Nicely done video. I do have one question, why is it that most banks and investment houses don’t support security keys and authenticators and rely pretty much SMS 2FA even now in 2024?
This will walk through how to use the Yubikey as a Security Key, and as an Authenticator for OTP (Just like Google Auth for example). I also talk about some other key tips about 2FA Two Factor Authentication, and other tips. NOTES: - The button I clicked in the Yubikey App is behind my round video of me. - I did not talk about options when adding an account in the Auth App. There are a few different options, but one important note is you should change SHA-1 to SHA256, when adding your Secret Key. - Always have a backup option/device. ~~~~~ - TIMESTAMPS - 00:00 Introduction 00:16 What 2FA and Benefits 01:42 2FA Options 03:32 Yubikey Overview and Options 07:08 Yubikey Authenticator App Install 11:17 DEMO - YUBIKEY SECURITY KEY 13:12 DEMO - YUIBKEY AUTHENTICATOR 19:07 Yubikey - Computer Login 21:24 Yubikey - SSH 23:15 Google Authenticator 24:52 SMS and Sim Lock 26:14 Outro ~~~~~ LINKS Yubikey Options - www.yubico.com/store/compare/ Yubikey Authenticator WINDOWS - www.yubico.com/products/yubico-authenticator/#h-download-yubico-authenticator Yubikey Authenticator LINUX - support.yubico.com/hc/en-us/articles/360016649039-Enabling-the-Yubico-PPA-on-Ubuntu Yubikey Login Tool - www.yubico.com/products/computer-login-tools/ Yubikey Windows Login Guide - support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide Yubikey Linux Login Guide - support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F Yubikey SSH - developers.yubico.com/PGP/SSH_authentication/ Yubikey Windows SSH - developers.yubico.com/PGP/SSH_authentication/Windows.html Yubikey Linux SSH - gist.github.com/artizirk/d09ce3570021b0f65469cb450bee5e29 Yubikey Linux SSH (Additional Article) - www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ LearnLinuxTV Yubikey Guide for Computer Login + SSH - ua-cam.com/video/INi-xKpYjbE/v-deo.html ~~~~~ CONTACT: - Twitter: Also listed in the links section - twitter.com/holymacaronee - twitter.com/epochsec_io - Email me: epochsec.io/contact-form/ - Calendar Meetings: epochsec.io/contact/ - Discord: holymacaroni (0989) Documentation: - epochsec.gitbook.io/ - epochsec.io/blog/ ~~~~~
Thanks for the instructions! One question about your remark about changing the SHA: I just tested this with one Code of mine in Aegis and with this one test, I could't change the SHA. Could it be that the SHA is determined by the 'secure key' and can't or shouldn't be changed (maybe because the then generated OTP-codes are wrong and won't work 🤔)?
Hey unmapped! Do you remember where in the video I talked about SHA? But you are absolutely right though! SHA is a hashing function (not an encryption algorithm), and so it is used for data integrity. If a SHA changes, then that means the data it is created from, isn't the same data. The SHA is determined by the secure key. It is always to determined by the thing/data/etc it is created from. That is a very broad way of articulating that, but I hope it helps. Let me know :)
Ohh!! Yes yes. So I definitely didn't word that very clearly. Thanks for catching that. So what I was saying was that when you go to "add an account" to add twitter or whatever you are using, before you hit "save", click the Sha-1 option and choose Sha-256. You have to do it when you are adding the account. But yea your thought, is correct! And no problem at all :)
@@EpochSec Okay, now I was confused and tested it further... I just added one of my secret keys in the Yubico authenticator manually with SHA-256 and SHA-512. (when I scan the QR-code, I could not choose one SHA-option manually...) The OTP codes created with SHA-256 and SHA-512 were not valid (= I couldn't log in). So it seems to me now, that you can not choose the SHA or otherwise your OTP-codes won't work. - Too bad, because it made sense to me when I read your description commentary to enhance the encryption, but it seems to be completely determindet by the secret key offered to you. Maybe you should try it yourself - maybe I miss something here - but if not, the commentary in the description should be editet or delete. ;-)
I have just received a Yubi 5 NFC key and Yubi 5C NFC key. I have not yet set up the keys. I intend to use it also for an authenticator. I am thinking of just scanning the photos of my existing authenticator FreeOTP app) QR code into the Yubi authenticator. Is this wise?
