch pay it forward and generally their spot on two keys is a mandatory and I’m speechless

  • @JohnDoe-fk6id
    @JohnDoe-fk6id 6 месяцев назад +1

    When is someone going to make a wearable ring that operates like a yubikey, and is usable for U2F authentication? I want one, but all the smart rings either require charging, or can't do U2F

  • @gabsriel
    @gabsriel 6 месяцев назад

    Definitely not ready for general public....

    • @vmobile890
      @vmobile890 4 месяца назад

      Was viewing yubikey and pass key youtube explaining good bad ugly . This system is fairly new and could be years before yubikey and passkeys replace all passwords . There is overwhelming options things to for everything to work perfect all the time .

  • @Blyyyth
    @Blyyyth 6 месяцев назад +1

    Snubbs, why are Yubikeys so poorly packaged with how to instructions. No mention of setting master codes that need to be shared across backup keys.

  • @ginabray2574
    @ginabray2574 6 месяцев назад

    Everything you’re saying makes no sense to me bought the keys so I would feel safe and secure because I don’t trust technology. PERIOD I had three and still I can’t get into anything. It’s like they don’t know who the hell I am this really stinks and, Apple gave me a password for Apple for Google and it goes back like I don’t want 2008. I have 1000 songs on that devices and apples asking me if I have two Apple IDs I don’t they think I purchased I never knew iCloud turned into iTunes turned into Apple ID, my husband passed so nobody kept me up 2-date you can’t even respond to me because that is an old Google account from 2010 or even before then because Facebook everything I was going to just keep everything Apple and start face start everything third-party over again. Will Apple premier one that’s part of three party is really not helping people that need help, and I say that and all sincerity

  • @CedroCron
    @CedroCron 6 месяцев назад

    Shannon, I found that you were shouting in this video whereas your other videos were a lot more mellow. I'll be honest, I didn't enjoy this video because it felt like you were talking at me and not to me. Just some feedback. Cheers.

  • @elsuperpollo2273
    @elsuperpollo2273 6 месяцев назад

    Ubi keys are a waste of time, just above in linux on a device and use one password.