You Should Be Using Yubikeys!
Вставка
- Опубліковано 17 тра 2024
- I freakin' love Yubikeys. I switched to Yubikeys from Google Authenticator about a year ago, and I will never go back. Not only are they great for TOTP 2FA, but they do so much more! In this video, I try to cover it all, and probably screw up a few facts - but oh well - that's not the point. The point is - you should be using Yubikeys.
GET YOUR YUBIKEYS HERE: geni.us/GunRC
Product links (Amazon affiliate):
Tile: geni.us/VjQ2B
USB C to USB A adapter (for Yubikey 5Ci): geni.us/sYC9aN
Timecodes:
00:00 - Intro
02:18 - What are Yubikeys?
02:56 - What is 2FA?
04:40 - TOTP 2FA and Authenticator apps
06:12 - Why you should standardize on hardware security keys
06:47 - Why hardware keys are faster than authenticator apps
08:05 - Yubikey authentication beyond TOTP
08:30 - FIDO authentication
12:07 - Yubikey TOTP login example
13:00 - Yubico Authenticator overview
13:39 - Yubico Authenticator on iPhone example
14:32 - Yubikey U2F login examples
16:09 - Yubikey WebAuthn login example
16:31 - Yubikey Initial Setup
18:00 - Adding a TOTP token to Yubikey
19:51 - Adding TOTP tokens to multiple Yubikeys
22:51 - What if you lose your Yubikey?
25:17 - Adding a FIDO U2F token to Yubikey
28:37 - Using Yubikey for Windows Login
30:44 - Will the Yubikey work for any TOTP 2FA?
31:48 - Different Yubikeys available
----------------------
Buy me a beer! ko-fi.com/crosstalk
Or donate some Crypto! crosstalksolutions.com/contact/
Follow me on Twitter: @crosstalksol
Crosstalk Solutions - RECOMMENDED PRODUCTS: crosstalksolutions.com/recomm...
Crosstalk Discord: / discord
Amazon Wish List: a.co/7dRXc67
Crosstalk Solutions offers best practice phone systems and network/wireless infrastructure design/deployment. Visit CrosstalkSolutions.com for details.
Connect with Chris:
Twitter: @CrosstalkSol
LinkedIn: goo.gl/j2Ucgg
UA-cam: goo.gl/g4G58M - Наука та технологія
Just ran across this video... All I can say is THANK YOU! You did an amazing job at laying out what Yubikeys not only are, but the demos were off the chain! Keep up the great work sir!
Wow, great video! Extremely informative, very well edited. This was exactly what I needed, thank you!
Very useful. I too had Yubikeys on hand waiting to understand how to use them. Multiple keys per account info helped alot.
Thanks, Chris! Using them already for about 3 years but managed to find some new things watching your video!
Great to hear!
Best balance between skimming over details to make it short and going way over time to make an exhaustive yet way too long video. Key points are covered. Points out of scope are stated as such. Points that have bigger implications and do need consideration at some point, are also made clear: things that make you think. Ideal balancing a critical yet confusing topic. Great vid.
Thank you for your thorough summary of Yubikeys and set up. Bravo!!
Thanks Chris, great presentation. Have had a Yubikey for several years but only used it a few times so this was a great refresher.
"Scanning" the desktop screen by the desktop app is a pretty neat little usability hack! I haven't been using the app but now I'm sold on it 🤓
For your time codes to automatically put "chapters" on your timeline, you have to put a 0:00 time code in the list. Great video!
yeah at 25:30 I was like, 'this is really good, but I gotta go'
The acting for the google Authenticator is top notch lol. Great video!
Thank you for that great overview and answering all of my questions before i could even ask them.
Excellent!
I just got the 5 NFC and answered EVERY question I had (spent hours trying to connect the dots)...
Thanks a bunch!
We have company issued Yubikeys for over 5 years and you are exactly right about how good they are. Even though I'm a very long time user, I am so glad you made this video. I have actually been wanting to use Yubikeys for my personal accounts, but hadn't invested the time to figure out how to set it up. So I've been using the MS and Google authenticators. But I prefer the yuibikey for the same reasons you cited. I was working in Germany a couple years ago and forgot my yubikey at home and needed access to our corporate VPN. We fortunately had an office a couple hours away and I was able to get a replacement through our IT. But I wasn't sure if I could setup a couple so I'd have a backup. I also wasn't sure about how to get it to work with a phone since my company issued yubikey is the USB A style. You really answered ALL my questions. I'm going to hit your link and pick up a few.
