I wish YubiCo would come up with a feature to copy all the stuff from one key to another for safe keeping, rather than having to have all your keys and adding them to everything twice or 3 times etc.
Thanks. The new keys do look like a significant improvement, especially with the additional storage. Perhaps a video walking through the migration process from the previous generation keys to the new version would be helpful. Seems like a manual process and somewhat tedious, but I guess it would be a one-time effort - at least until a future generation is released!
@@penultimatename6677 I did some googling and came up with this statement from Yubico's website: Yubico periodically updates the firmware to take advantage of features and capabilities introduced into the ecosystem. YubiKeys are programmed in Yubico’s facilities with the latest available firmware and once programmed cannot be updated to another version. The firmware cannot be altered or removed from a YubiKey. So the new firmware is only on new keys.
It would be really nice if Yubico would allow firmware updates to hardware. On their website they explain how they do not allow for firmware updates as a "security precaution" and I get it. But then they allow updates to their mobile and desktop apps...? So Yubico is afraid someone is going to physically steal my key and do something nefarious but my constantly connected Yubico Apps are less vulnerable? I'm not suggesting anything foul on their part, but it would be nice (and look a little more ethical) if they allowed refunds/trade-ins. Something like a $20 refund if they receive your old key within 30 days of purchase. Setting up your "Yubi-life" is tedious enough, having to re-do this after every firmware update is costly, unreasonable and for mid/large companies unscalable. I'm a long time user of YubiKey, but if I were to do it all over again I would probably go with the Google Titan Security Key (yes, their firmware is upgradable, and it's less expensive). Forgive my rant.
Yeah, that is annoying but for a very good reason. They are supposed to be secure and allowing changes to firmware makes the thing inherently insecure.
The big issue is setting everything up all over again on the new key. Especially having to remember the sites that can't be viewed in the authentication app.
@@stultuses Instead of taking a picture of the QR code. Choose don’t have camera. Then you can type it into all the keys. As well as saving it in a password manager.
@@marco31 This is how every major vulnerability starts and certainly isn't the end of the story. Sure, it requires an em probe, high speed acquisition gear, and detailed knowledge now... but it's not a stretch that this could be simplified and sold as a kit to script kiddies.
@@beaubellamy given that they also need a working login+password combination for a specific service, and the cloning only works for these credentials on the one service they aim for… Presumably, with enough time and working credentials, they could clone all of them, but still. Also, a decent service should be able to notice that their user is providing correct information but is brute forcing their 2fa, and slow down response time or something? I really don’t see how it could be automated further.
Wish the yubikey's firmware was upgradable.. 25 passkeys is just not enough anymore and having to spend over $100 to replace them just to get the new firmware is a pretty frustrating.
So... Everytime I sign up a new place with 2FA, and I use the Yubico authenticator I need to use all 3 keys to to add the new TOTP? Thats quite a hassle, especially if I have an extra backup key in a secure location outsite my home...
I currently use google Authenticator. I know it's a stretch but, would I be able to import my current 2fa codes to the Yubikey or would I have to do them 1 at a time?
Another Great Video. Thanks. I have a question. I know you probably answered it in a video, but should one rely on using passkey if you have an Apple ecosystem or should we still use Yubico? Also if my Yubico key model "security key usb C nfc" is on the version it's on 5.7.1 that means that article of Yubico keys being compromised is patched? Would you recommend me to stay on the Yubico key " security key usb c and nfc" model or buy myself a YubiKey 5 series?
So.., what's up with YubiKey 5c not being accepted with Safari 18? I am a new Y. user. I reviewed all your videos re the Y. product. I attempted to install on my new MAB via new Y. Authenticator. In process of install, I received message "failed to add service key...not supported by current version of Safari." Explanations, suggestions would be appreciated. Not excited about returning to G. Txs.