Could you color me confused? You said in your video all you need is the Yubikey nothing else then in the next breath you start talking about the Yubikey app that you download. Could you clarify this, please?
Sure thing. So if you are only using the yubikey as a security key, then you only need that and nothing else. If you are using the yubikey for the OTP/TOTP, such as you would with the Google authenticator, then you need the yubikey and the authenticator app for yubikey. For example, if you have twitter, look in the section where you can add 2fa (I covered that in the video), you will see security key and also authenticator app. You only need the yubikey device for security key option. But you need the yubikey device and yubikey authenticator app for the authentication app option. I hope that helps! If you need any other clarification just let me know.
Buying two, one as a backup, would require the backup device to 'know' the configuration of the primary device. Apparently the Yubikey management app has to be used to clone the primary device data, and presumably the backup needs regular updating?
Hey alrichmond, in short, yes. You are right with your thought. Except you only have to do it once, during the registering of the yubikey, primary and backup. And they aren't linked together. Here is a reference article, as well as another video. Sorry for the late response! www.yubico.com/products/spare/ ua-cam.com/video/0iq0BgiKlWM/v-deo.htmlsi=maGdg9B2SMnzb8m1
I have bank accounts in which the website does NOT have settings option for 2FA. (I was told their websites use "security".) How does a Yubico security key work?
Banks don’t currently support security keys, to my knowledge they don’t even support app 2FA, they only use SMS. Kinda strange to think our Facebook accounts can be far more secure than our bank accounts
Nicely done video. I do have one question, why is it that most banks and investment houses don’t support security keys and authenticators and rely pretty much SMS 2FA even now in 2024?
I learned some very important information from your video. Thanks for taking the time to show and explain in detail what to do.
This will walk through how to use the Yubikey as a Security Key, and as an Authenticator for OTP (Just like Google Auth for example). I also talk about some other key tips about 2FA Two Factor Authentication, and other tips.
NOTES:
- The button I clicked in the Yubikey App is behind my round video of me.
- I did not talk about options when adding an account in the Auth App. There are a few different options, but one important note is you should change SHA-1 to SHA256, when adding your Secret Key.
- Always have a backup option/device.
~~~~~
- TIMESTAMPS -
00:00 Introduction
00:16 What 2FA and Benefits
01:42 2FA Options
03:32 Yubikey Overview and Options
07:08 Yubikey Authenticator App Install
11:17 DEMO - YUBIKEY SECURITY KEY
13:12 DEMO - YUIBKEY AUTHENTICATOR
19:07 Yubikey - Computer Login
21:24 Yubikey - SSH
23:15 Google Authenticator
24:52 SMS and Sim Lock
26:14 Outro
~~~~~
LINKS
Yubikey Options - www.yubico.com/store/compare/
Yubikey Authenticator WINDOWS - www.yubico.com/products/yubico-authenticator/#h-download-yubico-authenticator
Yubikey Authenticator LINUX - support.yubico.com/hc/en-us/articles/360016649039-Enabling-the-Yubico-PPA-on-Ubuntu
Yubikey Login Tool - www.yubico.com/products/computer-login-tools/
Yubikey Windows Login Guide - support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide
Yubikey Linux Login Guide - support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F
Yubikey SSH - developers.yubico.com/PGP/SSH_authentication/
Yubikey Windows SSH - developers.yubico.com/PGP/SSH_authentication/Windows.html
Yubikey Linux SSH - gist.github.com/artizirk/d09ce3570021b0f65469cb450bee5e29
Yubikey Linux SSH (Additional Article) - www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/
LearnLinuxTV Yubikey Guide for Computer Login + SSH - ua-cam.com/video/INi-xKpYjbE/v-deo.html
~~~~~
CONTACT:
- Twitter: Also listed in the links section
- twitter.com/holymacaronee
- twitter.com/epochsec_io
- Email me: epochsec.io/contact-form/
- Calendar Meetings: epochsec.io/contact/
- Discord: holymacaroni (0989)
Documentation:
- epochsec.gitbook.io/
- epochsec.io/blog/
~~~~~
Thanks for the instructions! One question about your remark about changing the SHA: I just tested this with one Code of mine in Aegis and with this one test, I could't change the SHA. Could it be that the SHA is determined by the 'secure key' and can't or shouldn't be changed (maybe because the then generated OTP-codes are wrong and won't work 🤔)?
