Yubikey - The Ultimate Beginner Guide (How to Setup & Use)
Вставка
- Опубліковано 3 тра 2024
- 🛒 Get your Yubikey: link.tariosultan.com/yubikey
🛒 Get Yubikey on Amazon: link.tariosultan.com/7zre
What is a Yubikey?
The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords, public-key cryptography, and authentication, and the Universal 2nd Factor and FIDO2 protocols developed by the FIDO Alliance.
Timestamp:
00:00 Introduction
01:32 What is a Yubikey
02:11 Yubikey Unboxing
02:28 Yubikey 5Ci
02:48 Yubikey 5 NFC
03:18 Yubikey 5C NFC
04:43 How to Setup a Yubikey (Google)
05:00 Method 1 - Security Key (U2F)
06:49 Generate Google Backup Codes
08:45 Method 2 - One Time Password (OTP)
14:00 How to Use Yubikey on iPhone/Andriod
15:06 Final Thoughts
Links mentioned in the video:
Yubikey Quiz: www.yubico.com/quiz/
List of applications supporting Yubikey (U2F): www.yubico.com/ca/works-with-...
Download Yubico Authenticator: www.yubico.com/products/yubic...
More about Yubico Company:
Yubico is founded in Stockholm, Sweden, making secure login easy and available to everyone, and enabling one single authentication key to work across any number of services.
============
- NEW HERE? -
My name is Tario Sultan. You will see a mixture of tutorials, tech, and crypto videos in this channel. That's who I am :)
👨💻 Check out my blog: tariosultan.com/
📫 Join my newsletter: enroll.tariosultan.com/newsle...
👉🏻 Subscribe: bit.ly/38ZZpXf
☕️ Buy me a cup of coffee: bit.ly/2SQFwMs
✏️ Request content for my channel: link.tariosultan.com/request
============
💎 All my gear: bit.ly/3aYGgFB
📚 Books that changed my life: bit.ly/2uJo2bM
============
▸ My fav camera: bit.ly/39hM7aS
▸ My fav lens: bit.ly/3crrURV
▸ One of my best storytelling videos: • Can Lumix G85 Handle W...
▸ My Crypto Playlist: bit.ly/3zqAFoP
============
Follow me on:
Instagram: / tariosultan
Twitter: / tariosultan
Facebook: / tariosultan
My Website: tariosultan.com/
============
📲 Business Inquiries: tario@tarioproductions.com
============
Thanks for watching!
🙏🏻 Much love & stay blessed!
============
DISCLAIMER: This video description contains affiliate links, which means that if you click on one of the product links, I’ll receive a small commission. This helps to support the channel and allows us to continue to make videos like this. Thank you for the support! - Навчання та стиль
Drop a like and comment if you enjoyed the video!
PS. Use this coupon to save an extra $5 on any Yubikey 5 Series: [YUBIKEY5]
Valid until 12/31/2022
Trying to buy a 5 series and I tried this code on the Yubico site and it didn't work. Is it no longer valid?
Hello thank you for the video I have a question! What if you don’t take a screenshot of the QR code? Will you be able to generate a new one with a different key? Also I have no idea what a thumb drive is? Could you please explain how to save your QR code onto there and encrypt it? Again thank you for all your hard work!!!
As a newcomer to physical 2FA options, this is one of the best videos I have seen to explain everything about setup, backups, and what the backup codes do. Great work!
thumb drive last resort tip is very smart. thank you for putting this tutorial together.
I was searching from last 24 hours about all the information of a security key and almost saw more than 100 videos but never satisfied through any videos but through your videos i got all my answers. you explained very well. You put your 100% effort and that clarify all our doubts through a single video, the point that i never thought that anyone would think about that, you also answered that too, that shows how much efforts you put in your videos. I wanted to write more appreciation about your work here, but let me skip all that.
By the way A big thanks for educating us and you do a good job through your videos.
You’re most welcome. Thank you for the kind words! Means a lot.
Great video, Thank you.
Do you have a video showing how to use yubico Desktop authenticator? How that desktop works? Thank you.
Great info. questions? do you need to stepup (2) yubikey 5C NFC & yubikey 5 NFC + a yubikey authenticator for my iphone, ipadpro, laptop and PC? Next - do you need to keep one yubikey with you at all times and the other in another secret place??
must you always have to set a recovery key for the manager app?