So, i take it, we cant update the firmware on our current YubiKey 5 NFC? I just got mine in the past year. :| Also, how do we update the app? Do we just download the new one and install and it overrides the current install? (ie it doesnt have a built in updater)?
Shannon, could you please tell me how to add a 2nd Yubikey? When I added the 2nd key and generated another code, Instagram gave me an error message. Or is it true that once I add my Instagram account to both keys, the code I generate, and the backup codes from Instagram are good for both Yubikeys?
I purchased 2 keys as they advise, however am struggling to get all accounts on both keys - as some providers only seem to support having a single 2FA key :(
Damm. I wish it was an update I could apply to my current keys, but I deduce it's a storage space limitation on the current keys that's preventing that. I'm actually carrying three keys. Two personal use and one professional use, for separation of concerns reasons. And the reason I got two personal use keys is for having topped some limits (mainly TOTP) on one of my personal ones and I believe I'm getting close to some space limit on my professional one too. I guess when I'll need to get another one, it'll be the opportunity for me to upgrade to the new firmware.
Thanks so much Shannon! I'm about to buy my 1st Yubikey 5, but before knowing which one to buy, I have a last question. I have Macbook Pro with 2xUSB C ports. Most of the time for my daily work use, I have an USB C dongle plugged to one of the USB C ports and my charger cable on the other port. So i'm wondering if using a Yubikey 5 with USB C or USB A (connected to the dongle) would work or not. Hopefully someone could do a test for me and let me know.
The problem here is actually that this isn’t phishing resistant like using the key for fido2 logins. Users have to be aware of MiM attacks when using OTP codes wherever they come from. We need to push companies to support passkeys instead of OTP for greater security
Why use Yubico Authenticator for OTP instead of our password manager, like Bitwarden, which also offers OTP features and account protection with a YubiKey?
@@VincentGroenewold Are the OTP codes stored directly on the YubiKey, or are they stored in the app but protected by the key for access? If I understand correctly, this would function similarly to using Bitwarden to manage OTP codes while securing access to the vault with a YubiKey. @ShannonMorse what are your thought on this ?
The Yubico Authenticator app doesn't tell me what version it is, and the site doesn't tell me if updating to Authenticator 7 will work with my current Yubikeys. While I have no intention of buying new keys, will 7 work with the Yubikeys a couple years old??
Thank you for the timely video. The new F/W release enabled hardware to be the authority in the previous dueling authority model. It is important to seal the hierarchy by enabling touch required in the relationship between the key and Authentication App. The storage off-site of an image or string is going to be difficult for the Windows 11 folks. If you can get three keys, of equal development, stored in three locations (one off-site) you should be able to dump the image/string software based storage altogether. Again, Thank You.
@Shannon Morse, thank you for all this videos. After watching a number of your videos I decided to purchase a couple yubikey through your link and have a question. Do you have any tutorials on how to use your Yubikey as a smartcard to unlock Bitlocker encrypted drives? I'm trying to set this up on my PC and don't want to set up the other features until I get this figured out in case I need to reset the keys. Thank you for any info!
Thank you for your content! As you also mentioned that some services still require SMS authentication, how are you going to do it? I would rather use a trustworthy app than my own sim number and not reveal my private information or what do you think?
Question: I have my mother on the other end of the world and I need to give her access to one of my accounts. She doesn’t have a key and she needs access within the next 5min. How do i do that?
It does not affect keys with 5.7 firmware and you need expensive specialized hardware to do it. So unless you are careless and leave your device out where anyone can get to it, it's not really an issue.
The exploit requires to physically have access to the key. The equivalent to stealing the key. Be more concerned with the possibility of it being stolen.
@@pagefault404 Short answer, no, it's a hardware bug that they've mitigated by releasing a new V5 yubikey with new firmware. All pre 5.7 will alway be vulnrable now.
From what I can tell, QR codes are not stored in the app/device, they are stored in the key. You can require the app to provide a password to the key before the key will allow the app access to the QR codes in the key. Any device with the app and the key password will have access to all the QR codes.
