I bought a Yubikey now what?: Entering wrong FIDO2 pin too many times
Вставка
- Опубліковано 17 чер 2024
- In this video, we explore the consequences of entering an incorrect FIDO2 PIN on a YubiKey multiple times.
Watch as I test the device's security features, showcase the process of locking and unlocking the YubiKey, and provide helpful tips on how to handle and recover from such situations. Don't miss this informative demonstration that highlights the importance of maintaining your YubiKey's security while ensuring easy access to your accounts.
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:36 - First built in security measure - reinsert the key
02:45 - Second built in security measuer - unlock with a code
04:14 - Too many tentative, FIDO2 is locked
05:00 - OATH part is still operational
06:20 - Resetting the pin
08:20 - Readding the key and the importance of recovery methods - Наука та технологія
Very underrated video and is the only one out there that talks about real life usage of yubikey! No sponsorship or verbal diarrhea bs, keep it up!
You have the best Yubikey videos ever please keep making them! watching all of them one by one
This is great information. I also notice one difference: most other youtubers who talk about YubiKeys recommend two keys - a primary and a backup. You are the first I've seen recommend more than one extra key. This is very helpful. The same as with data backups, keeping two extra copies is much safer. Maybe I will never need that third YubiKey, and it certainly cost extra money to buy 3 rather than only 2. But if two bad situations cause me to lose 2 keys before i can buy and setup a new one, at least I will still have that third key and won't be locked out.
The challenge phrase A1B2C3 is not to verify that you are really infront of the computer. It is to make sure that you are actually entering the code you think you are. For example if you have the wrong keyboard layout without realizing.
Thanks, I really got it wrong in the video.
Thank You! This was a very useful video as I was unaware of the YubiKey Manager!
Thank you. That clears up some confusion I had about the separation of FIDO2 and authenticator seeds on the device. I’m still trying to understand all the different PIN codes needed at the various login stages.
thanks for sharing what happens! you've picked a good topic. this is something very important.
Great content, real life use case.
Great video! I performed successfully a reset through the app after forgetting about my PIN. Thanks to you!
Awesome video! clear.
Thanks Gian! Very useful helping someone with what looks like a Microsoft PIN issue, as the error doesn't tell you / suggest / hint in the slightest that its the Yubikey pin thats blocked!
Very informative thankyou .
I have many YubiKeys and to be honest I think they are more of a headache than a help. The basic keys that are not programmable are fine. However the programmable keys with multiple functions and yet only 2 slots are very risky in terms of locking yourself out of accounts especially if you are new and exploring the device. It's weird that the programmable key has 6 separate functions yet only two slots. Also there is something very flawed about not being able to generate the private keys yourself ... so we just have to trust YubiKey deletes the private keys after they have been burned on the device and don't keep a backdoor listing for NSA? ...yeah right, what's the point of having these if you are required to trust YubiKey ...the entire math of cryptography is bypassed
ty bro u are the best
great example
I have this message. Thanks for your video. I thought i would have to buy a new key.
If you entered wrong pin too many times you can simply reset the key as showed in the video, no need to buy a new key.
@@codewrecks Thanks a lot👍😉
Thanks for the great videos regarding Yubikey. I had a question regarding FIDO2. Does it come with a default password (PIN?), if not can the key still be used without one?
Yes it has a default pin, usually if you do not change default one, the first software that configures the first FIDO2 identity usually suggest you to change the default.
Ideally when you set passkey you should delete all other ways of login because that is a “shared-secret” security hole that you are trying to avoid using passkeys. Else what is the point of using passkeys if you are opening a weaker access method anyway? Using multiple passkeys should help.
That is the reason why you need at least two keys so you can remove passwords and be sure you will not be locked out
Hi, I have a question, does the option to log in just with the security key also works with the cheap one for arround 25 bucks or you need to buy the one with OTP arround 50 bucks? Thanks iin advance!
It should work according to the documentation. I always took the most expensive one because I use a lot yubico authenticator app too www.yubico.com/it/product/security-key-series/security-key-nfc-by-yubico-black/
Question, can you demonstrate recovering a Microsoft Account with a Recovery Key? I'm curious to know some of the situations where you are asked for it, and what happens when you enter it.
Actually the easier way is to configure Microsoft authenticator in case your keys are all lost.
@@codewrecks I have about 4 or 5 different authentication methods, including both the MIcrosoft Authenticator AND Authy, SMS, email, etc., plus the Authenticators are installed and synced between multiple devices. I am completely set and won't get locked out. I'm just asking out of curiosity because nobody ever demonstrates using the Recovery Key, it's literally not a thing you can find on the internet.
@@Damariobros If you means recovery codes, they are codes that can be used only once instead of the 2FA, so you can enter on your account and setup another 2FA (in the situation you lost all of your 2FA other methods).
@@codewrecks I know what recovery codes are and I store them properly. I know that they simply log you in in place of 2FA.
But big tech has different recovery processes than most websites and I'm curious to know what that process is for Microsoft, when you have previously generated your 25 character Recovery Key. Does it just simply log you in or do they make you do something after using it? And, do they only let you enter it logging in, or are there other times you can enter it, maybe such as when trying to access your security settings and they ask you to verify yourself?
Is 2 keys OK, or is 3. What is best number of keys to have? Thanks.
IMHO: 2 is minimum number that I'd like to have. 3 is better, but you can easily live with 2.
You entered 4 incorrect pins twice, so a total of 8 time. Not 3 incorrect pins each time.
My bad, it is indeed 8 tentatives, with a different warning approaching 8
I think these are garbage. Both of the keys I received say failure to connect. I can not even set them up in the Yubikey manager.
Send back for replacement if they are defective. It is really strange to have 2 of them not working, have you tried on different machines/phones?
@codewrecks Yes, 2 different computers. One a desktop and the other is a laptop. The nano came apart taking it out of the port. It was the 3rd key. The refunded that one.
@@kimcrismon9882 so sorry to hear that, I have 5 keys and have friends uses them and never had problem. 😔
@@kimcrismon9882 So sorry to hear that, it seems that you somewhat found a faulted batch :(.
@@codewrecks There customer service has been very good!
Your video is very good. It is the only one I could find that explains all of this. Thank you for your content.