Excellent video with great information. Thank you very much!
We need 2 compulsory keys for iphone ? As in setup page it shows enter 1st key and then insert 2nd additional key .. can i buy only one .. is it sufficient to work fine ?
With the ncf demo starting at 14:35, I don't see you pushing the button. I thought that might be how it couldn't just be used by a very nearby hacker. Is it that it MUST be touching your phone? And further perhaps also detecting that the device is being touched/held to the phone?
Thanks for the video, and addressing the concern I'd long had of a key being a single point of failure. Wasn't aware of the support by apps for multiples, and of even using the same QR reg code for each.
Hi Tario,
thanks for the tutorial. You show how to set up the yubikey but have you made a video showing how it's used daily? How it enables to login to many sites without the hassle of phone / SMS codes, email codes, etc... I think the idea behind the yubikey is improved security but also to save tons of time by being far more convenient for the user to just tap on his key or even doing nothing but just have it plugged or being read by NFC.
Security and convenience are two things that doesn't get along too much, choose your preferences
Bro which is the video u did on how to use yubikey for cryptocurrency’s ?.
Thank you....for this video...I loved the way you walked me through the whole process...you made it so easy for me....❤👌
So glad to hear that, much appreciated!
Love the way you are answering to almost everything that should be answered.
One of the best videos on UA-cam on Yubico Tutorial♥️👌🏼
Thank you! Appreciate the kind words, means a lot!
@@tariosultan means a lot brother👍🏼☺️
thank you for the explanations...........
Great video! What software did you use to make it?Also going to use your link after work to buy an NFC version :)
Love how the Heartstone pop up :)
Bro should we also remove the backup phone number from google account? Because the hacker can also use the phone number as a backup
Absolutely! It’ll be more secure if you only use security key & recovery codes as your login methods.
@@tariosultancan the 8 numbers recovery Google code can also be hacked?
@@summerbreeze5115depends how you store the backup codes
Bro we’re do I get the adapters for the yubikey 5 like in your video .
For my fellow LastPass password manager users, you can enable a Yubikey to act as your master password and enable the "require re-entering master password for this site" option on a site-by-site basis in your LP password vault. So, you can still auto-fill your randomly generated passwords as usual, with the added security of a Yubikey.
Or if you're an IT admin you can integrate Yubikeys into Windows logon via Duo Security (another 2fa provider) integration into Active Directory. Great added security for laptops that frequently leave the office. Physical protection for single sign-on (SSO) ecosystems too (email, timeclocks, file servers, SharePoint, etc.).
May I ask how can I get into IT? any where to start?
@@Kishin333 In my experience, certifications matter more than college degrees, and job experience more than certifications. You can learn pretty much anything online, but in-person classes at a local training center can get you real hands-on experience.
Or, you can always set up a testing lab at home. Find a couple of cheap used PCs and network them together. Take them from bare metal to a fully configured working environment. You'll learn a lot along the way just using Google-fu or trial and error.
Either way you decide to go, I wish you the best of luck! 👍
Do you have a link for the lighting connector adapter?
Very helpful video. Thank you!
Hi, thanks for this great review. Is there a limit in the number of accounts i.e. Gmail, Microsoft account etc. that you can setup with the same Yubikey?
This is from their FAQ page:
the YubiKey 5 can hold up to 25 resident keys in its FIDO2 application.
@@tariosultan thank you 👍
This is helpful. I have a recurring problem, from time to time when i insert yubikey, it says no credentials...like it doesnt read the key. Any guess?
Tario...this video is great...BUT, I just got a yubikey 5 nfc and I don't understand how to setup the key for initial use right out of the box??? I put the key in the usb and nothing...there must be some software or something for setting it up for the FIRST time??? I'm using Windows 11 desktop and laptop computers and also an iPhone. Maybe a video on how START...???
Great video! Thanks very much!
Excellent. Thank you.
On a ledger nano s you have to generate your own private and public keys. others may have had access to the original keys. Is this not so with these yubikeys too. How should it be set up for first time use? How do you ensure keys are unique and known only to device and you?
Good work dude!
thank you for this. 🙏
Thanks for the nice review!
Is it possible to use the yubikey completely instead of the regular password ? What’s the point of the regular password if we use physical keys? My desire is to get rid of any friction for login and just use the key.
