You Should Be Using Yubikeys!

  Рет қаралды 820,731

Crosstalk Solutions

Crosstalk Solutions

Күн бұрын

Пікірлер
@APrintmaker
@APrintmaker 4 жыл бұрын
Very useful. I too had Yubikeys on hand waiting to understand how to use them. Multiple keys per account info helped alot.
@stevenhatcher6760
@stevenhatcher6760 3 жыл бұрын
Just ran across this video... All I can say is THANK YOU! You did an amazing job at laying out what Yubikeys not only are, but the demos were off the chain! Keep up the great work sir!
@grantrettke4851
@grantrettke4851 3 жыл бұрын
Best balance between skimming over details to make it short and going way over time to make an exhaustive yet way too long video. Key points are covered. Points out of scope are stated as such. Points that have bigger implications and do need consideration at some point, are also made clear: things that make you think. Ideal balancing a critical yet confusing topic. Great vid.
@obiwan300
@obiwan300 4 жыл бұрын
For your time codes to automatically put "chapters" on your timeline, you have to put a 0:00 time code in the list. Great video!
@betterwithrum
@betterwithrum 2 жыл бұрын
yeah at 25:30 I was like, 'this is really good, but I gotta go'
@mikeoreilly4020
@mikeoreilly4020 4 жыл бұрын
I've always found Ubikey's own documentation to be fairly obtuse. Thanks for the clearest explanation yet.
@rexjuggler19
@rexjuggler19 4 жыл бұрын
We have company issued Yubikeys for over 5 years and you are exactly right about how good they are. Even though I'm a very long time user, I am so glad you made this video. I have actually been wanting to use Yubikeys for my personal accounts, but hadn't invested the time to figure out how to set it up. So I've been using the MS and Google authenticators. But I prefer the yuibikey for the same reasons you cited. I was working in Germany a couple years ago and forgot my yubikey at home and needed access to our corporate VPN. We fortunately had an office a couple hours away and I was able to get a replacement through our IT. But I wasn't sure if I could setup a couple so I'd have a backup. I also wasn't sure about how to get it to work with a phone since my company issued yubikey is the USB A style. You really answered ALL my questions. I'm going to hit your link and pick up a few.
@rexjuggler19
@rexjuggler19 4 жыл бұрын
Yes, I am replying to my own post. I just received the 2x5NFC USB A's today that I ordered. I am even more positive now than before that this is what I needed as I spent a time over the weekend looking at the key capabilties. I am buying another 2 of them. I am getting a set for my wife for her to use for her accounts. As with most people, her security awareness is limited and it is pointless to preach about it to people. You just need to provide them with something secure and simple which this really does. It also means I can authorize all 4 on joint accounts so that if something happens to me she will have access to our accounts like gmail, 401k, banking etc. I work on numerous linux systems via putty and ssh and was very pleased I can use putty-cac as well even if the PC doesn't have a SmartCard slot. I tried it out earlier today on a few systems and works great. I had looked into SmartCard as an option about a year ago as a personal security solution, and dismissed it due to not working with phone and needing a reader among other shot-comings. I do use a CAC SmartCard for work, but only have the reader on my company issued laptop. This yubikey solves so many problems. I didn't know it had so many authentication choices. However, BEWARE - You need to get at least 2 and make sure you setup the additional keys or you WILL be locked out of your account if something happens to your main key. That should be made clear to someone considering this.
@wifienabled
@wifienabled Жыл бұрын
​@@rexjuggler19 there are recovery codes in the event u lose your physical keys
@carlode3593
@carlode3593 3 жыл бұрын
Thank you for your thorough summary of Yubikeys and set up. Bravo!!
@VirgilNicolae
@VirgilNicolae 4 жыл бұрын
Thanks, Chris! Using them already for about 3 years but managed to find some new things watching your video!
@CrosstalkSolutions
@CrosstalkSolutions 4 жыл бұрын
Great to hear!
@AmichaiRotman
@AmichaiRotman 2 жыл бұрын
You don't have to use the manual method to configure the same TOTP on all your YubiKeys, just switch between them while on the QR Code screen and enter the TOTP from the last key you configure to finish the respective service TOTP setup.
@cbrunnkvist
@cbrunnkvist 4 жыл бұрын
"Scanning" the desktop screen by the desktop app is a pretty neat little usability hack! I haven't been using the app but now I'm sold on it 🤓
@HouseDyson
@HouseDyson 3 жыл бұрын
The acting for the google Authenticator is top notch lol. Great video!
@sdiggly
@sdiggly 4 жыл бұрын
Wow, great video! Extremely informative, very well edited. This was exactly what I needed, thank you!
@paulrobertmarino7623
@paulrobertmarino7623 4 жыл бұрын
For TOTP you can use the QR code to program multiple Yubikeys simply program one and do not put the code from the key into the site, then insert your second one and add it there two and once you've programed the last one then enter the code into the site. As an alternative for having multiple keys for TOTP you may copy the code or QR image and store it in an encrypted file using tools like GPG/OpenPGP but that is an other subject, sort of... it would have been nice to cover the PGP functions of the Yubikey as well, may be that can be a future video :).
@ahensley
@ahensley 2 жыл бұрын
If you do this I don't believe you'd be able to revoke them individually, i.e. in case you lost one. You'd just have to remove and re-add the one you still have.
@MitchKarajohn
@MitchKarajohn 2 жыл бұрын
@@ahensley on the contrary, in that case if you lose one key you can just get a new one and feed it the existing TOTP seed (the original QR code/secret code). This way you don't have to invalidate existing TOTPs and redo them all over again in both new and old keys. (If there is a chance that you lost a key to someone who also has access to your passwords then the correct thing to do is actually invalidate existing TOTPs and redo them, not reuse existing seeds)
@gsawnv
@gsawnv 4 жыл бұрын
Love the 568B artwork on your wall.