Yes, I am replying to my own post. I just received the 2x5NFC USB A's today that I ordered. I am even more positive now than before that this is what I needed as I spent a time over the weekend looking at the key capabilties. I am buying another 2 of them. I am getting a set for my wife for her to use for her accounts. As with most people, her security awareness is limited and it is pointless to preach about it to people. You just need to provide them with something secure and simple which this really does. It also means I can authorize all 4 on joint accounts so that if something happens to me she will have access to our accounts like gmail, 401k, banking etc. I work on numerous linux systems via putty and ssh and was very pleased I can use putty-cac as well even if the PC doesn't have a SmartCard slot. I tried it out earlier today on a few systems and works great. I had looked into SmartCard as an option about a year ago as a personal security solution, and dismissed it due to not working with phone and needing a reader among other shot-comings. I do use a CAC SmartCard for work, but only have the reader on my company issued laptop. This yubikey solves so many problems. I didn't know it had so many authentication choices. However, BEWARE - You need to get at least 2 and make sure you setup the additional keys or you WILL be locked out of your account if something happens to your main key. That should be made clear to someone considering this.
@@rexjuggler19 there are recovery codes in the event u lose your physical keys
I've always found Ubikey's own documentation to be fairly obtuse. Thanks for the clearest explanation yet.
Great video! Been using these for quite sometime, make sure to get an extra as backup as mentioned!
Love the 568B artwork on your wall.
Great video! I use the 5ci as primary and 5 NFC as secondary. I also have my PGP keys on my 5ci.
Thanks for the incredibly useful video! You demystified a lot of information in a clear way!
Thank you so much, this vid is amazing. You answered every question I had about the different application types. Simply brilliant! I am so thankful for you and you sharing your time.
Funny, I just finished setting mine up last night! Ordered two more for my parents.
Chris U have converted me to this yubikey, Thanks
i feel much safer now , great vid
Thanks for the demo and insight, have a great day
Nice Video, I got a yubikey a few months ago but I wasn't using it to it's full potential, this video helped me understand what are the capabilities, thanks!
Great video, thank you for giving this profound overview.
Glad you enjoyed it!
Great video! It's worth noting that for most accounts, even if you miss typing in the code before it expires, as long as you know it, you can still enter it for some time (usually between 5 and 15 minutes). Obviously, as soon as it expires you can't see it anymore, but if you still remember it, you can still enter it.
that's a hazard if u think about it
This a great video I really enjoyed it and it was very informative. I got one of these that was left over from a project at work. To pilot for a new customers 2FA implementation, seems very kool. I'm going to try and use the PIV deployment method with local active directory and a CA to use them as a smart card.
Now, this is neat. I never know those accounts are stored in the keys. I started using Authy last year because it can back-up my keys. But that means my secret codes are now on the cloud. I need that feature so I won't lose them whenever I reset my phone, which I do every time when it gets a major system upgrade. I don't lose my stuff easily, so having a key is better than having an app. Thank you for such an informative video.
Second Yubikey just got here, third is on the way, love them.
Nice! Yes more like this. Timely too, I cleaned out a desk drawer and found some unused Yubikeys, they are getting put into place pronto.
I purchased 5 NFC and 5C NFC. I'm ready to set them up now that I lost my job.
I wish I found you before and used your link. Great video!
I’m a tech moron.... and was filled with dread at having to update my entire online security & password collection over various macs.
This video has really helped !
I think I can now master this with a bit of time. Thanks 🙏
For TOTP you can use the QR code to program multiple Yubikeys simply program one and do not put the code from the key into the site, then insert your second one and add it there two and once you've programed the last one then enter the code into the site. As an alternative for having multiple keys for TOTP you may copy the code or QR image and store it in an encrypted file using tools like GPG/OpenPGP but that is an other subject, sort of... it would have been nice to cover the PGP functions of the Yubikey as well, may be that can be a future video :).
If you do this I don't believe you'd be able to revoke them individually, i.e. in case you lost one. You'd just have to remove and re-add the one you still have.
@@ahensley on the contrary, in that case if you lose one key you can just get a new one and feed it the existing TOTP seed (the original QR code/secret code). This way you don't have to invalidate existing TOTPs and redo them all over again in both new and old keys. (If there is a chance that you lost a key to someone who also has access to your passwords then the correct thing to do is actually invalidate existing TOTPs and redo them, not reuse existing seeds)
Really good content, thanks. If the key is stolen how difficult would it be to retrieve stored data?Are the data encrypted on the key?
