Really enjoy getting questions and hearing about your success with BitWarden. Please continue to provide feedback & help others who may benefit. That is why we created the channel. Happy Computing! Shout out to Soulja peet & Gibbons for their great questions & detailing their experiences.
Totally agree. We did a video on all the 2FA methods including FIDO2 WebAuthn ua-cam.com/video/f3pY9LJAHPk/v-deo.html. Thanks for commenting & subscribing!
why didn't you select yubikey within Bitwarden? Can you explain the difference between doing that and choosing authenticator, as you did in the video? Thanks!
Great question. In order to select yubikey you have to have a paid subscription. The process with yubikey is actually simpler, since you just plug in the key and phyically touch the key. It is like the process shown on our other email vídeos for yubikey authentication. Thanks for the feedback.
Keep in mind that of your email is secured with a yubikey having a yubikey on the Bit Warden vault is somewhat redundant. But if you have accounts that don't support yubikey then is wise to secure them in the vault with yubikey.
@@CyberMedics Thanks for your replies. I finally got 3 yubikeys setup with bitwarden, however, I'm only prompted for 2FA when I completely log out of bitwarden. It would be nice to have 2FA every time I log into Bitwarden with either pin or master password. Pin + 2fa would be best, as I don't like typing in master so often in case a key logger is present. What do you think?
@@gibbons7047 Agree. I've been thinking about doing another video with bitwarden. Is there anything in particular you'd like to see? It's been the most popular video on the channel so far.
@@gibbons7047 I missed part of your question. If you want 2FA every time, Go to "Settings", "Vault Timeout", Select "Browser Restart", Under "Vault Timeout Action" Select "Log Out". This will force 2FA every time. Let me know if it works for you.
Super question. Thank you. You can, but we have not used it yet. If you do let us know your results bitwarden.com/blog/log-into-bitwarden-with-a-passkey/
Nice video I have an important question. I don’t have a PC or laptop, just a smartphone. Can I register and setup my yubikey just with my phone? If yes, how I do it? Everytime I think it wants to be in an USB slot to finish the setup. Or I am just dumb 😅
It is not dumb and the process can be confusing. Short answer is yes. Longer answer; in order to provide help we need more information. One of the main reasons we started the channel to help people secure their online accounts. What specific key are you using? What phone (android/iphone)? What accounts are yo trying to secure on the phone? Do you wan to use the key as a hardware token (U2F/FIDO 2) with physical touch? Do you want to use the key for storing TOTP codes for the authentication app? Don't be overwhelmed. You've made an important decision to protect your online account identity. It would be our pleasure to walk you through the process.
My first response may have been more than you need. If you are just trying to add the key to BitWarden, via the phone then you just need to logon to your account in a browser on the phone. Complete details are included in our How to Secure Bitwarden with 2nd Factor Authentication ua-cam.com/video/f3pY9LJAHPk/v-deo.html.
Iam not a techguy, so maybe iam getting this wrong. But if I would install bitwarden and secure it with a yubikey as suggested, and I also would use the same yubikey for 2FA on different websides, as also suggested in different videos. First would this be possible, how much space does a yubikey have? Second would it make sense, or would that mean putting all eggs in one basket? Or if I secure bitwarden with a yubikey, I no longer have to use the options on different websides for 2FA because Bitwarden+Yubikey is already 2FA? Seems I didn’t understand it completely, can anyone help?
"if I would install bitwarden and secure it with a yubikey as suggested, and I also would use the same yubikey for 2FA on different websides, as also suggested in different videos. First would this be possible, how much space does a yubikey have?" Our updated BitWarden 2FA video is here: ua-cam.com/video/f3pY9LJAHPk/v-deo.html Yes you can use the Yubikey (U2F/Web Authn) on as many sites as you want. Each private/public key pair is dynamically generated and takes up no memory in the key. If you use the Yubikey to store OTP there is a maximum of 32 accounts.
"Second would it make sense, or would that mean putting all eggs in one basket? " Are you referring to putting all your PWs in the vault as to "putting all your eggs in one basket"? Yes, putting all your PWs in the vault does centralize them, but they are encrypted with your master password. The stronger your master the password the better. Securing the vault with a hardware key makes the vault practically un-hackable . You could also consider a double blind method for storing your passwords. Please see our video: ua-cam.com/video/pQ7ETiPfmqk/v-deo.html.