@ShannonMorse Thanks... I thought that would ve the case, BUT when you have access to someone who knows what they are talking about, that is when you ask those questions that sit in the back of your mind. I'm retired now but I used to be both an UNIX Systems Administrator & a Custom Software Developer back in the 80s & 90s. My programming skills didn't survive the millennium. I'm older than the Internet! The Internet will outlive me, but It will take a few decades for it to be as old as me!
I struggled to get my gmail account to allow me to connect 2 yubikeys. I could connect either one seperately but when I went to add the second I got an error message. Do you have a work around for this as this stopped me moving forward yubikey due to not wanting to lose access to an account should I lose that one key.
You don't add a 2nd key directly to gmail. You do what she explained, take a screenshot of the QR code and add it manually to both keys. It's not a difficult process and if you have a way to safely store those QR codes offline I would do that as well as it gives a 3rd backup.
@@ElmoFuntz Ok thanks for that I will have to do some further investigation as at the time I was following instruction from a video on the Yubico channel "Secure your Google account with a YubiKey" which seemed to be saying once you have connected one you just repeat the process with the other and bobs your uncle, however there was no voice over just the video, this was two years ago. Could be things now are different.
For a video that revolves around firmware, I'm somehow missing the most important point: How do I install the firmware on my hardware? Or do I have to replace my entire hardware with every firmware version update and spend a shitload of money?
If we're not including all the ones I use for my demo videos, yes, I am. It's a small price to pay for a product with no subscription fees and fw 5.7 has lots of worthy upgrades. I consider this like upgrading my phone. It's a cost, but also an investment in my own personal security.
They work great as backups! Otherwise I'll remove them from my online accounts and gift my old ones to friends. I try not to throw away electronics if they still work
Some people are complaining that after purchasing the yubico keys 🔑 the are getting the old keys. Surly, Yubico should remove their old keys ?. It would be totally frustrating, buying a new key, only to receive the old key version in the post.
I'm struggling trying to figure out how to set up my two YubiKeys with 1password. I find it ridiculously difficult and frustrating. I don't understand why the authenticator has such a terrible ui or why it can't just walk the user through the setup and prompts for a backup key. Not knowing what I'm doing with the fear of killing this very expensive key is disheartening to say the least. Being worried about my security is bad enough without worrying about locking myself out of everything if I screw this up
So, jsut to be clear. I will need to carry this key (Yubikey) around with me and will need to insert it into my Mac whenever I need to log into my accounts. Is that correct?
My biggest gripe about the YubiKey's is not having a synchronized relationship in some form, where I have YubiKeys permanently plugged into my laptops, and then a portable one on my keychain which can serve as a backup to them, or be the primary for my phone. Having to program the same TOTP token into multiple devices would not be fun, especially when I'm staring at 40+ right now.
@@bluzytrix Don't tell that to Google, the Titan Security Key firmware is upgradeable. In fact, all security devices should be able to patch/update. Requiring users to purchase new hardware after every firmware update is ridiculous IMO. This business practice just encourages people to not use Yubico products or more likely, continue using outdated/vulnerable Yubico products.
So very annoyed with the firmware updates... love that they're more secure, hate that they've made HUGE updates back to back. Ordered 50 keys for my staff the day the last new update released, but the box from Yubi had all OLDER firmware without the new storage limits, etc. :(
Hey Shannon, you have a missing peace of mine in your video: scanning the qr code twice!!! Original Yubikey tutorials are bad unfortunately, I am happy to have watched yours!
You fly over how to make a second key too quickly. A new video showing exactly how to make a second key with this new version of the desktop app would be appreciated. I think your previous video is no longer correct. What do I do with the QR code that I've saved? How do I use it to make a second or third key?
Yubico Management : Hey folks sales are slumping what are we going to do? Answer: I know, come out with new firmware. Management: Good answer, good answer. (Applause from the board room) I understand the security behind non upgradable firmware but what is preventing this mentality?
