how many devices can I use the security key and 5 series?

Thanks! Just ordered 2 of the 5 series.

To me If my Yubico key got stolen how on earth are they going to know it's mine? For the Bio Yubico key what makes you think they can't just copy your fingerprint off the key? In reality hackers are not going to guess your password but bypass whatever security it has. In reality the hardware key isn't 100% random, but it could be good enough. What happens if I can't find either of my 2fA keys? Am I just out of luck?

Great video! Check this affiliate link - it may be broken.

same question here

@@daneshskater101the FIPS key is basically the best key only for people working in (US) government, for everyone else non-FIPS is the way to go.

What @@vidareggum6118 said 🙂

Thanks for that. Was about to post a comment saying the same thing. A year late.

I’m reading this even later. That is good info!

Thanks so much!

@@AllThingsSecured Ordered 2 ... one for me and my best friend (a Vietnam vet and retiree ... and who wrote and led the tours --- back in the day --- for the Washington Monument interior stairs and the basement tour of the Lincoln Memorial ) BUT who was recently scammed and lost significant funds. EVEN SO, he cut the scammers and their threats off and indeed called his bank and the police. PLEASE -- EVERYONE --- DO ---NOT --GIVE IN - TO THE THREATS. CALL YOUR BANK AND CALL THE POLICE

Always buy directly from the vendor and not a 3rd party.

@@AllThingsSecured I am confused, I will be working from home and sometimes my local library. I also have a Editor (limited) for my channel. Which one do I need?

@@AyCee21 if i buy from amazon but through the yubikey store...would you still consider that from the vendor? or do you still think thats a bit sketchy?

That and form factor is a consideration. Some people prefer to have a laptop bag form factor.

That's where I am. I'm more worried about crackers and compromised passwords than anything else. As I'm a smartphone refusenik, yubikey makes a lot of sense - but the number of sites that directly support yubikey is VERY small. Most of the sites I use that even allow 2FA are all about the PHOOOOOONNE, which is a complete non-starter for me.

So if your laptop is stolen the nano is stolen as well.

That's VERY true, one of my clients had her laptop stolen. As her backup drive was with it, it was stolen too. But - a desktop at home is far less likely to be stolen, AND you can unplug the yubi when you're not home.

@@KrypteiaXi Doesn't matter much as long as the thief doesn't know your passwords

agree-- I was confused on that

My assumption was that the yubikey itself generates the codes on a rolling basis, and by the looks of it you access the keys by scanning the yubikey through the app. An alternative hypothesis is that this is another app that generates OTPs that is not google or Microsoft and by pairing it with the yubikey you can streamline the login somehow. Not sure tho - just speculating

Yes! It’s a great system. Glad it was helpful!

If it doesn’t have to protect against physical attacks, then the Bio would have never been developed. We agree, however, on the fact that whether it’s permanently plugged in or kept on your keychain, it is an exceptional protection against phishing attacks.

@@AllThingsSecured The FIDO2 standard requires a login before the key is even queried, then you still need to enter a PIN to unlock the key before you tap. Leaving a regular key plugged in all day can damage the USB port because of the leverage of pushing down on the key. That's why enterprises push the mini keys where you are tapping into the port which prevents damage. In order for the stolen key to be an issue, The attacker would have to have the login for the computer, login for the specific websites in question because there is no way to pull the website straight from the key, then enter the pin for the key. And they have to do all of that before the Enterprise or user realizes that their computer got stolen and revokes the key. Realistically, The use of any key eliminates the risk of phishing and basically reduces the attack surface from the entire internet in general to a man on the ground who stole your computer and key.

@@williamwchuang Many people use a short USB extension to prevent the USB port leverage problem. That also saves on USB port wear if a person's use case requires plugging/unplugging it daily or more often. That's not to say there isn't real value in the very small keys also. It's great there are several options to cover the different needs.

​@@williamwchuang if attack planned and targeted, any keylogger should be able to collect all your pin codes before theft. Having key separate from device will add protection layer from that kind of attack

@@timezonewall Yeah, I originally bought a Yubico key with the wrong usb interface port so I had to get a usb A to usb C conversion extension anyways but yeah I was worried that if I plug/unplug the key too much I might wear it out. I don't worry about wearing out the usb ports on my computer because my computer has like 6 ports.

Thanks, Ryan.

Out of all 2FA options, sms is the worst. You don't even have to go the passcode and look at your phone. If the person has enough info on you, they can potentially go to your carrier and get a sim card with your number and get the message themselves without having your phone. I would say the 2nd option should be an authenticator app if you don't have a second key.

My pleasure, Mike!

I get that and I'm willing to be wrong. To me, it makes sense to keep the key plugged in while you're using the computer, but if it stays plugged in the whole time, doesn't that make the whole point of a 2FA key worthless?

100% agree on this and I have the same setup for my desktop.