"Or if I secure bitwarden with a yubikey, I no longer have to use the options on different websides for 2FA because Bitwarden+Yubikey is already 2FA? Seems I didn’t understand it completely, can anyone help?" When you secure Bitwarden with Yubikey, you are only protecting your passwords. Think of it as your passwords written in a notebook stored in a physical vault, where you need a key to open it and access the passwords. Even though Bitwarden will automatically login with your password you will still need to be secured with 2FA...preferably a hardware key. For example: I always login to my vault first with a HW key, then I access my email. Bitwarden logs in my ID & PW....then my email account requests my 2FA method (a HW key). Once I provide the HW key, I'm logged into my email. Your questions are supper! Please let us know if this is clear or if you need any help.
@@CyberMedics First thank you for all your time and effort to answer my Questions! This last Example was exactly what I was thinking about and referring to. If I use a Hardwarekey, to fill in my ID and Passwort at a webside, would it technical be possible to use the same Hardwarekey for 2FA-of that same webside? And if so, would it be wise, from a security point of view, to use the same Hardwarekey? Wouldn’t that mean I put all eggs in one basket, meaning ID+Passwort+2FA all in/on/via the same Hardwarekey, could this be still smart?
Happy the video was helpful. We have a lot of content on device & account security. Let us know if you have any particular interest. Thanks for commenting & subscribing.
Hi friend dikit kalembang na kita very nice content. thanks for sharing. stay safe and God Bless!!! sana makadaan ka din sakin stay connected lodi, 😊😊❤️❤️
It is secure but it is very time consuming. It would be much better if All the login Informations are saved and autofilled every where, but with the difference that you are only able to autofill on that specific device/xomputer/Phone. So that the whole 2FA is only needed if someone logs into your Account on a Different New device in a Different country/City.... is this possible?
It is possible to set it up to require 2fa on the computer. That's the way we have it set up to clear the cookies from the account so that every time you log in it requires you to add your second Factor Authentication. On the phone it always requires you to log in again with either your PIN code or your biometric / face ID. Thanks for commenting and subscribing please let us know if you need any help or have any other questions
That's the way we have it set up on the phone. Still have to attend a cake to the phone but it will autofill once you've attended Catoosa phone for the account
@@CyberMedics thank you very much, I ordered 2 yubikeys and I will See. I am not Sure if it was the right decision because now I read that passkeys (in the Devices) will male the yubikeys mostly obsolet
@mh7711 Passkeys are a device implementation of the functionality of a Hardware security key. The major concerns with passkeys: It is stored on the device. If for some the device fails the passkeys would be lost along with the device. This is also a risk with the hardware keys, but the hardware keys are more reliable than most electronic devices. We believe the passkey has a greater attack surface. Why? If someone gets access to an open device with passkeys there is a high probability that they will also now know all the accounts associated with the passkey, since most of those accounts will be on the device (most likely) the phone. If someone steals a security key all they have is the key, but no direct knowledge of the accounts associated with the security key. Device theft is much more likely than security key theft. Summary: We believe a properly secured/backed up hardware key is more secure than a passkey. You made the right choice. Authentrend's biometric key implementation is probably the most secure key available, since the key requires fingerprint authentication and does not lock up the key after 3 failed attempts.
I really don't get the point of this. If you lose your Yubikey or you break them (not that impossibile unless you have 4-5 of those in different houses) you must have another software 2FA backup. So really there's no added security since an hacker could just use the less secure form of 2FA, making it pointless to spend money on an hardware key. Is there something that I'm missing here?
Intelligent and well thought out questions! Super enjoy these types of queries. Correct, you must have a second form of backup if you lose your key. But is does not have to be a less secure method of 2FA. Ideally it is a second key in a secure accessible location. Most accounts, when you secure them with a key give you a backup code for account recovery. No-one can get access to your account with a less secure method of 2FA. In this case, it is just the key & your backup code. Authenticator apps are a good alternative, but if someone gets access to your device, they could possibly get access to your time based, one time passcodes (TOTP). Also, if you lose the device, you’ve lost access to the authenticator. However, before you scan the QR codes you can manually copy the software security key and back that up. This would allow you to reconstitute the account on a new authenticator device. A second vulnerability of authenticator TOTP is: you can possibly be tricked to inputting your TOTP into a fake site (called man in the middle attack). This vulnerability does not exist with hardware security keys. But….any form of 2FA is more secure than just a password on the account. Cell phone txt messages are the least secure form of 2FA. These codes are transmitted in the clear based on 1970 technology with no built in security. Please let us know what specific accounts are you considering for 2FA. We would love to help you out. Please see our more detailed video on how to secure BitWarden with 2FA: ua-cam.com/video/f3pY9LJAHPk/v-deo.html Also consider hitting the “Like” & “Subscribe” to show support for us helping others with technology. Thank you!