Hey unmapped! Do you remember where in the video I talked about SHA? But you are absolutely right though! SHA is a hashing function (not an encryption algorithm), and so it is used for data integrity. If a SHA changes, then that means the data it is created from, isn't the same data. The SHA is determined by the secure key. It is always to determined by the thing/data/etc it is created from. That is a very broad way of articulating that, but I hope it helps. Let me know :)
@@EpochSec Hey, thanks for the reply! You didn't talk about it in the video but wrote about it in the description of the video.
Ohh!! Yes yes. So I definitely didn't word that very clearly. Thanks for catching that. So what I was saying was that when you go to "add an account" to add twitter or whatever you are using, before you hit "save", click the Sha-1 option and choose Sha-256. You have to do it when you are adding the account. But yea your thought, is correct!
And no problem at all :)
@@EpochSec Okay, now I was confused and tested it further... I just added one of my secret keys in the Yubico authenticator manually with SHA-256 and SHA-512. (when I scan the QR-code, I could not choose one SHA-option manually...) The OTP codes created with SHA-256 and SHA-512 were not valid (= I couldn't log in). So it seems to me now, that you can not choose the SHA or otherwise your OTP-codes won't work. - Too bad, because it made sense to me when I read your description commentary to enhance the encryption, but it seems to be completely determindet by the secret key offered to you. Maybe you should try it yourself - maybe I miss something here - but if not, the commentary in the description should be editet or delete. ;-)
I have just received a Yubi 5 NFC key and Yubi 5C NFC key. I have not yet set up the keys. I intend to use it also for an authenticator. I am thinking of just scanning the photos of my existing authenticator FreeOTP app) QR code into the Yubi authenticator. Is this wise?
Could you color me confused? You said in your video all you need is the Yubikey nothing else then in the next breath you start talking about the Yubikey app that you download. Could you clarify this, please?
Sure thing. So if you are only using the yubikey as a security key, then you only need that and nothing else. If you are using the yubikey for the OTP/TOTP, such as you would with the Google authenticator, then you need the yubikey and the authenticator app for yubikey.
For example, if you have twitter, look in the section where you can add 2fa (I covered that in the video), you will see security key and also authenticator app. You only need the yubikey device for security key option. But you need the yubikey device and yubikey authenticator app for the authentication app option.
I hope that helps! If you need any other clarification just let me know.
Buying two, one as a backup, would require the backup device to 'know' the configuration of the primary device. Apparently the Yubikey management app has to be used to clone the primary device data, and presumably the backup needs regular updating?
Hey alrichmond, in short, yes. You are right with your thought. Except you only have to do it once, during the registering of the yubikey, primary and backup. And they aren't linked together. Here is a reference article, as well as another video. Sorry for the late response!
www.yubico.com/products/spare/
ua-cam.com/video/0iq0BgiKlWM/v-deo.htmlsi=maGdg9B2SMnzb8m1
I have bank accounts in which the website does NOT have settings option for 2FA. (I was told their websites use "security".) How does a Yubico security key work?
Banks don’t currently support security keys, to my knowledge they don’t even support app 2FA, they only use SMS.
Kinda strange to think our Facebook accounts can be far more secure than our bank accounts