I wish YubiCo would come up with a feature to copy all the stuff from one key to another for safe keeping, rather than having to have all your keys and adding them to everything twice or 3 times etc.
They did! But they fixed that "feature" in the 5.7 firmware 😋
Thanks. The new keys do look like a significant improvement, especially with the additional storage. Perhaps a video walking through the migration process from the previous generation keys to the new version would be helpful. Seems like a manual process and somewhat tedious, but I guess it would be a one-time effort - at least until a future generation is released!
1:14 - "I'll put time stamps below". Unless I'm blind, I don't see any.
Sorry, I am out of town and don't have my computer with me. I ran out of time to do the timestamps (it's a manual process for me) before I left.
@@ShannonMorse Are you back in town now? It's been a while :))
@@ShannonMorse Still no time stamps
@@dgf7451 technically u can make em as well :P just in comments
However people are talking about the security issues now with the Yubikey. Can we get a video ?
do you have a link?
@@arofhoof Can't really post links but the title of the article is YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Nothing burger. You have a better chance of winning the lottery than being affected by the so-called "issue."
The issues requires such extraordinary measures to exploit there is no concern (yet).
@@JK-mo2ovyeah, like 10 hours of access and the process pretty much destroys the key. It isn’t sneaky by any means. I think most of us are safe.
Unfortunate I need to buy a new key in this case, would be nice if there was a big discount for existing users.
What part of the video explains we need a new key? I missed that part
@@speedracer9132 Well it was what I understood by the mentioning of the new firmware on new keys, older ones were not mentioned at all.
@@VincentGroenewold The new firmware adds functionality to the keys. As I understand it the application works for all existing keys.
@@penultimatename6677 I did some googling and came up with this statement from Yubico's website:
Yubico periodically updates the firmware to take advantage of features and capabilities introduced into the ecosystem. YubiKeys are programmed in Yubico’s facilities with the latest available firmware and once programmed cannot be updated to another version. The firmware cannot be altered or removed from a YubiKey.
So the new firmware is only on new keys.
It would be really nice if Yubico would allow firmware updates to hardware. On their website they explain how they do not allow for firmware updates as a "security precaution" and I get it. But then they allow updates to their mobile and desktop apps...? So Yubico is afraid someone is going to physically steal my key and do something nefarious but my constantly connected Yubico Apps are less vulnerable? I'm not suggesting anything foul on their part, but it would be nice (and look a little more ethical) if they allowed refunds/trade-ins. Something like a $20 refund if they receive your old key within 30 days of purchase. Setting up your "Yubi-life" is tedious enough, having to re-do this after every firmware update is costly, unreasonable and for mid/large companies unscalable. I'm a long time user of YubiKey, but if I were to do it all over again I would probably go with the Google Titan Security Key (yes, their firmware is upgradable, and it's less expensive). Forgive my rant.
I think the biggest problem with the YubiKey is you cant take advantage of new firmware unless you buy a new Key.. seems a little over the top..
My biggest is that I misplace my keys a lot... >_
Yes! And after paying for the new one they sent me the old firmware version. Kinna useless as that's the version I have.
I thought Yubikey are the best one for 2FA. Meanwhile I know they are not.
@@OneZone4 they are now writing the version they will send on the page.
Yeah, that is annoying but for a very good reason. They are supposed to be secure and allowing changes to firmware makes the thing inherently insecure.
Really like the upgraded algorithms and pre-locked NFC. That has been a concern for more commercial applications.
Nice vid, as always, Shannon!
Thanks for watching!
Timestamps?
Code doesn't work for 5C NFC. Only 5 NFC
I don't understand why I can't copy all TOTP seeds from one yubikey to another, managing backup keys is extremely tedious :(
The big issue is setting everything up all over again on the new key. Especially having to remember the sites that can't be viewed in the authentication app.