@@CyberMedics Got it, thank you. Honestly as a student I just can't afford them, but I see your point. I think I'll just wait for a few years hoping that more websites will support these keys
@@francescofra751 Please see our video ua-cam.com/video/imgXU5ahTA8/v-deo.html. It covers everything you need for free authentication app protection on your accounts. No keys required.
Yes a backup key is recommended. Bitwarden also has a recovery code that you can use to gain account access if your key fails. That was covered in the video, in case you missed it. Thanks for watching and commenting.
I fundamentally agree with you. If you secure this with an authenticator app or a hardware security key, it would be extremely difficult to break. The pro to the PW manager is you can have strong passwords, but the downside is you become reliant on it. Thanks for the feedback and subscribing!
Nice feedback really appreciate the comment. Have you considered double blinding the passwords in the vault. That way if someone broke into the Vault they still would not have your account credentials. Especially if you've secured them with a strong second Factor Authentication method. Would appreciate your feedback on what you see as the risk factors with that approach.
That was some good info .TKS .What if you have 2 x pc, 2 x Mobile phone how would this work do you have to set up on each device yubi key etc??? Would this be complex? Also just paranoid if do it wrong set up im screwed. Can u back up bitwarden info pw, just in case some thing goes wrong?
@Soulja Setting up Bitwarden multiple devices Thanks for commenting and subscribing. Yes you would have to authenticate to bit Warden on each device, but you only have to set up the accounts one time. My recommendation is to set up all of the accounts on a keyboard computing device for ease of input.
@Soulja Setting up Authenticator multiple devices Once you set up the authenticator app to work with your yubikey, that account information is stored on the Yubikey. Plugging the key into any device that works with the yubico authenticator app will have all of your accounts. Note that presently Yubico Authenticator does not work on Chromebook operating system, but does work on android phones!
@Soulja Backup Concerns Yubikey Backup- You can add multiple yubico keys to your bitwarden for back up. Go to bitwarden.com, "Settings", "Two Step Login", then "Manage Providers". Bitwarden Password backup- Under "Tools", "Export Vault", select format- ".json" or ".csv". .josn is plain text compatible, where .csv is spread sheet compatible. Put the file somewhere secure or encrypt on your device.
@Soulja Complex...screwed, something goes wrong This was a great comment with multiple parts, so I broke up the responses and titled them so others can benefit from your comment. Something can always go wrong, so exporting the password valut, adding multiple keys etc. minimizes this from happening. I suggest you setup a test account on both Bitwarden and your email (Tutanota, Gmail & Yahoo all support the hardware yubikey). Use this test account to follow the steps above. Once you are confident, then you can go about adding your real accounts and locking everything down. Thank you again for these questions. Hope it can help others. Please let me know if you need any help.
@@CyberMedics I am not happy with my current setup but am also underwhelmed by the offerings of current password managers. Ideally, I'd prefer Browser level password manager security (instead of injecting Java Script to pages, which can be overcome) together with a security key backed anthropy not a master password. There's also a surprising lack of compatibility, e.g. Titan key + Windows Hello don't work. Windows Hello + Android is buggy. Yubikey was not looking to be too standard compliant, and I am guessing they still have their proprietary stuff. Not sure if it's worth it to switch from my current insufficient setup.
@@DavidDLee good Info. Didn’t realize titan keys were not compatible with windows. Hello. We are using the yubi key with Windows Hello pin and it works.
Hi! I saw the entire video and read every comment. I got a lot from them, so thank you in advance. So clear and understable. Said that, I would like to ask you what would you do in my situation: I'm already using Bitwarden (free) in two devices: Personal notebok and Android phone. But I also use: -The extension in the browser -The desktop app in order to use it when I browse privately (extension doesn't appear when browsing that way lol). I have setted up the 2fa with Authy that is the authenticator app that I've been using for the last months and I'm glad with the flow and functionality. But also, I have 2 yubicos: -5 NFC -5 C NFC Before this video I've never heard about the yubico authenticator app, or I didn't hold it lol. But having seen this, I'm evaluating moving to yubico auth app in order to be the most protected as I can. The question here would be: Supposing I've already got every 2fa code from every account I got in Authy and I'm ready to move to yubico auth app: Should I have to download yubico auth app for windows too, right? I'm a little bit lost here. I suppose I have to, haven't I? In order to touch the key connected to the notebook I should. The other blanket I have is: What should I do if I want to use whichever yubico I have at hand in both devices? I also bought and addaptor of the 5 C NFC so I can connect it to my laptop (2016 withouth C port). I hope is understable where I'm at: TLDR: I would love to use yubico to 2fa when I need it to log in to different accounts. I want to use both of them, in both devices lol. I think it worse the migration from Authy to this, doesn't it? Thank you in advance!!
