Do you use (or plan to use) a hardware-based authenticator app? Why or why not? And be sure to take advantage of the $5 off any Yubikey using code ALLTHINGSSECURED here: www.yubico.com/products/yubikey-5-overview/

My IT guy recommended getting 2 keys and keeping one in a safety deposit box in case the first is lost or destroyed. Good idea?

I've been using Authy and have it on my phone, computer, and laptop. If I lose my phone or it gets destroyed I just install it on the new one or access it on another device. Seems like you would be in a real bind if you lost the key while traveling and your other key was at home. On the other hand, I suppose it is more secure to use a physical key. I like the idea, but the thought of losing it while away from home is an issue for me.

This is brilliant! I didn't know about the password to protect access to the Key itself! Thanks a million Josh

"it doesn't matter that my son drops a hammer over my phone" hahaha nice one my friend

Thanks a ton, Josh. I've been learning a lot because of your videos. Best regards from Germany.

I was under the impression that an account requesting google authenticator had to use google authenticator app.......this changes everything :D Thanks Josh :)

I've been playing around with a Yubikey for a couple of months and, while it's a really good product from a security standpoint, real-world usability is a problem for me. In particular, my most sensitive accounts (banking, developer account, company production environment, etc.) are ones I may need to access at a moment's notice, if there's an issue. If I lose my tiny Yubikey, I'm locked out of those accounts until I can retrieve the backup. Often, if I'm traveling on business, that can be a matter of days later, making the Yubikey a potential risk to my business. This means I need to have another means of managing 2FA, which ends up being an app on my phone. But then, why bother with the Yubikey at all?

I really appreciate your videos, I subbed and I'm binge watching them because you are doing a great job.

Authy can be backed up and also used on multiple devices.

I like microsoft authenticator because your MS account has the option of being passwordless and even if your phone breaks you can get back into it with a backup email...though obviously a yubikey is technically more secure, it's overkill for most people, though it makes sense to use it on your most important accounts.

Always loved your format. Also didn't know I can do that with the Keys. I use Aegis as well to beckup my important 2FA codes. Will definitely put the most important once in my keys

Your videos are very informative and to the point. On another note, Authy has a cloud backup feature that lets you backup the MFA accounts library to a cloud backup (like Google) that you can then restore to a new device in case it gets lost/stolen/damaged. It requires a strong password to accomplish the above. This avoids one having to set up each MFA all over again on the new device. I agree though that nothing beats a hardware key.

Excellent!! video Josh. I am learning a lot from you.

That looks cool. But one thing, is that key degradable like hard disk which degrade with time and corrupt the content.

Too expensive in Brazil, it isn’t sold here officially

Brilliant Thanks Josh🙏🤩

However it has only 32 OATH limit.

Think of a Yubikey as a physical house key, or car key. Make sure to have two of them. Keep one key separate, maybe even offsite. Just like you would with regular keys, leave one at your mom's place 😀

What do you think of combining yubikey with 1password OTP. You could use the yubikey to safeguard the 1password and use the internal OTP from 1password. Which should be easier to share and store (backup). Probably this would be a better idea for the less important accounts (also to circumvent the 32 limit).

Around 4:18 you say you can use 2FA on an unlimited number of accounts.... I think you should clarify that's only for FIDO U2F , but not for FIDO2 (limit is 24 unless I understood something wrong, I'm just a noob yet) .. OK OK .. FIDO2 is probably not considered "2nd factor", because it's passwordless.. There is no "second", it's "all in one."

To explain the password on the codes....Your app (on your phone, tablet, or PC) knows the password to get the Yubico key to give access to the codes. The key will not give codes to a device that doesn't know the password. If somebody finds the key, they cannot access the codes unless they know it's password. Quite secure. Even then, if they find the key, they probably still don't know the password to the account the code is protecting.

For MS Authenticator, make sure you have cloud backup enables. This will save your recover codes to the cloud so you can restore them to a new device.

Hi Josh, I love your channel and I've already learnt a lot. I wonder if you could make a video, in which you are more specific on how to set up a backup key? I think I might have an idea, but I'm not 100% sure and I am afraid of making a mistake. Or is there a video I'm unaware of?

@AllThingsSecured - Yubico says: OTP holds 2 credentials but can be registered on unlimited, FIDO U2F can be registered with unlimited, FIDO2 can hold 25, PIV holds 5, OpenPGP holds 5. And then the one you mention - OATH Yubico Authenticator holds 32. PLEASE tell us how to decide which to use for what websites. VERY confusing. NONE of the other KZbin security people that I've watched are addressing this. Yubico's website doesn't explain it sufficiently. Need more info ASAP please.

I just ordered two of the series 5 keys (using your code. Thank you) but have been using the Blue Security Key edition for a while. Do you recommend removing those from any accounts or just keep them as extra back up keys?

You should keep your codes on multiple external veracrypt encrypted drives.

32 codes. it's not worth it!

Cool beans. My worst nightmare happened when my Facebook got hacked, deleted email hooked to it and factory reset my phone. They didn't believe who i was. Only 32 accounts. Hmm. Ill deal with it.

Hi, 1:56 is this available only for theier ~50$ Yubikey or also for their 25$ Security Key?

I lost my both my Yubi keys in a house fire. Lesson learned keep a backup at grandmas.

What happens if the YubiKey gets damaged? And what if it gets lost?

I've started watching this security keys the last 2 days and find this all interesting, there is one thing that Im quite puzzled / worried is there some proper competitor or Yubico or is this the only viable option besides it ? If no smells a bit like a slowly growing monopoly. But still this looks beside saying this like a viable option for me which I might consider and leave 2fa for good. thx for sharing

If i wanna buy 2 yubikeys, that will cost me MORE THAN €100 thats too expensive for me.