Thanks Chris. Extremely informative video.
Logged into UA-cam with my YubiKey 5nfc usb-c to watch this video. Love YubiKeys and have a few, been using them since 2017.
You don't have to use the manual method to configure the same TOTP on all your YubiKeys, just switch between them while on the QR Code screen and enter the TOTP from the last key you configure to finish the respective service TOTP setup.
Dangit Chris! I’ve been thinking about doing this for a while. 5C NFC is ordered.
I may be overly concerned about hackers, but personally I would not go with anything that is wireless when security is concerned. Wireless just provides one extra weak link in the chain. When using radio technology, i.e.: "NFC" I do suggest making yourself aware of the exact radius of that particular radio transmission.
@@Inertia888 Just the info I was looking for, thanks m8!
@@Inertia888 got credit/debit card?
@@johnzoidberg9764 yes, I do. and I change my numbers every few months just in case it has been compromised.
Great info I'll be watching this video a few times to digest it all. Lots to consider.
Pristine clear and relevent tube. Thanks so much for such a nice review of the Yubikey products !
I was constantly thinking "something in the background looks familiar, but I can't pinpoint it...
Then my eye fell on the frame hanging next to your youtube reward button thing, and it clicked :D
@fuck google It's a wiring diagram for Ethernet cables www.google.com/search?q=ethernet+wiring+diagram&sxsrf=ALeKk00UdIyMZp6J_v1JjfzmBKeHK0SxRQ:1606463841336&tbm=isch&source=iu&ictx=1&fir=d3PlvGVMrC5arM%252CV-i5CBR7Nb_OJM%252C_&vet=1&usg=AI4_-kSGgTtbv7cz3tvqafq7529zknD0IA&sa=X&ved=2ahUKEwj3vO2UoKLtAhWNmKQKHeGNA50Q9QF6BAgCEFU&biw=1536&bih=722#imgrc=d3PlvGVMrC5arM
Thank you for the informative video. I was wondering if Google accepts Yubi Key for logging into Gmail, Google Account, etc.
Yes they do
Thank you for making this informative video.
Awesome in depth explanation. Thank you
I like the grumpy man typing google authenticator code.
I use ubikey. I like it.
@16:46 - The collectable value on that special edition key dropped 99% the second you opened the original packaging. ;)
Very well done video, very informative, thank you so much
Yes I bought two and they have been lying on my desk for two years as I tried to use and got all mixed up so hopefully I will be able to understand how to use (haven't listened to your clip yet).
Thank you, this took me over the top, I ordered Yubikeys (from your link, of course) for the family. One question remains. What happens with the lost backup Yubikey? Do you have to reset all the logins?
Add a password to it. So if someone steals it, they'd have to know both the yubikey password and the account password.
Is it recommended to buy two keys per user in an enterprise setting? Users are notorious for losing things 😅
Your reenactment of using yukikeys was amazing and had me loling
Thanks Chris for this informative video, do you know if the use of yubikeys are supported for the firefox browser?
I'm just under two minutes into the video, I'm hopeful that this provides an answer about what to do if you break one, because I have been known to break tiny things like a USB Key, so that has been my biggest fear about them. I mean do you have a backup key? Can you make new backups if you need to use the backup because the original broke?
Yes if I were to use them I would and you can have multiple keys. Just like backups go for 3 keys one of which is off site but in a secure place. One on you, a replacement hidden somewhere in the house and another secured off site. He is actually wrong or misunderstood when it comes to having multiple token generators: just like backups you have a sequence of secure backup keys.
Good
You can't make a backup of a Yubikey, each Yubikey will forever remain a separate key with its own identity. What you can do is have several Yubikeys affiliated with a single account such that losing one means you can use the other. Any lost key needs to be manually removed from an account/website.
You mentioned “losing” one of your Yubikeys. What’s the best practice for moving forward if you believe it to be truly lost or stolen? That would make a good video.
It depends on the account you lost. He briefly mentioned backup codes, I've seen that several times now that you get backup codes when you set up 2FA. Save those codes, and do not lose them. If you do, there may be no way back. I lost my Steam Authenticator, and had to contact support to get it straightened out. 2FA kind of worries me for that reason. Same problem with one time use texts, if you lose your number or your phone.
Get two yubikeys and lock one of them up in a safe place, many sites will let you register multiple MFA devices. So if you lose one you can log in with the other key, delete the lost one and register the replacement. On sites that do not allow that they will have some sort of backup code or method. Put that info in a safe place.