Which is why you should store those QR codes (in a safe place) for later use.
@@JohnDoe-fk6id
How do you store a QR code safely that's not on a digital device?
There-in lays the issue
@@stultuses Print it out, and put it in a safe?
@@stultuses Instead of taking a picture of the QR code. Choose don’t have camera. Then you can type it into all the keys. As well as saving it in a password manager.
Sooo... What about the security vulnerability in versions
What about it? It's a very theoretical problem due to its complexity to take advantage of the vulnerability.
@@marco31 This is how every major vulnerability starts and certainly isn't the end of the story. Sure, it requires an em probe, high speed acquisition gear, and detailed knowledge now... but it's not a stretch that this could be simplified and sold as a kit to script kiddies.
@@beaubellamy And the script kiddies will still need to have access to the physical key. I'll take my chances.
@@beaubellamy given that they also need a working login+password combination for a specific service, and the cloning only works for these credentials on the one service they aim for…
Presumably, with enough time and working credentials, they could clone all of them, but still.
Also, a decent service should be able to notice that their user is providing correct information but is brute forcing their 2fa, and slow down response time or something?
I really don’t see how it could be automated further.
@@beaubellamy any future script kiddies will also need to take apart the physical yubikey *without damaging any internal components* for it to work.
Wish the yubikey's firmware was upgradable.. 25 passkeys is just not enough anymore and having to spend over $100 to replace them just to get the new firmware is a pretty frustrating.
I still dont know how to add my back up key to the authenticator app
Depends on which authentication "app" ur using
So... Everytime I sign up a new place with 2FA, and I use the Yubico authenticator I need to use all 3 keys to to add the new TOTP? Thats quite a hassle, especially if I have an extra backup key in a secure location outsite my home...
Ordered one directly from yubico and was sent the old firmware version one. Is there a different model # or something?
I currently use google Authenticator. I know it's a stretch but, would I be able to import my current 2fa codes to the Yubikey or would I have to do them 1 at a time?
Its not possible to upgrade the firmware right?
If I am hosting my own domain, will a Yubikey allow me to authenticate and access the URL and only allow access if you have the key?
Another Great Video. Thanks. I have a question. I know you probably answered it in a video, but should one rely on using passkey if you have an Apple ecosystem or should we still use Yubico? Also if my Yubico key model "security key usb C nfc" is on the version it's on 5.7.1 that means that article of Yubico keys being compromised is patched? Would you recommend me to stay on the Yubico key " security key usb c and nfc" model or buy myself a YubiKey 5 series?
So.., what's up with YubiKey 5c not being accepted with Safari 18? I am a new Y. user. I reviewed all your videos re the Y. product. I attempted to install on my new MAB via new Y. Authenticator. In process of install, I received message "failed to add service key...not supported by current version of Safari." Explanations, suggestions would be appreciated. Not excited about returning to G. Txs.
So, i take it, we cant update the firmware on our current YubiKey 5 NFC? I just got mine in the past year. :|
Also, how do we update the app? Do we just download the new one and install and it overrides the current install? (ie it doesnt have a built in updater)?
I got a new yubikey but it doesn't save any of my keys I try to put into it...
it gives me an error every time I try...
I got 2 Yubikeys arriving this week and cannot wait to set these up! Thanks for sharing all this info, Shannon!
Hey could you let me know if you get the new firmware or old. I just got mine and it was the old firmware version.
@@OneZone4 Sorry for the wait. I got them and they are on firmware 5.7.1
Shannon, could you please tell me how to add a 2nd Yubikey? When I added the 2nd key and generated another code, Instagram gave me an error message. Or is it true that once I add my Instagram account to both keys, the code I generate, and the backup codes from Instagram are good for both Yubikeys?
Can we please get a coupon code for the USB C NFC version? Is that one updated too?