Do you have a video which shows how the underlying technology works? Do the 6 digits codes change or are they always the same?

Thanks for the code, it's working from Europe store also ;-)

Finally bit the bullet and got 2 keys. Thanks for the promo code and all the videos you put out!

I usually find your videos very easy to understand, but you lost me on this one. I tried to follow along regarding my Linkedin account but it is not as straightforward as you make it seem.

hi ATS! what do you think of 2fas?

Even if your son puts a hammer on your phone, you could just login authy on another device and you are good to go..i believe this yubikey method is more complex as in what if my yubikey gets stolen or lost?

Overall seems great but WAY TOO MUCH for a USB key. It would seem that one could setup a USB drive on ones own USB drive.

What if your house catches on fire with your keys and devices there?

You can also turn any USB flash drive into a security key.

Great Video I updated to Yubico Authenticator but I cant find a way to migrate from GA to Yubico Authenticator. Is that possible to import or do I need to do each account again from scratch in Yubico Authenticator?

Love your content man, wondering if you'd review Stash Password Manager (I think there technology is something you'd really like) I'm holding by a thread with traditional password managers but I ran into Stash Password Manager not to long ago and I'm actually reconsidering and using there technology.

Your discount code isn't working anymore.

can you provide a tutorial at how to install yubico authenticator on linux, say LMDE? as due to recent windows excessive issue with privacy and telemetry, im moving away from it and using linux

Can´t deinstall it it . Not on the list and if i push the button where it generate codes nothing happened. Do you have any idea ? If not I will delete my account.

Sadly not all sites supports usb keys, as authenticator app codes... Backup key... but what prevents to have apthenricator app on more then one devices?

Hello, I try to setup my yubikey 5 NFC, I start the authenticator app on android, tap the yubikey, the app said "application disabled. Enable the oath application on your yubikey". Question, how do you enable the oath application on the key? Is there any procedure to do that?

The hammer reminds me of my son dropping a metal lamp base on mine. I've never seen glass fly like that.

PayPal is asking for 6-digit authenticator app and yet Microsoft authenticator app has 8-digit code, what to do?

For me yubikey makes no sense to guard authenticators codes, just use a keepassXC file to guard it and put it on a sd card. Yubikey makes sense only if you use it as the authenticator key. But for me Codes are enough... don't have to keep the phisical key with me. And btw yubikey and codes aren't enough anymore if your device is invaded, your browser carrys with then something that bypasses 2fa called SESSION COOKIES. So for me browsers have to create something to protect your cookies from being stolen.

Better? Only 32 keys? And what about backup, you still need to have one. There is no point to use such usb keys.

boy that security key so tiny that could easily misplaced or get stolen.

Hi, as always excellent. But the promo code doesn't work. Greeting from argentina.

Sorry .. I am too thick … 32…websites , let’s say ? Amazon, governments , Costco etc that’s what you mean? So if I have 55 websites offering 2FA, I can’t ? I have to choose 32 max ? Is that it ?

I'm underutilizing my Yubico keys. I only use it to protect my BitWarden password manager.

Good video. It would be helpful if you then showed how you signed in to the dummy account using the key to access the account.

How this works do not understand

How did u get that account?

Could also just use an SMS code.

What if we are overseas temporarily?

or u buy a new phone ?

What if lose my yubikey. Will someone know all my 2FA codes

For Microsoft Authenticator you can sign into your Microsoft account if you have one and you can sync all your recovery codes to the cloud

Thanks

what about the flipper zero cloning your NFC on your iPhone ? then they got an exit copy of the yubikey

Can you I store all my 2fa authorization codes on yubikey just as redundancy and then use app like Microsoft authenticator for primary use? I mean for same set of applications. So when something happens with mu phone (it happened to me as well) I can quickly recover?

Unfortunately I can't bring a yubikey into work. Not getting into where I work but it's criminal justice related. I asked the boss and it's not allowed. What would you recommend for me? Just use Google authenticator?

Promo code won’t work :(

Only 35 accounts on a yubico. Not a way to go.

What if he drops a hammer real hard on all your keys too 😂

So if you go travelling, you will need to bring at least two Yubikeys, and keep them stored separately somehow..... I guess if you loose the keys you have no way back in??

Good video.

So you would have to carry that usb key with you everywhere?

Unfortunately there is a limit to otp codes the keys can hold I ran out of space many times.

Anyone here have experience with Google Advanced Account Protection? I can enable it, but my phone doesn't read the key to log back into my Google account. It reads the keys fine for literally everything else either via NFC or USB, but when signing into the Google account after enabling AAP it just ignores the USB tap or if using NFC it smply beeps at me (as it does when an NFC device is placed near the phone). Google support is, predictably, entirely nonexistent. As it is I have the account setup to use two keys anyway so I guess it's kind of moot, but it'd be nice to have AAP as an option.

so more of the same. if your phone breaks you lose your codes. if your usb key breaks you lose your code. you didnt show anything that solves the problem, you're just runnin that verbal diarrhea

What happens if you lose the Yubikey?

The prices are to dam High can't afford one $$$ €60+ Tax and import duty

what if your yubikey is broken ?

If I lose my key, I cannot come into my stuff

Ok! You lost your key then what?

Not jus the app store, but Google Play store

Please post ALL your videos on Odysee.

UNtil you wash the key, or leave it at a hotel.

what if your son drops a hammer on the key

Algorithm.

👍🏻

$$$$

stop it with iphone. Yubi also works on Android. I don't like all these videos focusing on Apple and not Android

Did his son really drop the hammer or did josh do it and blame his son😂.

wait till your son drops hammer on yubi key