Simply buy ledger Nano s or Trezor T which only unlock after entering pin on the device. You only need to keep a 24 or 12 words backup if you lose your device, just buy another. They both offer Fido 2.
I'd love an answer to that too. How do you invalidate a Yubikey if it is lost or stolen, to stop it from being used maliciously, or is the only way to manually remove it from all your accounts? Is there no way to say "I no longer have this key, remove all the accounts from it"?
@@Anaerin Exactly - seems like you'd have to keep a list of everywhere it was registered and then go chasing them down manually. I know I won't do that (keep an up to date list)
Thx Chris, Great Video, ... currently using it only for AAD auth, and I don't want to do without it anymore ...
Hi Chris, Great video. Do you know if you can use the UbiKey 5c NFC series as a NFC key for the Unifi Access Card/NFC Fob as well?
When you talked with your yubikey engineer friend what did he say that made you use it.
Probably that it's faster than using authenticator apps on your smartphone. Also that he showed him how to use it since he was unaware of how they worked
I absolutely love my YubiKey. The only downfall is the lack of support on many sites and web apps on the u2f protocol. I have tried many times to push these hardware keys on UniFi, Synology or others. But they rarely respond on the request, due to lack of the user base usage. The more people keep asking for these requests. The faster it will be taken into consideration.
It’s a chicken or egg situation. No one wants to spend money on a piece of expensive junk that isn’t useful on more than a handful of sites that virtually no one uses. But no sites want to spend the resources to support Yubikey until more people buy them.
If you kept it going till now you have all the respect that I can give
Thank you for explaining. I Just ordered a yubikey 5 nano yesterday. Unfortunately I only found your video today or I would have bought through your link.
The only problem I have found with my YubiKey 5 NFC is that not all companies have changed their 2FA to use hardware Authorization... I wish YubiCo would update owners when they add new partners. Otherwise I love YubiKeys. They are about to come out with a Fingerprint YubiKey.
I can’t look at that painting in the background without thinking of pixie sticks.
It's the wiring order for a ethernet connector
Thanks for your easy to follow explanations
Bought a YubiKey thanks to this video, with your affiliate link. Cheers Chris!
Must have for Emails and Password managers. I just wished more websites would support security keys.
Especially banks. Wish my bank and credit union would support it 😭
I love using my Yubikeys and now they've brought out a model with a fingerprint reader, so... *TRIPLE* Factor for the win!
Something you know, something you have, something you are!
Thats crazy, i placed an order for one this morning!
Just ordered a Yubikey looking forward to the setup and security with it!
Up next: Built in yubikey into cellphone for additional $300 for easy access
🤣👍
Google has already done this. The Titan chip is in some Google phones.
The basic hardware is there already, in sim cards.
Actually, many phones already have something like that build into it. So when your phone is unlocked, you can use it to log into systems. Both Android (since 7.x) and Apple. Apple and Windows laptops supposedly also support it. In Windows it's part of Windows Hello. In all cases I think they need to have a chip build in. Also Krypt Krypton might be an option.
Where can I get that shirt? Need!
Same, LINK!!!!
I trust you recognize its from the Chromium browser's unreachable-location minigame? :-)
probably not online...
TEEPUBLIC has several designs. I like this one www.teepublic.com/t-shirt/2053315-chrome-t-rex-dinosaur-rawr
make a stencil out of lego and ink stamp it on....
Next year I buy this. Thanks for details review.
Chris, I love your videos and especially this one, I saw it maybe more than 10 times....and if you see the rest of the comments, I purchased two using your links.
But l figured that yubikeys are NOT faster than any Authenticator app and let me tell you and prove you why:
I spend a whole evening trying to setup my 2 yubikeys, a 5Ci that I will use as a backup (got the idea from you) and a 5C Nano for my laptop. Later on, I decide to go to bed as I had to wake up early next day. So while I’m on my bed and using my phone trying to fell asleep, I decide to check my unify network, by using the “Unifi Network” application but, it asked my for a 2 step authentication. Unifi was one of the first setups I did with Yubikey since I saw that also on your video.
So the fact that I had to get up, go to the living room that I had my laptop and next to it my 5Ci yubikey, so I will put it on my phone, in order to login to Unifi Network app, make me realize that yubikeys are NOT faster than my Authy app which was still installed on my phone but without my Unifi auth, since I removed it once I install the auth on my yubikey.
I never made it to my living room since it wasn’t so important to go, but definitely made me question my self why I should move from Authy app, to a yubikey.