@AnimalFacts
@AnimalFacts 4 жыл бұрын
Where can I get that shirt? Need!
@domzzz1244
@domzzz1244 4 жыл бұрын
Same, LINK!!!!
@YadraVoat
@YadraVoat 4 жыл бұрын
I trust you recognize its from the Chromium browser's unreachable-location minigame? :-)
@cocotug0
@cocotug0 4 жыл бұрын
probably not online...
@ChrisHolt1
@ChrisHolt1 4 жыл бұрын
TEEPUBLIC has several designs. I like this one www.teepublic.com/t-shirt/2053315-chrome-t-rex-dinosaur-rawr
@itchytastyurr
@itchytastyurr 3 жыл бұрын
make a stencil out of lego and ink stamp it on....
@jonathanshaw6784
@jonathanshaw6784 3 жыл бұрын
Regarding Tile, they work via bluetooth not GPS, so they will only give their location if they are near your phone (or near someone else's phone with the tile app). It works well for if you can't find your keys in your house or to check they're in a bag, much less useful for tracking a stolen bike.
@RETRO-CONSOLE-GAMER
@RETRO-CONSOLE-GAMER 4 жыл бұрын
Chris U have converted me to this yubikey, Thanks i feel much safer now , great vid
@adamkee97
@adamkee97 4 жыл бұрын
Now, this is neat. I never know those accounts are stored in the keys. I started using Authy last year because it can back-up my keys. But that means my secret codes are now on the cloud. I need that feature so I won't lose them whenever I reset my phone, which I do every time when it gets a major system upgrade. I don't lose my stuff easily, so having a key is better than having an app. Thank you for such an informative video.
@g-wizgeorge4454
@g-wizgeorge4454 4 жыл бұрын
You mentioned “losing” one of your Yubikeys. What’s the best practice for moving forward if you believe it to be truly lost or stolen? That would make a good video.
@Gersberms
@Gersberms 4 жыл бұрын
It depends on the account you lost. He briefly mentioned backup codes, I've seen that several times now that you get backup codes when you set up 2FA. Save those codes, and do not lose them. If you do, there may be no way back. I lost my Steam Authenticator, and had to contact support to get it straightened out. 2FA kind of worries me for that reason. Same problem with one time use texts, if you lose your number or your phone.
@ulbuilder
@ulbuilder 4 жыл бұрын
Get two yubikeys and lock one of them up in a safe place, many sites will let you register multiple MFA devices. So if you lose one you can log in with the other key, delete the lost one and register the replacement. On sites that do not allow that they will have some sort of backup code or method. Put that info in a safe place.
@AmandeepSingh-oe4te
@AmandeepSingh-oe4te 4 жыл бұрын
Simply buy ledger Nano s or Trezor T which only unlock after entering pin on the device. You only need to keep a 24 or 12 words backup if you lose your device, just buy another. They both offer Fido 2.
@Anaerin
@Anaerin 4 жыл бұрын
I'd love an answer to that too. How do you invalidate a Yubikey if it is lost or stolen, to stop it from being used maliciously, or is the only way to manually remove it from all your accounts? Is there no way to say "I no longer have this key, remove all the accounts from it"?
@ystebadvonschlegel3295
@ystebadvonschlegel3295 3 жыл бұрын
@@Anaerin Exactly - seems like you'd have to keep a list of everywhere it was registered and then go chasing them down manually. I know I won't do that (keep an up to date list)
@Bond2025
@Bond2025 Жыл бұрын
07:50 I disagree, having a further layer of security or two to get in to the authenticator increases security. How many people are going to type in 6 numbers wrong? There is a huge security issue of having Yubico putting things on the clipboard, especially when malware is looking for that.
@mdkv4
@mdkv4 4 жыл бұрын
Funny, I just finished setting mine up last night! Ordered two more for my parents.
@donovansobrero9553
@donovansobrero9553 4 жыл бұрын
been using a yubikey for years have a few of them. it's important to note if you set everything and then loss the key your going to have a problem. So its best to have two 1 you use and one you keep in a safe place with the same sites configured on it.
@KrispyKrink
@KrispyKrink 4 жыл бұрын
Great video! I use the 5ci as primary and 5 NFC as secondary. I also have my PGP keys on my 5ci.
@azclaimjumper
@azclaimjumper 2 жыл бұрын
I now have my two 5NFC YubiKeys "Smart-Card Enabled" on both of my Macs meaning that the only way I can log onto either computer is to physically insert the Key into a USB port & enter the PIN. Passwords no longer work. Pairing my keys to each computer was easy peasy. Getting the "Smart-Card Enabled" on my computers required the same effort Generals in WWII had in planning the D Day invasion. Apple articles are incomplete & I never did find or talk with a Senior Tech Advisor that had ever even dealt with the codes required that need to be entered in Terminal. Either Passwords or the YubiKey can be used to log into a computer if "Smart-Card Enabled" isn't enabled which seems to me to defeat the purpose of YubiKeys. Yes, I've just subscribed & rang the notification bell. Warm Regards from Reno, Nevada.
@iThinkergoiMac
@iThinkergoiMac 4 жыл бұрын
Great video! It's worth noting that for most accounts, even if you miss typing in the code before it expires, as long as you know it, you can still enter it for some time (usually between 5 and 15 minutes). Obviously, as soon as it expires you can't see it anymore, but if you still remember it, you can still enter it.