Exactly. I'm not upgrading unless it's USB c
I purchased 2 keys as they advise, however am struggling to get all accounts on both keys - as some providers only seem to support having a single 2FA key :(
Hi, and thanks for all the constant updates you bring here, do you know that the Youbikey sold on Amazon are also updated to version 5.7?
So mine is v5.4.3. When I bought it on Amazon there was no FW info. I had no idea which version I was buying. How do you get this info before buying?
Damm. I wish it was an update I could apply to my current keys, but I deduce it's a storage space limitation on the current keys that's preventing that.
I'm actually carrying three keys. Two personal use and one professional use, for separation of concerns reasons.
And the reason I got two personal use keys is for having topped some limits (mainly TOTP) on one of my personal ones and I believe I'm getting close to some space limit on my professional one too.
I guess when I'll need to get another one, it'll be the opportunity for me to upgrade to the new firmware.
Thanks so much Shannon! I'm about to buy my 1st Yubikey 5, but before knowing which one to buy, I have a last question. I have Macbook Pro with 2xUSB C ports. Most of the time for my daily work use, I have an USB C dongle plugged to one of the USB C ports and my charger cable on the other port. So i'm wondering if using a Yubikey 5 with USB C or USB A (connected to the dongle) would work or not.
Hopefully someone could do a test for me and let me know.
Is this for all models or only yubikey 5 series???
The problem here is actually that this isn’t phishing resistant like using the key for fido2 logins. Users have to be aware of MiM attacks when using OTP codes wherever they come from. We need to push companies to support passkeys instead of OTP for greater security
Do we need brand new keys for the new side loading hack?
No mention of being able to upgrade the firmware of an existing key?
Want to understand this better, super confused. Can this replace my annual 1Password subscription?
Maybe using the words "cool hack" in terms of Yubico security isn't the most comfortable context choice.
Why use Yubico Authenticator for OTP instead of our password manager, like Bitwarden, which also offers OTP features and account protection with a YubiKey?
Because the OTP codes are stored on the key, not on your computer, which is somewhat safer
@@VincentGroenewold Are the OTP codes stored directly on the YubiKey, or are they stored in the app but protected by the key for access? If I understand correctly, this would function similarly to using Bitwarden to manage OTP codes while securing access to the vault with a YubiKey. @ShannonMorse what are your thought on this ?
@@francoislefebvre2469 No the codes are stored on the key, downside is that for the older keys I can only store about 32.
@@francoislefebvre2469😮😊 great question! Looking forward to the ands too 😂
@@francoislefebvre2469 They are stored on the Yubikey.
wait are you no longer with Hak5?
The Yubico Authenticator app doesn't tell me what version it is, and the site doesn't tell me if updating to Authenticator 7 will work with my current Yubikeys. While I have no intention of buying new keys, will 7 work with the Yubikeys a couple years old??
Yes, it will work with all keys.
@@ElmoFuntz Thanks
Thank you for the timely video. The new F/W release enabled hardware to be the authority in the previous dueling authority model. It is important to seal the hierarchy by enabling touch required in the relationship between the key and Authentication App. The storage off-site of an image or string is going to be difficult for the Windows 11 folks. If you can get three keys, of equal development, stored in three locations (one off-site) you should be able to dump the image/string software based storage altogether. Again, Thank You.
@Shannon Morse, thank you for all this videos. After watching a number of your videos I decided to purchase a couple yubikey through your link and have a question. Do you have any tutorials on how to use your Yubikey as a smartcard to unlock Bitlocker encrypted drives? I'm trying to set this up on my PC and don't want to set up the other features until I get this figured out in case I need to reset the keys. Thank you for any info!
Thank you for your content! As you also mentioned that some services still require SMS authentication, how are you going to do it? I would rather use a trustworthy app than my own sim number and not reveal my private information or what do you think?
Hi Shannon.. Thanks for showing something I didn't know I needed until today. Lol. BTW I'm your mom's old friend from the Halloween group.