A lot of moving parts there. So maybe we need to break them down one at time. I will try to focus on Yubico first, then you can follow up with what I missed. First thanks for responding & hope you "Liked" the video. I believe that putting the codes on Yubico is probably the most secure & also potentially the most risky. If you lose the keys you lose the TOTP codes, unless you've backed up the "security text keys" represented by the scanned QR codes. We have an upcoming video on securing all your TOTP codes: ua-cam.com/video/imgXU5ahTA8/v-deo.html recommend viewing this before you migrate anything. This video will show you how to safely secure all the QR codes, so you could easily migrate everything to multiple Yubikeys or any other authenticator app. I personally have stayed away from Authy, since they require a cell phone number. There was a recent breach through Twilio tied back to Authy accounts through SMS that stole TOTP codes. Authy says it was just a few accounts. One is too many!!!! Anything that requires a cell phone # is suspectable to being hacked. Yubico (like Authy) runs on almost any platform (Windows, android, iOS, Linux). You download the app & plug in the key (or connect through NFC...you have your codes. Moving you code from Authy is going to be a manual process requiring you to disable then re-enable TOTP for all accounts. Again before you do this watch our upcoming video ref above. Let me know what I missed. Really enjoyed your questions.
@@CyberMedics Thank you for the kindness when answering! So we could say then that the most intelligent in my situation would be to migrate to yubico authenticator app... but, after watching this video and the one being published in 4 days! Even though it's a lazy work, I think it's worth it! But before doin it with all my accounts, I'm gonna try with one or two of the most used ones so I can feel the flow of the "having to do it" moment! What I would have to have clear if possible is: One of my doubts was if I had to do anything rare in order to use both of the yubicos in any device. I mean, lets suppose I have at hand one and I want to use it by USB on the laptop or with NFC in the mobile phone... and after that I just want to use the other one. I understood that the totp are safed in the hardware, so here comes my doubt! Btw, its good to know I can count on you! So thank you again!
@@ramiroangel8923 Please "Like" our other videos. Ask your friends and family to subscribe to our channel & "Like" our videos. This supports our efforts to help everyone. The only thing special you have to do for 2 Yubikey access, is scan the QR code for the account you want to add at the same time, so both are generating the same TOTP codes. Once that is completed, no problem using either key on NFC, USB, windows, android, linux....your all set! I'm really looking forward to your feedback on the upcoming video: ua-cam.com/video/imgXU5ahTA8/v-deo.html. Enjoy the questions and glad you are taking this so seriously.
@@ramiroangel8923 Did you get a chance to view & Like our ua-cam.com/video/imgXU5ahTA8/v-deo.html video. Really covers all the details to protect TOTP codes. Please let us know if you need any support.
Really enjoy getting questions and hearing about your success with BitWarden. Please continue to provide feedback & help others who may benefit. That is why we created the channel. Happy Computing! Shout out to Soulja peet & Gibbons for their great questions & detailing their experiences.
If you have a Yubikey, you really should select WebAuthn FIDO2 instead of OTP! Way more secure overall architecture, FIDO2 is phishing-resistant.
Totally agree. We did a video on all the 2FA methods including FIDO2 WebAuthn ua-cam.com/video/f3pY9LJAHPk/v-deo.html. Thanks for commenting & subscribing!
why didn't you select yubikey within Bitwarden? Can you explain the difference between doing that and choosing authenticator, as you did in the video? Thanks!
Great question. In order to select yubikey you have to have a paid subscription. The process with yubikey is actually simpler, since you just plug in the key and phyically touch the key. It is like the process shown on our other email vídeos for yubikey authentication. Thanks for the feedback.
Keep in mind that of your email is secured with a yubikey having a yubikey on the Bit Warden vault is somewhat redundant. But if you have accounts that don't support yubikey then is wise to secure them in the vault with yubikey.
@@CyberMedics Thanks for your replies. I finally got 3 yubikeys setup with bitwarden, however, I'm only prompted for 2FA when I completely log out of bitwarden. It would be nice to have 2FA every time I log into Bitwarden with either pin or master password. Pin + 2fa would be best, as I don't like typing in master so often in case a key logger is present.
What do you think?
@@gibbons7047 Agree. I've been thinking about doing another video with bitwarden. Is there anything in particular you'd like to see? It's been the most popular video on the channel so far.
@@gibbons7047 I missed part of your question. If you want 2FA every time, Go to "Settings", "Vault Timeout", Select "Browser Restart", Under "Vault Timeout Action" Select "Log Out". This will force 2FA every time. Let me know if it works for you.