@wifienabled
@wifienabled Жыл бұрын
that's a hazard if u think about it
@contextmatters8243
@contextmatters8243 3 жыл бұрын
Excellent! I just got the 5 NFC and answered EVERY question I had (spent hours trying to connect the dots)... Thanks a bunch!
@JCtheMusicMan_
@JCtheMusicMan_ 3 жыл бұрын
Is it recommended to buy two keys per user in an enterprise setting? Users are notorious for losing things 😅
@JimPeiffer
@JimPeiffer Жыл бұрын
Thanks Chris, great presentation. Have had a Yubikey for several years but only used it a few times so this was a great refresher.
@kensmith7417
@kensmith7417 3 жыл бұрын
Second Yubikey just got here, third is on the way, love them.
@olafschermann1592
@olafschermann1592 3 жыл бұрын
Thank you for that great overview and answering all of my questions before i could even ask them.
@jeremyleonbarlow
@jeremyleonbarlow 3 жыл бұрын
I'm just under two minutes into the video, I'm hopeful that this provides an answer about what to do if you break one, because I have been known to break tiny things like a USB Key, so that has been my biggest fear about them. I mean do you have a backup key? Can you make new backups if you need to use the backup because the original broke?
@matthewsheeran
@matthewsheeran 3 жыл бұрын
Yes if I were to use them I would and you can have multiple keys. Just like backups go for 3 keys one of which is off site but in a secure place. One on you, a replacement hidden somewhere in the house and another secured off site. He is actually wrong or misunderstood when it comes to having multiple token generators: just like backups you have a sequence of secure backup keys.
@thomascruz210
@thomascruz210 2 жыл бұрын
Good
@3QuaNiMiTyy
@3QuaNiMiTyy Жыл бұрын
You can't make a backup of a Yubikey, each Yubikey will forever remain a separate key with its own identity. What you can do is have several Yubikeys affiliated with a single account such that losing one means you can use the other. Any lost key needs to be manually removed from an account/website.
@ricsip
@ricsip Ай бұрын
​@@3QuaNiMiTyyExactly like that! This should be a 1st pinned comment under this video!
@d3m3tr3s
@d3m3tr3s 4 жыл бұрын
Chris, I love your videos and especially this one, I saw it maybe more than 10 times....and if you see the rest of the comments, I purchased two using your links. But l figured that yubikeys are NOT faster than any Authenticator app and let me tell you and prove you why: I spend a whole evening trying to setup my 2 yubikeys, a 5Ci that I will use as a backup (got the idea from you) and a 5C Nano for my laptop. Later on, I decide to go to bed as I had to wake up early next day. So while I’m on my bed and using my phone trying to fell asleep, I decide to check my unify network, by using the “Unifi Network” application but, it asked my for a 2 step authentication. Unifi was one of the first setups I did with Yubikey since I saw that also on your video. So the fact that I had to get up, go to the living room that I had my laptop and next to it my 5Ci yubikey, so I will put it on my phone, in order to login to Unifi Network app, make me realize that yubikeys are NOT faster than my Authy app which was still installed on my phone but without my Unifi auth, since I removed it once I install the auth on my yubikey. I never made it to my living room since it wasn’t so important to go, but definitely made me question my self why I should move from Authy app, to a yubikey. More secure? Probably....but I feel like you want a house without glass windows just for the ONE chance that burglars brake the windows and get in your house. Nobody is building a house without glass windows, right? Although the possibility is always there, that burglars can get in. I hope you understand my point! I will try to use my yubikeys since I bought them, but I don’t know how convenient they are to be honest.
@bennettrichards6851
@bennettrichards6851 4 жыл бұрын
The only problem I have found with my YubiKey 5 NFC is that not all companies have changed their 2FA to use hardware Authorization... I wish YubiCo would update owners when they add new partners. Otherwise I love YubiKeys. They are about to come out with a Fingerprint YubiKey.
@jodroogmans9374
@jodroogmans9374 3 жыл бұрын
Awesome, just the video I was looking for. Bonus that all the abbreviations are explained as well!
@YuriShevchouk
@YuriShevchouk 4 жыл бұрын
When you talked with your yubikey engineer friend what did he say that made you use it.
@AlexsaurusRex
@AlexsaurusRex 4 жыл бұрын
Probably that it's faster than using authenticator apps on your smartphone. Also that he showed him how to use it since he was unaware of how they worked
@tadbarker7082
@tadbarker7082 3 жыл бұрын
I’m a tech moron.... and was filled with dread at having to update my entire online security & password collection over various macs. This video has really helped ! I think I can now master this with a bit of time. Thanks 🙏
@cristalballena-hotel
@cristalballena-hotel 4 жыл бұрын
Great video, thank you for giving this profound overview.
@CrosstalkSolutions
@CrosstalkSolutions 4 жыл бұрын
Glad you enjoyed it!
@vorrac
@vorrac 2 жыл бұрын
Nice Video, I got a yubikey a few months ago but I wasn't using it to it's full potential, this video helped me understand what are the capabilities, thanks!
@daphbobo
@daphbobo 4 жыл бұрын
I like the grumpy man typing google authenticator code.
@daphbobo
@daphbobo 4 жыл бұрын
I use ubikey. I like it.
@Mopki3
@Mopki3 3 жыл бұрын
I purchased 5 NFC and 5C NFC. I'm ready to set them up now that I lost my job. I wish I found you before and used your link. Great video!
@Agamerfr0zed
@Agamerfr0zed 4 жыл бұрын
Must have for Emails and Password managers. I just wished more websites would support security keys.