Oh my gosh! Small world haha 🤣
Can yubikey USB - A could do same thing as USB - C??
Tried to buy 2 yubikeys using your discount link above. Would only give $5 of on 3 keys!!? What's going on with them? No discount for 2 keys?
Is the version 7 Authenticator backward compatible on my old Yubikey?
Yubico Authenticator version 5.1.0
Question: I have my mother on the other end of the world and I need to give her access to one of my accounts. She doesn’t have a key and she needs access within the next 5min. How do i do that?
You would have to log into the account and remove the multi factor authentication layer in order for her to login.
@@ShannonMorse Thank you, that is better than nothing.
I wish more of these hardware keys existed.
Did the exploit that compromised Yubikeys get fixed? Someone in the Hak5 discord mentioned that Yubikeys were compromised.
It does not affect keys with 5.7 firmware and you need expensive specialized hardware to do it. So unless you are careless and leave your device out where anyone can get to it, it's not really an issue.
@@ryokaix So short answer, mostly fixed. Never underestimate the carelessness of people.
The exploit requires to physically have access to the key. The equivalent to stealing the key. Be more concerned with the possibility of it being stolen.
@@pagefault404 Short answer, no, it's a hardware bug that they've mitigated by releasing a new V5 yubikey with new firmware. All pre 5.7 will alway be vulnrable now.
From what I can tell, QR codes are not stored in the app/device, they are stored in the key. You can require the app to provide a password to the key before the key will allow the app access to the QR codes in the key. Any device with the app and the key password will have access to all the QR codes.
Argh my oldest one is 4.x firmware. Got a new one. Thanks Shannon!
Can you use older Yubikey's as your backup and use the current firmware for your EDC? Then I can retire my old keys for backup only.
Absolutely! Use them as long as they work!!
@ShannonMorse
Thanks... I thought that would ve the case, BUT when you have access to someone who knows what they are talking about, that is when you ask those questions that sit in the back of your mind.
I'm retired now but I used to be both an UNIX Systems Administrator & a Custom Software Developer back in the 80s & 90s. My programming skills didn't survive the millennium.
I'm older than the Internet!
The Internet will outlive me, but
It will take a few decades for it to be as old as me!
I struggled to get my gmail account to allow me to connect 2 yubikeys. I could connect either one seperately but when I went to add the second I got an error message. Do you have a work around for this as this stopped me moving forward yubikey due to not wanting to lose access to an account should I lose that one key.
You don't add a 2nd key directly to gmail. You do what she explained, take a screenshot of the QR code and add it manually to both keys. It's not a difficult process and if you have a way to safely store those QR codes offline I would do that as well as it gives a 3rd backup.
@@ElmoFuntz Ok thanks for that I will have to do some further investigation as at the time I was following instruction from a video on the Yubico channel "Secure your Google account with a YubiKey" which seemed to be saying once you have connected one you just repeat the process with the other and bobs your uncle, however there was no voice over just the video, this was two years ago. Could be things now are different.
For a video that revolves around firmware, I'm somehow missing the most important point: How do I install the firmware on my hardware? Or do I have to replace my entire hardware with every firmware version update and spend a shitload of money?
Yes to your last point, unfortunately
So tell me Shannon, you are replacing all your existing Yubikeys with new ones cause all the new benefits you can only get with new Yubikeys only?
If we're not including all the ones I use for my demo videos, yes, I am. It's a small price to pay for a product with no subscription fees and fw 5.7 has lots of worthy upgrades. I consider this like upgrading my phone. It's a cost, but also an investment in my own personal security.
@@ShannonMorse thank you, that makes sense to me. The “old” ones are still good for a backup? Or do you destroy them?
They work great as backups! Otherwise I'll remove them from my online accounts and gift my old ones to friends. I try not to throw away electronics if they still work
Some people are complaining that after purchasing the yubico keys 🔑 the are getting the old keys.
