Jeber Posted July 24, 2018 Posted July 24, 2018 One of the best aspects of this forum is the ability to ask a question and get honest, simple, down-to-earth answers that are informative and easy to understand. For years I've seen references to physical security keys like Yubi keys. I've always been big on security. I use 2-factor authentication anywhere it's offered, even if many sites employ it in a way that makes it inconvenient and cludgy. Based on what I've read it seems that Yubi-type keys provide the same basic security that 2-factor does. The key is registered to you (somehow) and the fact you have it in your possession and can plug it into your USB port proves you are you. Looking closer I see there are a couple of different standards, U2F and FIDO2 appear to be the most common. That's pretty much what I know about these things. So, my questions... Are they really useful? Is using a key more secure than having codes sent to your phone? How do you employ these if you're logging in from a phone or non-USB tablet? Can they be used at work, using different credentials, or do you need a separate key for each account? Is there value in spending $20-50 for a replacement for text codes? Any other info or opinion welcome. Quote
Fuddster Posted July 25, 2018 Posted July 25, 2018 While I've never used hardware for 2FA (other than my phone), hardware keys seem to work for Google. Quote
securitybreach Posted July 25, 2018 Posted July 25, 2018 I have used a yubikey for many years but I also use Google Authenticator for the services that do not offer OATH tokens. I mainly use my Yubikey for LastPass to unlock and authentic my browsers. I also have it set up to unlock my desktop using PAM https://www.jamesthe...-and-u2f-login/ Quote
Peachy Posted August 15, 2018 Posted August 15, 2018 I've had a YubiKey for a decade now. I just bought the latest version with newer 2FA support. I believe they have an NFC version of the YubiKey for phones and tablets (not for iOS, though). I used to use it with OpenID and had my personal website be the authenticator of my identity. That was a cool setup. Unfortunately, almost nobody uses OpenID 1 Quote
securitybreach Posted August 15, 2018 Posted August 15, 2018 That's very cool Peachy. My poor website has had a place holder for years now. I really should do something with it. Do not get me wrong, I stay connected to the host machine and use it all the time but the website and domain are not getting used any. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.