@TheCowboy4000
@TheCowboy4000 10 ай бұрын
Especially banks. Wish my bank and credit union would support it 😭
@alpham8754
@alpham8754 4 жыл бұрын
Thank you for that great product advertising. But I'm missing one topic completely: PGP transfered keys to the YubiKey: a) Usage in general b) What if you loose the YubiKey with the transferred private PGP key part? Just use the key backup that you hopefully did before transferring it? c) How do you revoke already published PGP keys from an lost YubiKey on the corresponding (public) PGP key servers? I'm currently struggling a bit with that YubiKey 5 NFC variant to use it with my PGP in order to sign or encrypt my mails on desktop client or on android client using the NFC interface...
@matthewryan
@matthewryan 3 жыл бұрын
Hmm... Doesn't leaving the key plugged into your PC with the app running kind of defeat the object? Not unlike leaving your password on a post-it note under your keyboard really :-0
@warcorer
@warcorer 2 жыл бұрын
That’s why I prefer to use a password manager and have the yubikey work with the master password to access the manager.
@adamyork2333
@adamyork2333 2 жыл бұрын
Doesn't the yubikey (at least some models) still require biometric authentication before it works even if plugged in?
@word42069
@word42069 2 жыл бұрын
It would still need to be tapped by your fingers to activate… but yes, this has crossed my mind as well. For that I personally would steer clear of the “leave-in” ones… though i think the concerns are irrational for most security threats.
@ADeeSHUPA
@ADeeSHUPA Жыл бұрын
@@warcorer نَيس
@hyperfluff_folf
@hyperfluff_folf Жыл бұрын
In fact no, and thats why things like the trusted platform module and ssh keys exist, its just a second factor so if somebody wanted to hack your account they need your password too, or the other way around if they have your password they would need to hack the pc too to get the login done, but the yubikey requires button confirmation before login so thats fixed too
@quddus404
@quddus404 2 жыл бұрын
If you kept it going till now you have all the respect that I can give
@dennisvanlith
@dennisvanlith 4 жыл бұрын
I absolutely love my YubiKey. The only downfall is the lack of support on many sites and web apps on the u2f protocol. I have tried many times to push these hardware keys on UniFi, Synology or others. But they rarely respond on the request, due to lack of the user base usage. The more people keep asking for these requests. The faster it will be taken into consideration.
@CCoburn3
@CCoburn3 Жыл бұрын
It’s a chicken or egg situation. No one wants to spend money on a piece of expensive junk that isn’t useful on more than a handful of sites that virtually no one uses. But no sites want to spend the resources to support Yubikey until more people buy them.
@ricsip
@ricsip Ай бұрын
​@@CCoburn3well, everyone has a google + most probably a msft account as well. Add twitter, github, facebook, and then its quite a meaningful list. Annoying that no others really support it, yesp, I acknowledge this.
@robwin0072
@robwin0072 Жыл бұрын
Hello, you mentioned PIN on your Yubikey a few times; when would one use the PIN for the Yubikey? Is it FIDO or FIDO2, or both? When should the PIN be set up, and where and how is the PIN setup done?
@matthewgrotke1442
@matthewgrotke1442 4 жыл бұрын
Thank you for the informative video. I was wondering if Google accepts Yubi Key for logging into Gmail, Google Account, etc.
@MrWarrenJH
@MrWarrenJH Жыл бұрын
Yes they do
@Bond2025
@Bond2025 Жыл бұрын
12:20 I can use the AUTHY application on a laptop and cut and paste the keys straight in to sites. No having to spend longer finding a key and pressing on it, then copying over etc. Why add extra stages?
@dhanushkavithanage232
@dhanushkavithanage232 4 жыл бұрын
Really good content, thanks. If the key is stolen how difficult would it be to retrieve stored data?Are the data encrypted on the key?
@sugafreebree
@sugafreebree 2 жыл бұрын
Thank you so much, this vid is amazing. You answered every question I had about the different application types. Simply brilliant! I am so thankful for you and you sharing your time.
@Nettechnologist
@Nettechnologist 4 жыл бұрын
I wish they had a screen for totp, with out having to plug in the device into a machine for those areas that we can’t install software nor plug usb into them
@jimmymifsud1
@jimmymifsud1 4 жыл бұрын
I’ve used the NFC on some secure industrial machines
@deusexaethera
@deusexaethera 4 жыл бұрын
RSA hardware keys exist.
@Nettechnologist
@Nettechnologist 4 жыл бұрын
@@deusexaethera Are you saying you can use RSA keys with Yubikey? I have extra RSA keys and didn't think this was possible
@FirstLastOne
@FirstLastOne 4 жыл бұрын
I was intently listening to you describe why I should be using a Yubikey and looking at the artwork on the wall behind you. I know I am really tired and need more sleep but I thought I'd keep watching as long as I could and then it hit me as to why that artwork looked so familiar. When you terminate enough network cables in your life that you can do it in your sleep, things like the T-568B standard just becomes like a white wall or a white ceiling. It's there but you just don't see it and yet you known it there.
@triularity
@triularity 3 жыл бұрын
@16:46 - The collectable value on that special edition key dropped 99% the second you opened the original packaging. ;)
@DaiBach99
@DaiBach99 4 жыл бұрын
BTW Tile will not locate your property by GPS, only Bluetooth, so it has to be within Bluetooth range to be located (pretty short range). You might get lucky and another Tile user may "find" it and share location with you.
@tedherman38
@tedherman38 4 жыл бұрын
Dangit Chris! I’ve been thinking about doing this for a while. 5C NFC is ordered.