Surly, Yubico should remove their old keys ?. It would be totally frustrating, buying a new key, only to receive the old key version in the post.
Thanks Shannon, that really helped!
I'm struggling trying to figure out how to set up my two YubiKeys with 1password. I find it ridiculously difficult and frustrating. I don't understand why the authenticator has such a terrible ui or why it can't just walk the user through the setup and prompts for a backup key. Not knowing what I'm doing with the fear of killing this very expensive key is disheartening to say the least. Being worried about my security is bad enough without worrying about locking myself out of everything if I screw this up
I love the hair!! 🥰🥰
So, jsut to be clear. I will need to carry this key (Yubikey) around with me and will need to insert it into my Mac whenever I need to log into my accounts. Is that correct?
Yes
Buying a third YubiKey... nice
My biggest gripe about the YubiKey's is not having a synchronized relationship in some form, where I have YubiKeys permanently plugged into my laptops, and then a portable one on my keychain which can serve as a backup to them, or be the primary for my phone. Having to program the same TOTP token into multiple devices would not be fun, especially when I'm staring at 40+ right now.
I got 100+ tokens. KeePassXC's TOTP function FTW (of course separate database)
to bad that the YubiKeys cannot be updated to the newest firmware will have to put new once on my Wishlist hehehe
Especially when there is a vulnerability discovered that could be fixed with a firmware update
@@bluzytrix Don't tell that to Google, the Titan Security Key firmware is upgradeable. In fact, all security devices should be able to patch/update. Requiring users to purchase new hardware after every firmware update is ridiculous IMO. This business practice just encourages people to not use Yubico products or more likely, continue using outdated/vulnerable Yubico products.
@@bluzytrix makes total sence. How often are they being updated ?
Thank you, very useful video!
So very annoyed with the firmware updates... love that they're more secure, hate that they've made HUGE updates back to back. Ordered 50 keys for my staff the day the last new update released, but the box from Yubi had all OLDER firmware without the new storage limits, etc. :(
Yooo, Im in the process of writing a proposal for my job. Thanks for providing the whitepaper.
Takk!
Thank you for the support!! I appreciate you so much!! 💖🥰
Hey Shannon, you have a missing peace of mine in your video: scanning the qr code twice!!! Original Yubikey tutorials are bad unfortunately, I am happy to have watched yours!
Why don’t you show us how to make yubikey only login on Mac?
Yubikey is worthless
Starbuck is only trying to let you know your order is ready.
Hahaha well, she was named after battlestar Galactica, not the coffee brand
Nice one
Am I the only one who has like 100 TOTP keys and can't fit them all onto a single key??
The thumbnail looked different, I thought it was a different video.
Can’t stand the new hak5 host, wish you did more security news
Starbug? like Red Dwarf??!
Cough cough... Clearing out old stock ?
Your cat is just worried about being eaten!
You fly over how to make a second key too quickly. A new video showing exactly how to make a second key with this new version of the desktop app would be appreciated. I think your previous video is no longer correct. What do I do with the QR code that I've saved? How do I use it to make a second or third key?
Yubico Management : Hey folks sales are slumping what are we going to do?
Answer: I know, come out with new firmware.
Management: Good answer, good answer. (Applause from the board room)
I understand the security behind non upgradable firmware but what is preventing this mentality?
they hack this yubikey you didnt watch the news yet
😃
As much as I like you the product and company are absolute poop! Don’t buy from YubiKey!
Isn't this bad timing promoting these? 🤔
A COMMENT IA M ALLOWED TO MAKE
Nope
All current keys are vulnerable, do not use!!!!!!!
This is not true. They have been shipping 5.7 keys since the end of May. We just ordered several and all were the new firmware.
No need to panic, it's a very theoretical attack and using the older keys is still miles better than not using hardware keys.
So is RSA and ECC, beware of the quantum computers!!!! No OnE iS sAfE LOL