No video
How To Use A Yubikey With KeePassXC
Рет қаралды 7,925
How To Use A Yubikey With KeePassXC
In this video I am going to show you in full detail how to integrate a Yubikey 5 series with KeePassXC to further enhance the security of your KeePassXC database by adding the facility of having to use a YubiKey along with your usual database master password.
Chapters
00:00 Intro
00:39 Choosing the right Yubikey
02:12 Installing Yubikey Personalisation Tool
03:58 Preparing the Yubikey for use with KeePassXC
10:12 Adding the Yubikey in to KeePassXC database
12:12 Opening KeePassXC database with Yubikey
13:02 Testing database remains locked without Yubikey
13:57 Conclusion & Outro
Join this channel to get access to perks:
kzbin.info/door/ySPmAe_m3e389UjWweRUBQjoin
@Greg-zv8vp 21 күн бұрын
Great video, I really like how clear and concise your instructions are. Quick note, If you use your YubiKey 5c with the latest Iphone authenticator before you do any of the stuff in the video; it'll request that you turn off OTP due to the NFC keyboard issue. If you've turned off OTP, the key won't get recognized in the personalization tool so it obviously needs to be turned back on though the app. It'll still get recognized though Yubikey manager but the OTP option will be greyed out until it gets reactivated (can be done right in the manager). I know this is pretty obvious but I got stuck on this for a bit so i thought i'd mention it.
@MrTimTech2022 13 күн бұрын
Thanks Greg, appreciate your thanking comments. Thanks also for the info about the latest iPhone and KeePassXC, its good to know and hopefully other viewers of the video will find your comment/feedback helpful for that!
@javiercarmona680 3 ай бұрын
Thank you excellent👍
@MrTimTech2022 3 ай бұрын
You are very welcome, glad you found it useful !
@Anonymous-b3m 8 ай бұрын
Thank you!
@MrTimTech2022 8 ай бұрын
You're welcome!
@dominicj Ай бұрын
@@MrTimTech2022 How would the info saved in the notepad text be used to recover the datbase should something happen to the yubikey?
@MrTimTech2022 Ай бұрын
@@dominicj It's the secret key that would be used to recover. But it's always best to have a backup Yubikey
@dominicj Ай бұрын
@@MrTimTech2022 for sure a backup yubi is needed. But where would u enter the secret key to recover. Im not sure about that.
@MrTimTech2022 Ай бұрын
@@dominicj You wound re-enter the secret key in the Yubikey once recovered or you've purchased a replacement key.
@Agamerfr0zed 8 ай бұрын
You use the same secret to configure another Yubikey? Would the Yubikey Manager works as well to configure the keys?
@MrTimTech2022 8 ай бұрын
I would presume so, however I currently don't have a 2nd Yubikey to test this. Maybe have a look at the FAQ/Help section on the KeePassXC website to see what it advises.
@jordannash4420 8 ай бұрын
Awesome video. Yes it works on both, @Agamerfr0zed. I copied the same "Secret Key" from the USB text file I printed on paper and used the same input challenge from the USB text file and was able to unlock KeepassXC with both Yubikeys.
@MrTimTech2022 8 ай бұрын
@@jordannash4420 Great stuff Jordan and thank you 👍. Glad it worked with copying and pasting the Secret Key to the 2nd Yubikey. I'm working on another video at the moment with PassKeys for Yubikeys 🤔so keep an eye out for that one as it might interest you.
@TM-dagger 6 ай бұрын
@@jordannash4420 but does the 'challenge' and 'respond' still work on the 2nd (backup) key.... i doubt it..but i am not sure. Could you verify?
@MrTimTech2022 6 ай бұрын
@@TM-dagger Yes it does, you should copy the Secret to the 2nd Yubikey for backup purposes.