@Inertia888
@Inertia888 3 жыл бұрын
I may be overly concerned about hackers, but personally I would not go with anything that is wireless when security is concerned. Wireless just provides one extra weak link in the chain. When using radio technology, i.e.: "NFC" I do suggest making yourself aware of the exact radius of that particular radio transmission.
@joshuanbray
@joshuanbray 3 жыл бұрын
@@Inertia888 Just the info I was looking for, thanks m8!
@johnzoidberg9764
@johnzoidberg9764 3 жыл бұрын
@@Inertia888 got credit/debit card?
@Inertia888
@Inertia888 3 жыл бұрын
@@johnzoidberg9764 yes, I do. and I change my numbers every few months just in case it has been compromised.
@joecicero1691
@joecicero1691 2 жыл бұрын
Question: If you're using a Yubikey to unlock your android then you have to get it out and stick it into the USB-C slot each time the android times-out on its own, which commonly happens when the phone is set down for any number of reasons, or when the user only needs to look something up quickly, then turns it off after doing so. The usual scenario is the user swiping the screen, then tapping in the pin, then going in for whatever reason. So with the security key enabled, the user has to tap in the pin, then get the key out and stick it in. This scenario can occur several times an hour, certainly a dozen or so per day....I use a clamshell key case with a zipper that I need two hands for, and if I carry the key in it I'd need to set things down, get out the case, unzip it, deploy the key, zip the case back up, pocket it and proceed.......way too tedious.....advice? Thanks in advance, Joe
@3QuaNiMiTyy
@3QuaNiMiTyy Жыл бұрын
You could use the NFC version which only requires you to tap the phone on the back, also there are often options to "trust a device" such that you do not have to use your second factor either indefinitely or for a defined period ("don't ask me for 1 month etc").
@jpenn727
@jpenn727 3 жыл бұрын
I would love to be able to import my authy records into a yubi account.
@VPC
@VPC 3 жыл бұрын
Youd basically just go into your accounts and disable your authy 2 factor authentication, then set them up again but on the Yubi account
@GusFliesBlind
@GusFliesBlind 4 жыл бұрын
Hey Chris, are you sure about being able to backup TOTP codes to multiple yubikeys? I'm not able to reproduce that. I bought two keys (a 5 NFC and a 5 Nano) and set up 2FA on my Ubiquiti account, exactly as you do in the video. But when I add the code from the Ubiquiti page manually to each of my two keys, they generate different codes. You have to copy one of the generated codes back to the Ubiquiti page to complete the process, and only the key that generated that code will work for logging back in. I hope I'm missing something because I bought these two keys because you said I could have a backup... :)
@GusFliesBlind
@GusFliesBlind 4 жыл бұрын
Nevermind. Figured it out. I was using 2 different computers. If I use the same computer/authenticator app it works as expected.
@mvl8209
@mvl8209 4 жыл бұрын
I was constantly thinking "something in the background looks familiar, but I can't pinpoint it... Then my eye fell on the frame hanging next to your youtube reward button thing, and it clicked :D
@mvl8209
@mvl8209 4 жыл бұрын
@fuck google It's a wiring diagram for Ethernet cables www.google.com/search?q=ethernet+wiring+diagram&sxsrf=ALeKk00UdIyMZp6J_v1JjfzmBKeHK0SxRQ:1606463841336&tbm=isch&source=iu&ictx=1&fir=d3PlvGVMrC5arM%252CV-i5CBR7Nb_OJM%252C_&vet=1&usg=AI4_-kSGgTtbv7cz3tvqafq7529zknD0IA&sa=X&ved=2ahUKEwj3vO2UoKLtAhWNmKQKHeGNA50Q9QF6BAgCEFU&biw=1536&bih=722#imgrc=d3PlvGVMrC5arM
@terrancejhedrick
@terrancejhedrick 3 жыл бұрын
Thanks for the incredibly useful video! You demystified a lot of information in a clear way!
@ajbeau_au
@ajbeau_au 4 жыл бұрын
What about push notification to auth app? I can accept a prompt in about 2 seconds by accepting it on my watch. Just saying...
@VPC
@VPC 3 жыл бұрын
Convenience VS security
@daromee
@daromee 4 жыл бұрын
Yes I bought two and they have been lying on my desk for two years as I tried to use and got all mixed up so hopefully I will be able to understand how to use (haven't listened to your clip yet).
@SDWNJ
@SDWNJ 4 жыл бұрын
I can’t look at that painting in the background without thinking of pixie sticks.
@kd0dbw
@kd0dbw 3 жыл бұрын
It's the wiring order for a ethernet connector
@neuideas
@neuideas 2 жыл бұрын
How reliable are Yubikeys or Fido keys in general? How long do they typically last; how often will you need to replace them (assuming they aren't lost or stolen)? They seem pricey, compared to, say, housekeys. Will wider-spread adoption make these keys more accessible to people on a tight budget? Can they be scanned by X-rays or other detection technologies without damaging them? How difficult is it to physically destroy them or render them unusable? Are there good alternatives?
@joselegarza148
@joselegarza148 3 жыл бұрын
Thank you, this took me over the top, I ordered Yubikeys (from your link, of course) for the family. One question remains. What happens with the lost backup Yubikey? Do you have to reset all the logins?
@bluekeybo
@bluekeybo 3 жыл бұрын
Add a password to it. So if someone steals it, they'd have to know both the yubikey password and the account password.
@samrichardson9827
@samrichardson9827 3 жыл бұрын
Pristine clear and relevent tube. Thanks so much for such a nice review of the Yubikey products !