Tell me if I’m dreaming or not 🙏🏻😄
Great tutorial. Thank you🙏❤️
Most welcome
Is it possible to add the three keys when you register just one? I would like to store one off-site, in a vault or at my family's place for example. Having all three keys at the same place to register them each time seems to defeat the point of having multiple keys for safety, as all can get lost at the same time in a fire?
is setting up a NFC key for iPhone different from a nano key? can I set up all keys on the Mac and then use the 5 series NFC on the phone?
Yes you can. For example, I use nano on my mac then 5 series on my phone (NFC)
Your video is good. Very easy to understand. I would like someone to make a video about setting up the key manager. This would be very helpful.
TY, super informational, Tario. It's time to join 21st century and I'm learning all I can before I commit to 2FA and Yubikey.
On another note, easy on the voice deepener plugin; my house is literally shaking when you speak lol
There is a thin line between sounding like a man and like Darth Vader.
Excellent info!
Why would you use the security key to run the OTP protocol? Reading the security key is so much faster.
The only reason I could understand doing this would be IF the service only supports OTP and not yubi. If you’re forced to use the OTP protocol I’m assuming using it with the security key as opposed to using an authenticator app?
You are so professional, the best guide, thanks for all
I appreciate that!
Thanks!
Hi, how many platform accounts can I store in one yubico security key? (google account, facebook, and Microsoft)
Curious question. Many laptops come with smart card readers. Do smart cards function exactly the same way or is it different? My guess is if it was different-that difference would be that it might've been designed for local hardware/OS security back when this wasn't nearly as much of a threat as it is today. This Yubikey appears to have online account security in mind and ultimately succeeds in what Microsoft failed to with TPMs. TPMs have nothing with Google accounts which throws off the need for it.
Hi Tario, good video thank you. I am trying to install my yubikey but I am quite confused. Everyone is doing videos on how to secure a google account or Facebook, but what about "real" stuff like online banking apps etc? Would the specific bank need to allow for the key to be used? Or is it possible to secure a browser (eg Brave?) in a way that every password protected login to a site triggers a yubikey requirement? I have seen that Brave is in the applications that work with yubikey but that was about the only information I could find. What does it actually do on a browser? Hope these questions make any sense at all. Thank you!
Hi Kath, long story short, at the moment I don’t think you can you yubikey with banks. I’m sure there will be something similar within the next few years. Also, some browsers support yubikey so you can actually connect the device with your browser. Hope this helps.
@@tariosultan Thanks Tario. I have seen that Brave browser supports yubikey but have not found help on how to actually connect the two. And then what to use it for. Is it for passwords stored by the browser? If you know of anyone who made a video on this I would love to know. Thanks !
@@tariosultan I believe there may be a way by using a password manager as an intermediary. For example, I use LastPass which allows the use of physical keys in place of typing the master password. The only caveat is that you would need to enable the "always require master password" option instead of "keep me logged in", so it may become a hassle for auto-filling other sites.
Edit: Looks like Lastpass as a per site option to require master password re-entering. So, maybe that could de-hassle-ify things a bit?
@@kathelementalbodywork4349 I think it'd be just for protecting your Brave account.
Do you have to keep the key plugged in for the entire session or just for authentication? I'm assuming the later?
Only used to authenticate. Once in you can remove the key.
That’s right. Just for authentication. But I do have a 5C nano plugged in 24/7, so I don’t have to keep inserting yubikey when I need it.
Can I use the same yubikey on multiple accounts from the same company? 2 Google accounts, 2 Microsoft accounts, etc.
Brother, a question, I'm seeing many channels being hacked by stealing browser cookies. With this they manage to impersonate you without having to steal your passwords... Would the yubikey be effective in those cases where cookies are stolen? Or it will be that they manage to access without permission of the key.
Hey Tario, I have an aging parent that seems to be forgetting his passwords - spent two hours with him resetting passwords last week but I live 2K miles away from him so it was bit challenging. Thinking maybe a physical device might be the answer where Dad only has to tap a device, but maybe YubiKey is a bit too complicated for him - whats your thoughts or suggestions for a situation like this?
Here is the perfect solution:
ua-cam.com/video/-qouvOMAPYQ/v-deo.html
It’s free, just need to install the app and extension on their devices.
All they need to remember is the master password.