@baby333 5 ай бұрын
7:08 what's the difference between doing all these, and just using Yubikey Manager and generating an HMAC-SHA1 OTP on Slot 2 which we can backup to put on extra keys? is there any advantages to this over doing that in Yubikey Manager?
@MrTimTech2022 5 ай бұрын
I do use Yubikey Manager to generate the HMAC code. I am temporarily copying it to a Notepad document so that the same code can be put in a backup YubiKey. If you don't have the same code in both the original and backup YubiKey then you will not be able to access KeePassXC. Does that make sense.
@baby333 5 ай бұрын
@@MrTimTech2022 Yep! I was curious though why you were doing it with Yubikey Personalization Tool instead of Manager? I seen others do it with CLI too, im guess its all the same results in the end just different techniques right? :)
@MrTimTech2022 5 ай бұрын
@@baby333 You should end up with the same results. I used the Personalization Tool as when I recorded the video I can't recall Yubico Authenticator version having that option built in, it's only the latest version 6.4.0 having this option built in. I would just follow my instructions using the Personalization Tool, at least then you're following me along and you know it works ok, others should work but as I haven't tested I can't 100% be sure.
@baby333 5 ай бұрын
@@MrTimTech2022 Thanks
@Darkk6969 2 ай бұрын
@@MrTimTech2022 Yubico Authenticator version have the same functionality as the Personalization tool. In fact Yubico Authenticator is easier to use. Works well under Linux.
@marthagrande6653 5 ай бұрын
Maybe MrTim knows that as well: I am wondering if it is safe to keep yubikey plugged in all the time? My thinking: if someone takes over my machine he can probably use an usb slot as well and suddenly this yubikey does not look like added security. Probably I am wrong.
@MrTimTech2022 5 ай бұрын
I doubt anyone would attempt to get around that and I think Yubico must have thought about that when creating Yubikeys, to be 100% sure you should have the touch yubikey option set so each time it requests authorisation for something you would have to touch the gold spot on the yubikey, as no remote hacker could touch it without being their physically!
@captainofouterspace 6 ай бұрын
Should I worry about typing my master pass into keepassxc in Windows, considering M$ keylogs everything anyway?
@MrTimTech2022 6 ай бұрын
I don't think you need to worry, I doubt M$ are interested in logging your KeePassXC access, besides you obviously have a Yubikey too.
@victorcotu 7 ай бұрын
Why do you backup the challenge and response from the challenge-response tester? Is not that tool just to test that the function works?
@MrTimTech2022 7 ай бұрын
You backup the challenge-response in case of any mistake and then you're not able to login. You can also backup the challenge-response so you can copy the details to a 'backup' Yubikey.
@FrostyAztec 6 ай бұрын
Is there a way to set up a timer? Like when I used the YubiKey I don't have to use it for the next 10 Minutes or so?
@MrTimTech2022 6 ай бұрын
To be honest I'm not sure, maybe check the KeePassXC knowledge base/FAQ's and see if it mentions that somewhere.
@FrostyAztec 6 ай бұрын
@@MrTimTech2022 Couldn't find anything. I just removed the function that I have to click on the Yubikey. So it works when the Yubikey is just plugged in.
@MrTimTech2022 5 ай бұрын
@@FrostyAztec Ok, yes I guess that makes sense.
@aydropunk 2 ай бұрын
Hello brother, I have a doubt, what would happen if I lose or my yubikey is stolen, it is the only one with which I unlock my KeePassXC base. I was reading the documentation and it suggests me to make a copy of the HMAC secret that is stored in the YubiKey. Is it the same 20 bytes hex. key that you gave in the "generate" button? Could you help me or make a video. Great video by the way:)
@MrTimTech2022 2 ай бұрын
Hi, There's some comments here in this thread about copying to another Yubikey. It's best practice to have a 2nd Yubikey in case your 1st one gets lost/stolen/damaged. Yes you copy the HMAC Secret to the 2nd Yubikey which should then give you a duplicate. Follow that when it's generated and then copy and paste to the 2nd Yubikey, then of course test it to make sure it works ok and you're good to go.