@vze4p6c2
@vze4p6c2 4 жыл бұрын
Up next: Built in yubikey into cellphone for additional $300 for easy access
@TheBurzhui
@TheBurzhui 4 жыл бұрын
🤣👍
@bens1058
@bens1058 4 жыл бұрын
Google has already done this. The Titan chip is in some Google phones.
@magfal
@magfal 4 жыл бұрын
The basic hardware is there already, in sim cards.
@autohmae
@autohmae 4 жыл бұрын
Actually, many phones already have something like that build into it. So when your phone is unlocked, you can use it to log into systems. Both Android (since 7.x) and Apple. Apple and Windows laptops supposedly also support it. In Windows it's part of Windows Hello. In all cases I think they need to have a chip build in. Also Krypt Krypton might be an option.
@Theswissmicit
@Theswissmicit 4 жыл бұрын
Where can I get this rj45 poster you have in the back? 😀
@evancjensen
@evancjensen 4 жыл бұрын
Google Authenticator now lets you log in and migrate devices, I believe. Edit: it requires the old device, but you can scan a QR code from the old device using the new device to migrate to the new device.
@CrosstalkSolutions
@CrosstalkSolutions 4 жыл бұрын
That's great news! Excellent update. Still...I would never go back because it can't do FIDO or other enhanced types of 2FA.
@evancjensen
@evancjensen 4 жыл бұрын
@@CrosstalkSolutions I couldn't agree more! Just wanted to point it out.
@djdrastic1
@djdrastic1 4 жыл бұрын
If you're lucky the old device hasn't suffered a hardware failure,fire,water damage,theft etc I had a charging port go on my Android phone and only realized by the end of the day that the thing wouldn't take a charge and had to literally make haste to get another old spare phone setup and migrate via QR . If I didn't notice it earlier I woulda been hosed pretty badly as I've got Google 2FA on pretty much everything.
@OlegObukhov
@OlegObukhov 4 жыл бұрын
All MFA apps allow you to migrate your accounts. All you need to know is backup/recovery codes that you were provided with the first time you signed in to the MFA app.
@evancjensen
@evancjensen 4 жыл бұрын
@@OlegObukhov up until this year, Google Authenticator did not. You'd have to redo every account...
@UnstupidTube
@UnstupidTube 4 жыл бұрын
At 22:40 you added the keys manually to Ubiquiti manually to 2 keys, don't you still have to go back in to Ubiquiti and finish the process by verifying the 6 digit code generated from either of the Yubikeys?
@CrosstalkSolutions
@CrosstalkSolutions 4 жыл бұрын
Yes you do.
@ExplainicatorStudios
@ExplainicatorStudios 3 жыл бұрын
Yes, but you only have to confirm the code once with the website since both keys will be generating the same code.
@mark_loveless
@mark_loveless 4 жыл бұрын
Nice! Yes more like this. Timely too, I cleaned out a desk drawer and found some unused Yubikeys, they are getting put into place pronto.
@ricsip
@ricsip Ай бұрын
I envy your over-the-average financial status, that you have MULTIPLE unused ~100 USD ea. hardware "just laying" in your drawer, collecting dust.
@iamintractable1805
@iamintractable1805 3 жыл бұрын
I do not recommend a second device over making sure you keep the security keys (which are the same as the QR codes) stored safely somewhere each time you set up 2FA. This is no different than saving the seed words for a cold storage wallet. A second device is a convenience but not protection.
@sethalton205
@sethalton205 4 жыл бұрын
It would be nice to see them integrate biometric authentication into it (an advantage of the smartphone) would also be nice if soft token MFAs got more into MFA push notifications for wearable devices. (Giving you the same one touch MFA experience as the ubikey).
@jhb5401
@jhb5401 4 жыл бұрын
YubiKey Bio is coming soon. Has a built in fingerprint reader.
@KyleJacksonplus
@KyleJacksonplus 4 жыл бұрын
Or you could just use Secret Double Octopus and get rid of your password all together.
@theroachmotel
@theroachmotel Жыл бұрын
Your reenactment of using yukikeys was amazing and had me loling
@beardymcbeardface69
@beardymcbeardface69 4 жыл бұрын
I love using my Yubikeys and now they've brought out a model with a fingerprint reader, so... *TRIPLE* Factor for the win! Something you know, something you have, something you are!
@ricsip
@ricsip Ай бұрын
..too bad its FIDO-only! No OTP, no PIV.
@archygrey9093
@archygrey9093 3 жыл бұрын
My old thinkpad has a smartcard reader built in, was thinking using that for authentication would be pretty cool
@markarca6360
@markarca6360 3 жыл бұрын
Dell Latitude laptops have that too. Other models (like the E6400) has contactless smart card authentication.
@DonovanCYoung
@DonovanCYoung 4 жыл бұрын
Great video, but I'm not convinced it's better for personal use, you really can't beat something like 1password's cmd+/ (mac) or ctrl+/ (windows) key combo which fills your username, password, and when using OTP, the 2FA code when prompted. One and done. Also integrates into Safari and Chrome for iOS or Android. Truly a one-stop password app. Not to mention, it's stored in an encrypted vault, so it's shared between ALL your devices. Lastly, no limit on the number of sites you can use 2FA on. Yubikey seems good for large-scale 2FA implementations, but not for personal use... IMO
@liquicitizendirk2147
@liquicitizendirk2147 2 жыл бұрын
I think a middleground is perfect. Use yubikey for 1password and let 1password handle all other 2fa. I just googled and think it should work. You'd have the best of both worlds imo.