Nice sharing the video Po friend,
Thank you too
New friend here sir watching sending support from Anne Channel
Watching here po thank you for sharing
Thanks for coming
Watching here sir sending you my hugs and support ,wow good content sir very informative and interesting
Thanks for commenting and subscribing. Did you get a chance to check out the other Bitwarden video. Let us know if you have any questions.
These really helpful make our passwords secured
Thanks for the feedback!
Salamat sa kunting kaalamang naivahagi mo
Idol full watching thanks for sharing
Thank you too
I have a Yubikey. Is it possible to log in to Bitwarden without entering a password. Just by authenticating the Yubikey?
Super question. Thank you. You can, but we have not used it yet. If you do let us know your results bitwarden.com/blog/log-into-bitwarden-with-a-passkey/
Nice video
I have an important question. I don’t have a PC or laptop, just a smartphone. Can I register and setup my yubikey just with my phone? If yes, how I do it? Everytime I think it wants to be in an USB slot to finish the setup. Or I am just dumb 😅
It is not dumb and the process can be confusing. Short answer is yes. Longer answer; in order to provide help we need more information. One of the main reasons we started the channel to help people secure their online accounts. What specific key are you using? What phone (android/iphone)? What accounts are yo trying to secure on the phone? Do you wan to use the key as a hardware token (U2F/FIDO 2) with physical touch? Do you want to use the key for storing TOTP codes for the authentication app? Don't be overwhelmed. You've made an important decision to protect your online account identity. It would be our pleasure to walk you through the process.
My first response may have been more than you need. If you are just trying to add the key to BitWarden, via the phone then you just need to logon to your account in a browser on the phone. Complete details are included in our How to Secure Bitwarden with 2nd Factor Authentication ua-cam.com/video/f3pY9LJAHPk/v-deo.html.
Iam not a techguy, so maybe iam getting this wrong. But if I would install bitwarden and secure it with a yubikey as suggested, and I also would use the same yubikey for 2FA on different websides, as also suggested in different videos. First would this be possible, how much space does a yubikey have? Second would it make sense, or would that mean putting all eggs in one basket? Or if I secure bitwarden with a yubikey, I no longer have to use the options on different websides for 2FA because Bitwarden+Yubikey is already 2FA? Seems I didn’t understand it completely, can anyone help?
These are great questions! I'll try to break them down. First thanks for commenting & subscribing!
"if I would install bitwarden and secure it with a yubikey as suggested, and I also would use the same yubikey for 2FA on different websides, as also suggested in different videos. First would this be possible, how much space does a yubikey have?"
Our updated BitWarden 2FA video is here: ua-cam.com/video/f3pY9LJAHPk/v-deo.html Yes you can use the Yubikey (U2F/Web Authn) on as many sites as you want. Each private/public key pair is dynamically generated and takes up no memory in the key. If you use the Yubikey to store OTP there is a maximum of 32 accounts.
"Second would it make sense, or would that mean putting all eggs in one basket? "
Are you referring to putting all your PWs in the vault as to "putting all your eggs in one basket"? Yes, putting all your PWs in the vault does centralize them, but they are encrypted with your master password. The stronger your master the password the better. Securing the vault with a hardware key makes the vault practically un-hackable . You could also consider a double blind method for storing your passwords. Please see our video: ua-cam.com/video/pQ7ETiPfmqk/v-deo.html.
"Or if I secure bitwarden with a yubikey, I no longer have to use the options on different websides for 2FA because Bitwarden+Yubikey is already 2FA? Seems I didn’t understand it completely, can anyone help?"
When you secure Bitwarden with Yubikey, you are only protecting your passwords. Think of it as your passwords written in a notebook stored in a physical vault, where you need a key to open it and access the passwords.
Even though Bitwarden will automatically login with your password you will still need to be secured with 2FA...preferably a hardware key. For example: I always login to my vault first with a HW key, then I access my email. Bitwarden logs in my ID & PW....then my email account requests my 2FA method (a HW key). Once I provide the HW key, I'm logged into my email. Your questions are supper! Please let us know if this is clear or if you need any help.
@@CyberMedics First thank you for all your time and effort to answer my Questions! This last Example was exactly what I was thinking about and referring to. If I use a Hardwarekey, to fill in my ID and Passwort at a webside, would it technical be possible to use the same Hardwarekey for 2FA-of that same webside? And if so, would it be wise, from a security point of view, to use the same Hardwarekey? Wouldn’t that mean I put all eggs in one basket, meaning ID+Passwort+2FA all in/on/via the same Hardwarekey, could this be still smart?
❤Very helpful!! Thank you!!
Happy the video was helpful. We have a lot of content on device & account security. Let us know if you have any particular interest. Thanks for commenting & subscribing.
Thanks for this tutorial I have an idea now
Great!