@@AllThingsSecured I guess it all depends on each persons individual use case. Thats why there is no single answer. Just giving my perspective to explain why I LOVE the flush USB-C Yubikey. I have all of them but I love the Flush one because I do keep it in my computer ALL the time. But my computer (laptop) is with me everywhere I go. I use it as much as I use my phone. Therefore it is most convenient to use that key. Is there Risk if my laptop were to get stolen (say from my vehicle? YES. There is risk in everything. But as I said previously, I see that risk as minimal because of all of the other steps I have put in place THANKS to you -- Like Double Blind passwords, etc. There is no single answer. I LOVE the yubikey (and maybe place too much trust in it's ability to protect me) but its just one of several layers. I have several laptops all with yubikeys, etc so if one were to become compromised, I can always delete that yubikey from any of my accounts that utilize it. Security is a huge thing for me but SO difficult to maintain. Sun Knudsen has a great channel and he is working on some things that I have been thinking about for several years for more privacy/protection. I am really looking forward to what he is working on. There needs to be a single way to protect all of ones data behind cryptography and I think it can be done. I think it is imperative that people use a combination of A password manager, 2FA, Double Blind passwords, Yubikeys and even secure hard drives such as the Apricorn Aegis Fortress L3 FIPS 140-2 Level 3 Encrypted Portable Hard Drive. I have multiple backups in case one fails. But THANKS to people like you who are always providing ideas to help the rest of us!!!!!!!!

For a computer that never leaves the house, I can understand it. I still wouldn't since I'd like something that works on my phone as well. I wouldn't leave it permanently in. For laptops that you take along I'd personally find it a bit too fishy. I'm hoping for a nano bio version with a sensor similar to the fingerprint sensor of smartphones who have it on the on/off button.

Perfectly reasonable based on your own risk assessment. Granted, most of us don't need the likes of a hardware security key in general. That being said when I worked uniformed security I'd see, on a fairly regular basis, computers unlocked, unattended, and with security keys in place. I used to just lock the screens and move on and sometimes wait for the owner to return and remind them to secure their screens. It'd take very little for a competent thief to see such and make off with said laptops but that never happened , thankfully.

Glad it was helpful!

My pleasure!!

I keep my key on me at all times and I don’t get asked to plug it in but once a month, so it’s not too inconvenient to me.

The federal government requires the use of the FIPS one on their devices. I imagine some contractors for the federal government will need it as well for compliance purposes. Your average joe doesn't need it.

Thanks for the idea!

Yes, they do now. Thanks for the feedback.

You can use two. I would set it up where you keep one and your wife keeps one, each having a backup for each other.

Yes, you can get the exact same key or a different one. It doesn't matter as long as it fits most of the devices that you use.

@@AllThingsSecured Ta

I’ve used those before too. Not too bad. What do you think?

Maybe not, but it’s not something I recommend.

@@AllThingsSecured you can change the key on it, you should make a video on it for the people that would like to save money and have the best security. theres also yubikey genuine check.

Why do you need Four keys? Two Should be enough than?

People who choose a Fido key typically have more than one, and register at least two with each service that supports them. If you lose or break one, you can use the spare instead. Log in and remove the lost/stolen/broken key from the service, and purchase a replacement. If you only have one Fido key, then make sure the service allows alternative ways to log in without the key. Google, Twitter, Microsoft, and others let you generate a one-time-use emergency password. Keep that on file should the worst occur, and you can still get in and remove Fido key functionality until you can get a replacement. In my opinion, a TOTP authenticator app is cheaper and less of a hassle. Fido keys are more secure, but they have unique drawbacks which can hamstring things even if there is no theft involved.

Always back up your key with another key or a different kind of 2FA backup (codes, authenticator, etc). And yes, you can use the same key for as many accounts as you want.

Almost all websites will allow you to register multiple security keys. I believe that Twitter only allows you to have one. All websites will give you the option to print out one time backup codes that will get you in the door. You should keep those passwords somewhere safe either at your office in your car or at home. You should also use a backup key or set up OTP.

@@neuideas a security key is so much easier to use than OTP. I just have to plug in the key and just keep tapping for the rest of the day instead of having to keep pulling out my phone and entering the key codes.

@@williamwchuang I disagree. A Fido key can be misplaced, malfunction, physically break, or the USB port on the computer could be buggy or nonfunctional. Maybe you simply left the key somewhere else, and you can't get to it right now. This can make things very inconvenient. TOTP codes, on the other hand, can be generated in a variety of ways, and don't necessarily require you to have a tablet or phone handy. They are cheaper to back-up, and they are more ubiquitous than Fido key functionality. If you require the level of security a Fido key provides, then have at it. Just be aware of its shortcomings, and be prepared for the worst.

There are plenty of Fintech banks allow for 2FA keys, such as Mercury.

I deleted the SMS/Phone yes

@@DgamesJ I delete it to but I was wondering about Authenticator App OTP, should I delete this one to from every account or not?

If all those users have access to the same key, then yes. You can also configure multiple keys to sign into the same account/device.

If you’re using and enjoying Authy, then I don’t see any benefit to changing unless it’s just important to you. You could also set it up on both Authy and Yubikey as a backup.

Glad I could help!

Yes, it is.

What about it?

I know! That’s awesome.

Or added the Series 5 capabilities to the Yubikey Bio.

It’s a good option as well, although not nearly as user friendly as the Yubikey.

@@AllThingsSecured thanks. How so?