I suspect that *in use* (= once set up) it would be easy for him. So we're back to the 2K distance. Is there someone where he lives that you know and trust that would be prepared to set up the key **** on a once-only basis **** ?
@@MikeWal2 I do remote tech support and have a client that kind of fits OP's description. He often goes to a guy at his cell provider store for support (like stuff that I can't really do remotely). Or if it's an iPhone/Macbook, _maybe_ the Apple Store would be willing to assist.
Will there be an issue if I secure my Google account by setting up BOTH the Yubikey security key and also the Yubico authenticator app. Will there be a conflict? Or perhaps the opposite --- is there any advantage to setting up both? Thanks for the help.
Not at all! That’s what I do as well!
In case sometimes you can’t insert the yubikey into the device. You can use Authenticator app in that case
@@tariosultan you can use the yubico authenticator app without the yubikey?
Very helpful video, thanks. Just a shame the screen examples are so blurred and small.
which screen examples are you referring to?
Can I change the name of the YubiKey i just added to my computer?
BTW, good job on this presentation!
I think so, you can change the name on the platform you added the yubikey to.
Why add 2FA via Yubikey when you already have access by physial Yubikey? Sounds like redundant method?
Another question: how often do you have to touch the sensor? Once after system boot or for every login attempt to any app?
The reason I add 2FA: in case you can't insert the Yubikey with the device you use, then 2FA is a quick way to still login to accounts.
When you setup the key, you have option to touch sensor every time or not touching it as all (as long as its inserted).
Can you set up a YubiKey and a generic one at the same time?
I think so.
i have 2 Desktop computers 1 Laptop computer and multiple i phones the i phones are all cloned to each other. If i get 5 yubikeys can i linked them all together so they will all work together as one. Do you have a video to explain how to do that.
Add all your keys on all devices. This way no matter which key you plug in, it will work.
For how many account we can you single Key?
usb to micro usb adapter for smartphone can i use this key on galaxy s20?
Use NFC version, just scan it with your Galaxy s20.
Can you add one key to multiple apps? Like Google and other apps on one key or you can do one app one key
Nope, one key can handle a lot of app!
@@tariosultan Thank you :)
What is safer? Using the security key or using the app and authenticator? If you use only the first option, can someone still hack your account with password ? Or does the security key take place of the password ?
I have a question. I want to go passwordless on outlook 365, personal account. How can I do this without the MS authenticator app? I just want to use my key ONLY to login, otherwise what's the point of the security? How do you accomplish this?
Hi sorry but I can’t use my yubikey 5C FNC on my iPhone because I don’t have USB-C port…. Please tell me where to buy USB- C port. Thank you
You don't need USB-C port, you use the app, swipe down and scan the yubikey with NFC
Thank you for an excellent tutorial that saved me from throwing this little thing out. Yubikey is no help in telling you how to set these things up
Glad it helped!
Hi- new to your channel here and very grateful to learn more about this topic. This may be a dumb question...I don't know much about tech or security. But, one thing I am concerned about with Yubikeys is the NFC. I don't know what NFC is or what its security is like. Do you think that a Yubikey without NFC is more secure than with the NFC? tyia
That's a pretty technical question, I'd try sending Yubico a support email see what's their take on this topic.
Based on my personal experience using Yubikey, when you use NFC, I need to type the password THEN it will show me the list of 2FA codes, so random personal can't use my yubikey (NFC) unless he has the PW.
If use a yubikey does that mean i can use a weak password to secure my account? Or would that be also unsafe?? I'm thinking about using a yubikey because I'm constantly using the "forgot my password" option because i could never remember the long passwords 🤦
It’s a good habit to have secure password or pass phrase. If you always rely on forgot password, I encourage to check out another video I made on Bitwarden password manager. Combined with Yubikey together, it will transform your life.
My yubikey not working do i need to setup it?
1. He talks about the Google account *only*? Must a user go through this process for every single website account on which one is registered?
2. What if I use a PC and an ipad equally?
You can use it on both. Yes.
Not google account only. Any platform supports security key or 2FA.
it doesn’t matter if your on PC or iPad. As long as you have the right port.
You may want to revisit this video. Yubico on Mac OS Ventura does not appear to support desktop Apps any more
I’m not sure what you’re referring too. I’m on Ventura, works totally fine.
@@tariosultan Sorry I meant with Bitwarden on Ventura
I have no issue with Ventura + Bitwarden setup.