Hi friend dikit kalembang na kita very nice content. thanks for sharing. stay safe and God Bless!!! sana makadaan ka din sakin stay connected lodi, 😊😊❤️❤️
Watching from uae.. Thanks for sharing godbless
Sending may full support Sr CyberMedic mlso Sr.Allan Pensan Vlog
Awesome thank you!
It is secure but it is very time consuming. It would be much better if All the login Informations are saved and autofilled every where, but with the difference that you are only able to autofill on that specific device/xomputer/Phone. So that the whole 2FA is only needed if someone logs into your Account on a Different New device in a Different country/City.... is this possible?
It is possible to set it up to require 2fa on the computer. That's the way we have it set up to clear the cookies from the account so that every time you log in it requires you to add your second Factor Authentication. On the phone it always requires you to log in again with either your PIN code or your biometric / face ID. Thanks for commenting and subscribing please let us know if you need any help or have any other questions
That's the way we have it set up on the phone. Still have to attend a cake to the phone but it will autofill once you've attended Catoosa phone for the account
@@CyberMedics thank you very much, I ordered 2 yubikeys and I will See. I am not Sure if it was the right decision because now I read that passkeys (in the Devices) will male the yubikeys mostly obsolet
@mh7711 Passkeys are a device implementation of the functionality of a Hardware security key. The major concerns with passkeys: It is stored on the device. If for some the device fails the passkeys would be lost along with the device. This is also a risk with the hardware keys, but the hardware keys are more reliable than most electronic devices. We believe the passkey has a greater attack surface. Why? If someone gets access to an open device with passkeys there is a high probability that they will also now know all the accounts associated with the passkey, since most of those accounts will be on the device (most likely) the phone. If someone steals a security key all they have is the key, but no direct knowledge of the accounts associated with the security key. Device theft is much more likely than security key theft. Summary: We believe a properly secured/backed up hardware key is more secure than a passkey. You made the right choice. Authentrend's biometric key implementation is probably the most secure key available, since the key requires fingerprint authentication and does not lock up the key after 3 failed attempts.
Just subscribed. Thank you
Welcome aboard. Are you using windows?
@@CyberMedics yup
@@ikust007 This is an important video you might want to view. ua-cam.com/video/qnqnIuGEnH0/v-deo.html
I really don't get the point of this. If you lose your Yubikey or you break them (not that impossibile unless you have 4-5 of those in different houses) you must have another software 2FA backup. So really there's no added security since an hacker could just use the less secure form of 2FA, making it pointless to spend money on an hardware key.
Is there something that I'm missing here?
Intelligent and well thought out questions! Super enjoy these types of queries.
Correct, you must have a second form of backup if you lose your key. But is does not have to be a less secure method of 2FA. Ideally it is a second key in a secure accessible location. Most accounts, when you secure them with a key give you a backup code for account recovery. No-one can get access to your account with a less secure method of 2FA. In this case, it is just the key & your backup code.
Authenticator apps are a good alternative, but if someone gets access to your device, they could possibly get access to your time based, one time passcodes (TOTP). Also, if you lose the device, you’ve lost access to the authenticator. However, before you scan the QR codes you can manually copy the software security key and back that up. This would allow you to reconstitute the account on a new authenticator device. A second vulnerability of authenticator TOTP is: you can possibly be tricked to inputting your TOTP into a fake site (called man in the middle attack). This vulnerability does not exist with hardware security keys.
But….any form of 2FA is more secure than just a password on the account. Cell phone txt messages are the least secure form of 2FA. These codes are transmitted in the clear based on 1970 technology with no built in security.
Please let us know what specific accounts are you considering for 2FA. We would love to help you out.
Please see our more detailed video on how to secure BitWarden with 2FA: ua-cam.com/video/f3pY9LJAHPk/v-deo.html Also consider hitting the “Like” & “Subscribe” to show support for us helping others with technology. Thank you!
@@CyberMedics Got it, thank you. Honestly as a student I just can't afford them, but I see your point.
I think I'll just wait for a few years hoping that more websites will support these keys
@@francescofra751 Please consider using the authenticator apps since they are free Let us know if you need any help.
@@francescofra751 Please see our video ua-cam.com/video/imgXU5ahTA8/v-deo.html. It covers everything you need for free authentication app protection on your accounts. No keys required.
Congrats on your channel sis❤️❤️❤️
Thank you! 🤗
what if yubikey malfuntions? Are you SOL?
I guess in that case would be wise to setup a backup yubikey for emergency use
Yes a backup key is recommended. Bitwarden also has a recovery code that you can use to gain account access if your key fails. That was covered in the video, in case you missed it. Thanks for watching and commenting.
its really great this video content very hrlpfull and impormative.