More secure? Probably....but I feel like you want a house without glass windows just for the ONE chance that burglars brake the windows and get in your house.
Nobody is building a house without glass windows, right? Although the possibility is always there, that burglars can get in.
I hope you understand my point!
I will try to use my yubikeys since I bought them, but I don’t know how convenient they are to be honest.
It would be nice to see them integrate biometric authentication into it (an advantage of the smartphone) would also be nice if soft token MFAs got more into MFA push notifications for wearable devices. (Giving you the same one touch MFA experience as the ubikey).
YubiKey Bio is coming soon. Has a built in fingerprint reader.
Or you could just use Secret Double Octopus and get rid of your password all together.
I wish they had a screen for totp, with out having to plug in the device into a machine for those areas that we can’t install software nor plug usb into them
I’ve used the NFC on some secure industrial machines
RSA hardware keys exist.
@@deusexaethera Are you saying you can use RSA keys with Yubikey? I have extra RSA keys and didn't think this was possible
This is a most helpful video as I've been wondering how these work for some time. However, I am blind and use screen reading software and refreshable Braille. Would teh Ubico authenticator app be usable by me?
Chris, thank you for this video. Very educational on Yubikeys and why everyone should be using one.
I would love to be able to import my authy records into a yubi account.
Youd basically just go into your accounts and disable your authy 2 factor authentication, then set them up again but on the Yubi account
What about push notification to auth app? I can accept a prompt in about 2 seconds by accepting it on my watch. Just saying...
Convenience VS security
Thank you for this very good introduction to the topic. My question is: What about open source alternatives to the Yubikey, are they any good?
Best Yubikey video ever. I learned about this from a podcast but they just flew over the topic so fast I couldn't tell what to do with the damn thing; only that it was 2fa. Now I have a reason to buy a few to use for more security. I don't like using my phone for 2fa because I don't really trust the phone's os.
"I had a half-dozen yubikeys on my desk that I never used until Yubico contacted me to join their affiliate program, but the affiliate program had no influence on my endorsement of their product."
😂😂😂😂
Looks like Yubidoobie is pumping loads of cash in influencing YT influencers.
It’s Yubikey! wherever you go.
Check out Rob Braxman for some real security tech.
Still doesn't change the fact that hardware 2FA is much more safer and reliable compared to software/SMS alternatives when used correctly.
Great video, but I'm not convinced it's better for personal use, you really can't beat something like 1password's cmd+/ (mac) or ctrl+/ (windows) key combo which fills your username, password, and when using OTP, the 2FA code when prompted. One and done. Also integrates into Safari and Chrome for iOS or Android. Truly a one-stop password app. Not to mention, it's stored in an encrypted vault, so it's shared between ALL your devices. Lastly, no limit on the number of sites you can use 2FA on. Yubikey seems good for large-scale 2FA implementations, but not for personal use... IMO
I think a middleground is perfect. Use yubikey for 1password and let 1password handle all other 2fa. I just googled and think it should work. You'd have the best of both worlds imo.
I think Chris got this wrong in his video. I'm not an expert on this, but I spent some time researching this because I wanted to know the technical details. If you're looking to replace authenticator apps that generate TOTP codes, a Yubikey or similar device can actually be used for an unlimited number of services. The 25 slot limit is for "Resident Keys" which are used for entirely password-less authentication schemes.
Excellent overview, thanks.
I was intently listening to you describe why I should be using a Yubikey and looking at the artwork on the wall behind you. I know I am really tired and need more sleep but I thought I'd keep watching as long as I could and then it hit me as to why that artwork looked so familiar. When you terminate enough network cables in your life that you can do it in your sleep, things like the T-568B standard just becomes like a white wall or a white ceiling. It's there but you just don't see it and yet you known it there.
Google Authenticator now lets you log in and migrate devices, I believe.
Edit: it requires the old device, but you can scan a QR code from the old device using the new device to migrate to the new device.
That's great news! Excellent update. Still...I would never go back because it can't do FIDO or other enhanced types of 2FA.
@@CrosstalkSolutions I couldn't agree more! Just wanted to point it out.
If you're lucky the old device hasn't suffered a hardware failure,fire,water damage,theft etc
I had a charging port go on my Android phone and only realized by the end of the day that the thing wouldn't take a charge and had to literally make haste to get another old spare phone setup and migrate via QR . If I didn't notice it earlier I woulda been hosed pretty badly as I've got Google 2FA on pretty much everything.
All MFA apps allow you to migrate your accounts. All you need to know is backup/recovery codes that you were provided with the first time you signed in to the MFA app.