@GaryEllis-b4n 6 ай бұрын
hello sir do I DO THE SAME FOR ALL MY DATA BASES
@MrTimTech2022 6 ай бұрын
I would suggest you have 1 'Master' database and have different folders in that database for different sections - for example 1 folder for websites - 1 for network devices etc. all in the 1 database, therefore you just need 1 Yubikey and not multiple ones for multiple databases. However if you do insist on having multiple databases then you would have to use different Yubikeys for open each individual database file. Unless you have 1 programming slot free on a Yubikey then you could use 1 Yubikey to open 2 databases. Hope that makes sense.
@cyrilpinto418 6 ай бұрын
Newbie here; how do I make a backup to a 2nd yubikey. 2nd question: is it possible to use one yubikey to back up 2 databases. Reason being that I wish to use the same yubikey go back my personal database and for my partner.
@MrTimTech2022 6 ай бұрын
You have to copy and paste the shared secret to the 2nd Yubikey (backup one) and then test both to make sure you can access KeePass with them. Provided you have 2 slots free on the Yubikey then you can add 2 databases to 1 Yubikey. Keep a look out as I may well do a video on using 1 Yubikey for 2 separate KeePass databases and also how to backup those to a 2nd Yubikey. Hopefully this will help
@cyrilpinto418 6 ай бұрын
@@MrTimTech2022 thanks for that; looking forward to the video
@vmobile890 8 ай бұрын
When using computer or phone is there access to all non internet functions without the key ?
@MrTimTech2022 7 ай бұрын
You can still use the phone/computer as normal but when loading KeePass it will request the Yubikey. The Yubikey in this video is for the KeePassXC app only
@UnBubba 8 ай бұрын
Must the Yubikey remain inserted into the USB slot while using Keepass? Or, does it just need to be inserted at the time of Keepass login (and can be removed once authenticated)?
@MrTimTech2022 8 ай бұрын
As far as I know provided the database is set to remain unlocked and not auto lock for example then there should be no reason why you cannot remove the Yubikey.
@rasmont9363 8 ай бұрын
Hello, I'm using Yubikey for most applications as a F2A including Yubico Authenticator. I would like to secure my files inside of a KeePass database with yubikey. However, I'm not sure if configuring Yubikey this way will remove my existing F2As stored inside of the Yubico Authenticator. I also want to use it with two YubiKeys as I have my F2as on backup yubikey as well.
@MrTimTech2022 8 ай бұрын
Hi RasmonT - Thanks for the comment. Yes you can still use 2FA on the same Yubikey in addition to using the same Yubikey to secure your KeePassXC database. If you also want to use your backup Yubikey then you would need to copy the 'Secret' which is generated and paste this in to your backup Yubikey so you can use both. There's some comments here on my channel mentioning that others have done this! Hope this helps ?
@rasmont9363 8 ай бұрын
Thank you. My main concern is, if I configure the challenge on configuration 1 will it remove my f2as or not? Just to understand what's the difference between configuration 1 and 2 on single Yubikey. Regards.@@MrTimTech2022
@MrTimTech2022 8 ай бұрын
@@rasmont9363 You can certainly still use 2FA in addition to securing your KeePass database with the Yubikey, just make sure that it says that the 'Slot' is empty when programming it for KeePass. This page tells you the storage limits for Yuibkey 5 series keys - support.yubico.com/hc/en-us/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with Here's a bit from the Yubikey forum - Hope this helps
@TM-dagger 6 ай бұрын
@@MrTimTech2022 could you verify that the Challenge and Responds will still work when the secret is copied to a spare key? Cause I doubt it will. (The copied secret key to a spare Yubikey does work btw)
SQUAD NYEMIL
Рет қаралды 16 МЛН
PRO Hi-Tech
Рет қаралды 109 М.