Vídeo muito informativo.Obrigada por compartilhar.👍🙋
I like the idea but I also don't like password managers
I fundamentally agree with you. If you secure this with an authenticator app or a hardware security key, it would be extremely difficult to break. The pro to the PW manager is you can have strong passwords, but the downside is you become reliant on it. Thanks for the feedback and subscribing!
ang ganda ng tips mga idol
Would never it use it for my main mail account, but it's useful for making quick accounts you don't care about as much.
Nice feedback really appreciate the comment. Have you considered double blinding the passwords in the vault. That way if someone broke into the Vault they still would not have your account credentials. Especially if you've secured them with a strong second Factor Authentication method. Would appreciate your feedback on what you see as the risk factors with that approach.
That was some good info .TKS .What if you have 2 x pc, 2 x Mobile phone how would this work do you have to set up on each device yubi key etc??? Would this be complex? Also just paranoid if do it wrong set up im screwed. Can u back up bitwarden info pw, just in case some thing goes wrong?
@Soulja Setting up Bitwarden multiple devices
Thanks for commenting and subscribing. Yes you would have to authenticate to bit Warden on each device, but you only have to set up the accounts one time. My recommendation is to set up all of the accounts on a keyboard computing device for ease of input.
@Soulja Setting up Authenticator multiple devices
Once you set up the authenticator app to work with your yubikey, that account information is stored on the Yubikey. Plugging the key into any device that works with the yubico authenticator app will have all of your accounts. Note that presently Yubico Authenticator does not work on Chromebook operating system, but does work on android phones!
@Soulja Backup Concerns
Yubikey Backup- You can add multiple yubico keys to your bitwarden for back up. Go to bitwarden.com, "Settings", "Two Step Login", then "Manage Providers".
Bitwarden Password backup- Under "Tools", "Export Vault", select format- ".json" or ".csv". .josn is plain text compatible, where .csv is spread sheet compatible. Put the file somewhere secure or encrypt on your device.
@Soulja Complex...screwed, something goes wrong
This was a great comment with multiple parts, so I broke up the responses and titled them so others can benefit from your comment.
Something can always go wrong, so exporting the password valut, adding multiple keys etc. minimizes this from happening. I suggest you setup a test account on both Bitwarden and your email (Tutanota, Gmail & Yahoo all support the hardware yubikey). Use this test account to follow the steps above. Once you are confident, then you can go about adding your real accounts and locking everything down. Thank you again for these questions. Hope it can help others. Please let me know if you need any help.
@@CyberMedics Thanks am doing that to check it all out ,tks
Intelligent&thanks for the information ♥️☝️🙏
Glad you enjoyed it.
Thanks for sharing.
Hello there new friend sending you my hugs and support
this is educational, thanks for sharing!
done bell all host
Thanks for sharing this informative video
So nice of you
Thank you so much for sharing
You are so welcome
Hello po from team freedom ❤️💕
thank you my friend.done
Thank you too
Hello Po from Allan 👋
Thanks for coming
Support here Bitwardan
great channel good introduction I've subscribed to your channel
Awesome thank you! Thanks for the feedback.
Hello Everyone. If you enjoyed this BitWarden video, please check out our BitWarden play list: ua-cam.com/play/PLXRRf0lV0vUw5wl6lSSBPkfJkMflxu6H8.html
sending my love support here new friends
Clipboard is insecure. Try & avoid copy pasting any sensitive data!
Good advice. Care to share any specific information on clipboard exploits. Thanks for commenting and subscribing. We appreciate the support
Thanks for the info
Tamsak donr from #mine tv mix
Nice information
Thanks for shiring
You bet
Ang ganda ng video mo
Yes I'm here your house 🏠
watching
awesome
Nice
Thank you Julius!
New Friend
This is amazing idol from Regina Hembra
That's terribly complicated. Most people will never use it.
Thanks for the feedback. You’re probably right are you using yubikeys?
@@CyberMedics I am not happy with my current setup but am also underwhelmed by the offerings of current password managers. Ideally, I'd prefer Browser level password manager security (instead of injecting Java Script to pages, which can be overcome) together with a security key backed anthropy not a master password.
There's also a surprising lack of compatibility, e.g. Titan key + Windows Hello don't work. Windows Hello + Android is buggy. Yubikey was not looking to be too standard compliant, and I am guessing they still have their proprietary stuff.
Not sure if it's worth it to switch from my current insufficient setup.
@@DavidDLee good Info. Didn’t realize titan keys were not compatible with windows. Hello. We are using the yubi key with Windows Hello pin and it works.