Please make a video of how to make a back up
It’s mentioned around 6:25
Thanks for keeping it simple. Appreciate you didn't say just "Click here, then click this and click that button to finish"
Hello
How do you encrypt your QRcode?
You save the screen shot of it and put it on a thumb / removable drive / or maybe S3 bucket in AWS and then encrypt the content of the drive. S3 buckets in Amazon are already encrypted.
what if my key is lost or broken
That’s why you always need a 2nd one as a backup.
My channel was hacked two days ago and when I tried to recover gmail , the hacker already protected himself with security key . I don't know how the hacker passed two step authentication but I got pretty big lesson to use security key and not put the faith on my phone number
Thanks for your explanation
I noticed a lot of these cases they immediately apply their own security key.
I’d recommend to remove phone verification, etc. they could port your number and only leave security key, 2FA and backup codes.
Stay safe my friend.
My yubikey 5 nfc not working why
How is this better than getting the OTP code through text?
I can't manage to delete my mobile number from Google after setting up the Yubikey. So I can't even remove the weakest link.
As long as you have more than one 2FA, normally you can remove the other ones.
You probably have to wait after last change.
Why would this key be more secure than my authenticator app on my phone?
Thank you for skipping the part where you scan the QR code, since that's what I've been trying to find for the last two hours!
Bloody nightmare to set up I have 3 keys just bought a USB C one for my android wish I hadn't now spent an hour trying to figure out how to register my Google account with it, go into my account settings but nothing about keys there, maybe they dont like you using them?
How about a wild idea. USE A ANDROID DEVICR WHEN TALKING ABOUT ANDROID DEVICES
Can this be used with a locked down work PC? Doubt it
You can lock the entire system on Mac, haven't tried PC yet.
Could this device be in fact hacking device? Say, some special China edition? I tap yes on my phone, when I login, why I need one more device?
Do you want others who have your email address and password to log into your accounts? No? Then use a security key.
Your video shows FIDO but not FIDO2.
Isn't taking a picture of any secret credentials (be a recovery code or authentication QR code) defeating the purpose in using secure hardware authentication? As anyone who can obtain that image can now bypass 2FA. And since most viewers probably aren't tech savvy enough to realize the risk, they will probably just leave it on their phone.
Why don't they have USB-A/USB-C in same key lol I have an desktop PC and a mobile phone that doesn't support NFC :(
Be very careful not to accidently bend and break off the yubikey while it is sticking out of your computer's USB port.
Great video; but you left out one thing HOW THE H3LL TO YOU REGISTER THE F-EN KEY!!!!!!!!!!!!!
Yubikeys are very strong, but they're not "hacker proof". The fact you'd describe them that way tells me you're somewhat naive about cyber security, and therefore shouldn't be advising others on the subject.
Starts at 1:40
Strange that no bank app has the ability to use this key.
Can one yubico be set for two or more google accounts?
Absolutely
The problem with backup codes is that they become the weakest link in the security chain. Being 8 digits, you get about 26.6 bits of entropy, which is dreadfully low.
That's why there's so many of them.
@@mystrdat huh??
Yes, it would make a lot more sense to have an encrypted RSA4096 key as a "backup code". But then soon we going to have quantum computers capable of recounting all those keys. A battle of swords and shields as they say :)
@@airatru Well, we are living in the now, and need to address the associated security issues that exist today; 8-digit codes are simply unacceptable and defeat the security of something like a hardware token. The quantum world is still many years away, and the availability of quantum computers to the masses will not be immediate, so there will be time to address that technology down the road.
I have 2 keys, but not every business is using technology
why is this better than “sign in with apple ID?”
2 minutes in and already counted 5 terrible misconceptions. Can't stand to watch this kid continue to misrepresent the tech.
You talk wayyy to fast....baby steps for beginners
Except when I upgraded my OS my Yubico YubiKey won't work with Windows 11, however it still works with Window7. I know Mac OS, Gmail and I think G1tHu8 have embraced this fantastic technology. I'd just like to know if the online banks have embraced it and anyone else worth mentioning?
My gmail account hacked can you please help me to recover my account thank-you
Hundreds of pounds worth of hardware security and then don't forget . . . create a backup code and print it out in case you lose all 3 keys?
Seriously?
Thanks!
Welcome!
Thanks!
You’re very welcome