@paoloposo
@paoloposo Жыл бұрын
I think Chris got this wrong in his video. I'm not an expert on this, but I spent some time researching this because I wanted to know the technical details. If you're looking to replace authenticator apps that generate TOTP codes, a Yubikey or similar device can actually be used for an unlimited number of services. The 25 slot limit is for "Resident Keys" which are used for entirely password-less authentication schemes.
@asinheaven
@asinheaven 9 ай бұрын
When you set up yubikey as 2FA to replace 2FA via SMS text, what should you do with your phone number in the accounts, to prevent access being changed back to SMS in the event of a SIM swap takeover of the smartphone? Delete it? Most companies require a phone number, and there are times when you need to talk to the company by phone.
@garethsnaim8174
@garethsnaim8174 4 жыл бұрын
This is a hard no for me, would be lost in a minute.
@donpeer4477
@donpeer4477 3 жыл бұрын
Did you not see the part where he lost his?
@TheFeaz
@TheFeaz 4 жыл бұрын
Great video... BTW, I bought 3. :) and... as of today, the clear one is still available, although it's not NFC, costs more than all the others, and isn't on the Black Friday deal, so I passed. :) Question for you though... What do you suppose is the purpose for having the option to require you to touch your Yubikey? I mean... If I break into your house and know your password, and have your Yubikey, then how is making me touch it adding any further security. It's not like it's making you validate your fingerprint on thing.
@jimk5145
@jimk5145 3 жыл бұрын
"I had a half-dozen yubikeys on my desk that I never used until Yubico contacted me to join their affiliate program, but the affiliate program had no influence on my endorsement of their product."
@KevinHoskinson647
@KevinHoskinson647 2 жыл бұрын
😂😂😂😂
@GerryVeerman
@GerryVeerman Жыл бұрын
Looks like Yubidoobie is pumping loads of cash in influencing YT influencers. It’s Yubikey! wherever you go. Check out Rob Braxman for some real security tech.
@cydia2020
@cydia2020 Жыл бұрын
Still doesn't change the fact that hardware 2FA is much more safer and reliable compared to software/SMS alternatives when used correctly.
@redheelerdog
@redheelerdog 3 жыл бұрын
Chris, is there a way to Yubikey 2FA an Edge Router Pro? I have it working great with UniFi controller, but I am using and ERP for routing. Thanks
@svampebob007
@svampebob007 4 жыл бұрын
Gotta love KZbin recommendation: Up next: Breaking FIDO: Are Exploits in There? From Black Hat In all honesty I'm still slightly skeptical. I personally still only use passwords, and don't login on computers that I don't own/control. if I'm ever out and going and need to login to my bank or something like that I just use no-machine to connect back to my server at home and login thought that. I'm still not sure how trustworthy a for profit authentication company can be, when you have major player like google joining on the standards. I don't think there's a major security issue, I just don't think it's mature enough, on one side Google is fucked up, on the other Google (and other major players) have too much to lose if they start loosing reputation, so I don't think they would mess with authentication, but who's to say Yubikey can be trusted to not fuck up their protocol and chips being fundamentally flawed. The issue I have with all those passwords and double, triple checking of identity is that at the end they tend to try and make it easier to actually authenticate, and people end up using a 4 digit pin set to 0000, 1111, 1234 because some company made their old password insecure by forcing them to change it, make it too complicated, and have a trillion different login portals.
@vtor
@vtor 3 жыл бұрын
Bought a YubiKey thanks to this video, with your affiliate link. Cheers Chris!
@SlideRSB
@SlideRSB 4 жыл бұрын
19:00 I'm a little weirded out that one application is able to surreptitiously read the contents of another application's window without any user permission. 😕
@xybersurfer
@xybersurfer 4 жыл бұрын
it seems similar to screen recorder programs. and if you have a malicious program like that, then you are already compromised. so it doesn't seem that strange
@SlideRSB
@SlideRSB 4 жыл бұрын
@@xybersurfer I don't normally have much use for a screen recorder so I don't actually keep one installed. I'll admit that I do use the program that came with my OS for occasionally taking a screenshot, but I expect that kind of tool to have that function. I guess it's a matter of which apps I choose to trust.
@xybersurfer
@xybersurfer 4 жыл бұрын
@@SlideRSB yeah i've thought about it more. i think you are right about it being strange. ideally you would want apps to stay in their own bubble, by default. i think i've gotten to use to the way things are
@Davino.F.Nascimento
@Davino.F.Nascimento 3 жыл бұрын
Thanks Chris. Extremely informative video.
@ColinRichardson
@ColinRichardson 4 жыл бұрын
Is that a network cable wire diagram painting in the background? If so NICE!
@bewarako
@bewarako 4 жыл бұрын
Great video! Been using these for quite sometime, make sure to get an extra as backup as mentioned!
@studiotwo
@studiotwo 3 жыл бұрын
Great video! Looks as though my ageing iPhone 6 may not work with NFC. Also, the iPad does not have an NFC chip at all.
@Lyunpaw
@Lyunpaw 4 жыл бұрын
Best Yubikey video ever. I learned about this from a podcast but they just flew over the topic so fast I couldn't tell what to do with the damn thing; only that it was 2fa. Now I have a reason to buy a few to use for more security. I don't like using my phone for 2fa because I don't really trust the phone's os.
@DrCitrixmeister
@DrCitrixmeister 2 жыл бұрын
TOTP - still requires network connectivity, but brings the added benefit to the 2FA provider that they can surveil you with, but not limited to your mobile phone number, identity, IMEI, whatever privileges you grant the app to your smartphone usually files and contacts, location if that is operating or via wifi scanning. It doesn't appear that ubikey reduces the possibility of any of these.