Nice videos
Thank you Jessie, please let me know if you need help.
Cool
Yabooo
Hi! I saw the entire video and read every comment. I got a lot from them, so thank you in advance. So clear and understable.
Said that, I would like to ask you what would you do in my situation:
I'm already using Bitwarden (free) in two devices: Personal notebok and Android phone.
But I also use:
-The extension in the browser
-The desktop app in order to use it when I browse privately (extension doesn't appear when browsing that way lol).
I have setted up the 2fa with Authy that is the authenticator app that I've been using for the last months and I'm glad with the flow and functionality.
But also, I have 2 yubicos:
-5 NFC
-5 C NFC
Before this video I've never heard about the yubico authenticator app, or I didn't hold it lol.
But having seen this, I'm evaluating moving to yubico auth app in order to be the most protected as I can.
The question here would be:
Supposing I've already got every 2fa code from every account I got in Authy and I'm ready to move to yubico auth app:
Should I have to download yubico auth app for windows too, right? I'm a little bit lost here.
I suppose I have to, haven't I? In order to touch the key connected to the notebook I should.
The other blanket I have is:
What should I do if I want to use whichever yubico I have at hand in both devices?
I also bought and addaptor of the 5 C NFC so I can connect it to my laptop (2016 withouth C port).
I hope is understable where I'm at:
TLDR:
I would love to use yubico to 2fa when I need it to log in to different accounts. I want to use both of them, in both devices lol.
I think it worse the migration from Authy to this, doesn't it?
Thank you in advance!!
A lot of moving parts there. So maybe we need to break them down one at time. I will try to focus on Yubico first, then you can follow up with what I missed. First thanks for responding & hope you "Liked" the video.
I believe that putting the codes on Yubico is probably the most secure & also potentially the most risky. If you lose the keys you lose the TOTP codes, unless you've backed up the "security text keys" represented by the scanned QR codes. We have an upcoming video on securing all your TOTP codes: ua-cam.com/video/imgXU5ahTA8/v-deo.html recommend viewing this before you migrate anything. This video will show you how to safely secure all the QR codes, so you could easily migrate everything to multiple Yubikeys or any other authenticator app.
I personally have stayed away from Authy, since they require a cell phone number. There was a recent breach through Twilio tied back to Authy accounts through SMS that stole TOTP codes. Authy says it was just a few accounts. One is too many!!!! Anything that requires a cell phone # is suspectable to being hacked.
Yubico (like Authy) runs on almost any platform (Windows, android, iOS, Linux). You download the app & plug in the key (or connect through NFC...you have your codes. Moving you code from Authy is going to be a manual process requiring you to disable then re-enable TOTP for all accounts. Again before you do this watch our upcoming video ref above.
Let me know what I missed. Really enjoyed your questions.
You may also want to view our other Bitwarden video: ua-cam.com/video/f3pY9LJAHPk/v-deo.html
@@CyberMedics Thank you for the kindness when answering!
So we could say then that the most intelligent in my situation would be to migrate to yubico authenticator app... but, after watching this video and the one being published in 4 days!
Even though it's a lazy work, I think it's worth it! But before doin it with all my accounts, I'm gonna try with one or two of the most used ones so I can feel the flow of the "having to do it" moment!
What I would have to have clear if possible is:
One of my doubts was if I had to do anything rare in order to use both of the yubicos in any device.
I mean, lets suppose I have at hand one and I want to use it by USB on the laptop or with NFC in the mobile phone... and after that I just want to use the other one.
I understood that the totp are safed in the hardware, so here comes my doubt!
Btw, its good to know I can count on you!
So thank you again!
@@ramiroangel8923 Please "Like" our other videos. Ask your friends and family to subscribe to our channel & "Like" our videos. This supports our efforts to help everyone.
The only thing special you have to do for 2 Yubikey access, is scan the QR code for the account you want to add at the same time, so both are generating the same TOTP codes. Once that is completed, no problem using either key on NFC, USB, windows, android, linux....your all set!
I'm really looking forward to your feedback on the upcoming video: ua-cam.com/video/imgXU5ahTA8/v-deo.html. Enjoy the questions and glad you are taking this so seriously.
@@ramiroangel8923 Did you get a chance to view & Like our ua-cam.com/video/imgXU5ahTA8/v-deo.html video. Really covers all the details to protect TOTP codes. Please let us know if you need any support.
Thank you for sharing the information regarding password.lani
Glad it was helpful! Thanks for commenting & Subscribing!
cybertot❤️❤️📣📣📣📣 ayda here
new friend from triple arrow
Thank you
Tamslovie Team Freedom - Jelay
Thanks for sharing this informative videos
So nice of you
Thanks for sharing