@@OlegObukhov up until this year, Google Authenticator did not. You'd have to redo every account...
This is a hard no for me, would be lost in a minute.
Did you not see the part where he lost his?
Hi Chris. Great video. Thanks! I will sure go to your link and buy a key. I do need a backup, as you said it is smart to have one. If someone buys a backup, does it have to be the same exact as the original? Or will a 5C NFC work well with a 5 NFC? Thanks!
Awesome video...one other question I have is how is the durability of these keys. I notice you have them on a Keychain with is usually thrown about casually.
Hmm... Doesn't leaving the key plugged into your PC with the app running kind of defeat the object? Not unlike leaving your password on a post-it note under your keyboard really :-0
That’s why I prefer to use a password manager and have the yubikey work with the master password to access the manager.
Doesn't the yubikey (at least some models) still require biometric authentication before it works even if plugged in?
It would still need to be tapped by your fingers to activate… but yes, this has crossed my mind as well. For that I personally would steer clear of the “leave-in” ones… though i think the concerns are irrational for most security threats.
@@warcorer نَيس
In fact no, and thats why things like the trusted platform module and ssh keys exist, its just a second factor so if somebody wanted to hack your account they need your password too, or the other way around if they have your password they would need to hack the pc too to get the login done, but the yubikey requires button confirmation before login so thats fixed too
Gotta love UA-cam recommendation:
Up next:
Breaking FIDO: Are Exploits in There?
From Black Hat
In all honesty I'm still slightly skeptical.
I personally still only use passwords, and don't login on computers that I don't own/control.
if I'm ever out and going and need to login to my bank or something like that I just use no-machine to connect back to my server at home and login thought that.
I'm still not sure how trustworthy a for profit authentication company can be, when you have major player like google joining on the standards.
I don't think there's a major security issue, I just don't think it's mature enough, on one side Google is fucked up, on the other Google (and other major players) have too much to lose if they start loosing reputation, so I don't think they would mess with authentication, but who's to say Yubikey can be trusted to not fuck up their protocol and chips being fundamentally flawed.
The issue I have with all those passwords and double, triple checking of identity is that at the end they tend to try and make it easier to actually authenticate, and people end up using a 4 digit pin set to 0000, 1111, 1234 because some company made their old password insecure by forcing them to change it, make it too complicated, and have a trillion different login portals.
great comprehensive tutorial. which tile was that ?
been using a yubikey for years have a few of them. it's important to note if you set everything and then loss the key your going to have a problem. So its best to have two 1 you use and one you keep in a safe place with the same sites configured on it.
Hi Chris thank for the wonderful explanation!
Excellent video ; I have an old one, time for an upgrade methinks. Also, I think some insight as to how this might work in an enterprise environment. Will it save sys admins time as well. I keep hearing about Google's Titan key effort but I wonder how a REAL business might function with a YubiKey implementation. Are there labour economics to warrant?
Awesome job on the setup...do you have to have a pin to use the Yubikey
Love the pot plant on the laser printer's scanner ADF 😂🤪👍
I loved the drink part... Nice 👌
As always, thank you for your in-depth videos! I have learned so much. One way to explain 2FA is that it is a subset of the term Strong Authentication. Strong auth works on the triad of, something you are, something you have, and something you know. Any two of those used together is strong auth, a.k.a. 2FA.
Thank you for your post. Can you explain to me the triad of “some thing you are“? I’m not sure what you mean by that. I understand the other two elements, something you having something you know.
@@josephrogersmd Something you are is basically biometrics. Fingerprint, iris scan, hand geometry scan, etc...
Great and complete tutorial. Thanks!
I have some old Yubikey 4 as well as old Feitian and Titan keys when I turned on advanced protection on Google. But seeing your demonstration of the YubiKey authenticator, I've now purchased five of the YubiKey 5 FIPS keys and am excited to try them out. Something interestingly different is that the secrets are now (since YubiKey 5) are stored directly on the key instead of on your application. This will make it easier to use secrets from different devices without trusting a cloud service like Authy to keep the private keys on their servers.
Great video... BTW, I bought 3. :) and... as of today, the clear one is still available, although it's not NFC, costs more than all the others, and isn't on the Black Friday deal, so I passed. :)
Question for you though... What do you suppose is the purpose for having the option to require you to touch your Yubikey? I mean... If I break into your house and know your password, and have your Yubikey, then how is making me touch it adding any further security. It's not like it's making you validate your fingerprint on thing.