Jump to content


Yubi keys and 2FA

security 2factorauthentication yubi keys

  • Please log in to reply
4 replies to this topic

#1 OFFLINE   Jeber

Jeber

    Still Version 1.0 beta

  • Forum Moderators
  • 4,637 posts

Posted 24 July 2018 - 07:26 PM

One of the best aspects of this forum is the ability to ask a question and get honest, simple, down-to-earth answers that are informative and easy to understand.

For years I've seen references to physical security keys like Yubi keys. I've always been big on security. I use 2-factor authentication anywhere it's offered, even if many sites employ it in a way that makes it inconvenient and cludgy.

Based on what I've read it seems that Yubi-type keys provide the same basic security that 2-factor does. The key is registered to you (somehow) and the fact you have it in your possession and can plug it into your USB port proves you are you.

Looking closer I see there are a couple of different standards, U2F and FIDO2 appear to be the most common.

That's pretty much what I know about these things. So, my questions...

Are they really useful?
Is using a key more secure than having codes sent to your phone?
How do you employ these if you're logging in from a phone or non-USB tablet?
Can they be used at work, using different credentials, or do you need a separate key for each account?
Is there value in spending $20-50 for a replacement for text codes?

Any other info or opinion welcome.

He was a dreamer, a thinker, a speculative philosopher, an idiotĚ
(Douglas Adams)


Jeber Central
Jeber's Journal


#2 OFFLINE   Fuddster

Fuddster

    Post Master

  • Members
  • PipPipPipPip
  • 141 posts

Posted 24 July 2018 - 09:04 PM

While I've never used hardware for 2FA (other than my phone), hardware keys seem to work for Google.
MAXIM 41: "Do you have a backup?" means " I can't fix this."

Posted Image

The Rute Cellar | Fuddster on Twitter

#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,841 posts

Posted 24 July 2018 - 09:22 PM

I have used a yubikey for many years but I also use Google Authenticator for the services that do not offer OATH tokens. I mainly use my Yubikey for LastPass to unlock and authentic my browsers. I also have it set up to unlock my desktop using PAM  https://www.jamesthe...-and-u2f-login/
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   Peachy

Peachy

    Anarquista De Sartorial

  • Forum Moderators
  • 5,446 posts

Posted 15 August 2018 - 05:58 AM

I've had a YubiKey for a decade now. I just bought the latest version with newer 2FA support.

I believe they have an NFC version of the YubiKey for phones and tablets (not for iOS, though).

I used to use it with OpenID and had my personal website be the authenticator of my identity. That was a cool setup. Unfortunately, almost nobody uses OpenID

'freedom...is actually the reason that men live together in political organisations at all. Without it, political life as such would be meaningless. The raison d'Être of politics is freedom, and its field of experience is action'.
My Flickr Photo Blog Posted Image
del.icio.us bookmarks Posted Image


#5 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,841 posts

Posted 15 August 2018 - 03:35 PM

That's very cool Peachy. My poor website has had a place holder for years now. I really should do something with it.

Do not get me wrong, I stay connected to the host machine and use it all the time but the website and domain are not getting used any.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984





Also tagged with one or more of these keywords: security, 2factorauthentication, yubi keys

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users