@paoloposo
@paoloposo Жыл бұрын
TOTP (Time-based one-time passwords) don't require netwotk connectivity. They only require a synchronized clock.
@exwhyz33
@exwhyz33 3 жыл бұрын
great comprehensive tutorial. which tile was that ?
@noelquinn4955
@noelquinn4955 Жыл бұрын
I have a couple of yubikeys gathering dust after 2 years. Occasionally I try setting them up. After half an hour or so I give up. This has happened multiple times. I’m busy. If stuff doesn’t work the first time I move on. My impression is that the iOS app does not reflect the instructions on the web site. Since I am already sold I would appreciate a Mac and iOS introduction video, at about half your current speed.
@StefanAlexandruGeogloman
@StefanAlexandruGeogloman 3 жыл бұрын
So there's not a way to clone one to another if you want two keys? Or update the data in a simple way from one another than to remember what's changed and manually add/edit it in the other one? And if you lose one of them - there's no security problem from what I understand, no? I mean if someone find it and doesn't have a PIN, can they see the accounts and security codes and use them?
@3QuaNiMiTyy
@3QuaNiMiTyy Жыл бұрын
There is no cloning/duplicating of keys, each key is separate and distinct forever. Backing up means having two separate keys registered to each account. If a key is lost, it should be removed individually from each website/account it was used for but the username/password information for each TOTP/key is not displayed on key.
@ThomasWeeks
@ThomasWeeks 3 жыл бұрын
So what about the best practices for: * when you LOSE a Ubikey? Rvocation recommendations? * Work vs Personal Yubikey * SSH keys * PGP/GPG Crypto keys ? * Large crypto keys (>4096bit)?
@pilkjaer
@pilkjaer 4 жыл бұрын
Good point about the company use case but there is a bit issue with that. Many companies, due to security reasons, disable USB ports on the devices so only keyboard/mouse will work and device charging. I wonder if 2FA device that is supposed to be plugged into USB will work as intended when this restriction is applied?
@pe1pqx321
@pe1pqx321 4 жыл бұрын
Looks very interestign.. Just a question: let's say I need to access my NAS at home from a remote location (friends home for example). Does the Yubikey require software to be installed on the computer used to remotely access my NAS? (On the computer of my friend where I might be) Or is it 'plug & play'?
@ulbuilder
@ulbuilder 4 жыл бұрын
Whatever you are authenticating to must support some form of 2nd factor to work with a Yubikey. If your NAS supports a 2nd factor chances are it can work with a Yubikey. Yubikey has various models with differing capabilities but they have models that support some to all of the following types of MFA: HOTP, TOTP, U2F, FIDO, FIDO2 and PIV. Some, but not all, of those methods do require software on the computer using the key.
@beardymcbeardface69
@beardymcbeardface69 4 жыл бұрын
On the subject of having more than 1 Yubikey configured per site with the Yubico Authenticator, what I do is go through the process of letting the Yubico Authenticator recognise the on-screen QR code, for each Yubikey, but only confirming the authentication code with the site after the last Yubikey is configured. Works fine. I prefer this method, because the manual method sometimes does not work, because the algorithms used to generate the authentication codes, are not always the same for each site (there are multiple standard methods) and I am yet to find any site which actually states which method they're using. Scanning the QR code gets around this problem, as it seems that the method used is encoded within the QR code.
@ttww1590
@ttww1590 3 жыл бұрын
7:24 If you don't remember to remove the Yubikey when you lock you PC it becomes security theatre with no value.
@3QuaNiMiTyy
@3QuaNiMiTyy Жыл бұрын
If you configure all use cases to require Touch, there is no external risk. Only people with physical access to the device could do this. Further, if used in a shared environment you would also configure a PIN to be used.
@kstaxman2
@kstaxman2 3 жыл бұрын
Great info I'll be watching this video a few times to digest it all. Lots to consider.
Passkeys are HERE and they're SECURE! Learn this today...
20:35
Crosstalk Solutions
Рет қаралды 285 М.
YubiKey Complete Getting Started Guide!
51:19
Learn Linux TV
Рет қаралды 181 М.
Сестра обхитрила!
00:17
Victoria Portfolio
Рет қаралды 958 М.
Правильный подход к детям
00:18
Beatrise
Рет қаралды 11 МЛН
Beat Ronaldo, Win $1,000,000
22:45
MrBeast
Рет қаралды 158 МЛН
Что-что Мурсдей говорит? 💭 #симбочка #симба #мурсдей
00:19
You Need to Learn This! Cloudflare Tunnel Easy Tutorial
33:53
Crosstalk Solutions
Рет қаралды 972 М.
World's Greatest Pi-hole Tutorial - Easy Raspberry Pi Project!
39:11
Crosstalk Solutions
Рет қаралды 571 М.
Debunking 5 MYTHS About Yubikey
15:36
Shannon Morse
Рет қаралды 207 М.
Raspberry Pi 4 Getting Started
24:54
Crosstalk Solutions
Рет қаралды 2,4 МЛН
How Does a Hardware Security Key Like YubiKey Work?
11:17
Ask Leo!
Рет қаралды 44 М.
7 Cybersecurity Tips NOBODY Tells You (but are EASY to do)
13:49
All Things Secured
Рет қаралды 1 МЛН
Passkeys Explained: FIDO’s Passwordless Authentication Deep Dive
55:10
Identiverse - A CRA Resource
Рет қаралды 7 М.
BGP Deep Dive
2:10:28
Kevin Wallace Training, LLC
Рет қаралды 211 М.
Сестра обхитрила!
00:17
Victoria Portfolio
Рет қаралды 958 М.