Review: Yubikey Authentication Device
※ Download: Yubikey review
Works flawlessly every time for me. In account preferences, it will ask you to insert your device into the USB port and touch the gold plate on the key itself. Privacy and protecting data has certainly moved up in importance on a global scale over the past few months. To give you a clear example, let's set up a YubiKey to work with Facebook.
Once it generates the OTP, it sends it to whatever service requested it, such as Lastpass. This could be an app on your phone that generates random numbers e. The front and rear of the yubikey pictured had a circular burn mark once I removed it, and even bubbled out.
Review: Yubikey Authentication Device - A service that fully encrypts all my passwords, allow me to generate strong, unique passwords for every site I use, and syncing to the cloud my other tech passion - what could be better? I'll do my best to boil down the basics.
No longer do we simply have one password for our email account, but we now have a ton of passwords to remember. While not the most secure method, I figure the chances of my house getting broken into to steal my Paypal password is slightly more remote than my computer being broken into. Yes, that really is my current password solution blurred of course. Read on in this YubiKey review to find out if it really is a hassle free password solution. What is the YubiKey A YubiKey is a small keyring sized device that you register with a service or site that supports two-factor authentication. Two-factor authentication means that each time you log in, the service will request proof that you have your YubiKey in addition to your regular username and password. There is a handful of different editions of the YubiKey, but I tested the YubiKey Edge that retails at around £25. The purpose of the device is to add an extra layer of security to your online accounts. The device itself does not store all your passwords but instead offers a selection of choices that include, static password, one time password OTP , two-factor authentication FIDO U2F for sites such as Google and challenge-response. To experience the full benefit of the device it should be paired up with a software password manager such as LastPass Premium. The software solution will store all of your passwords, but the YubiKey will store the master key to accessing those passwords either in static or OTP mode. The YubiKey set-up Having no previous knowledge of the YubiKey, I went into this review blindfolded. The device comes with a small booklet pointing you in the direction of the Yubico website. From here you download their YubiKey Personalization Tool. The YubiKey Personalization Tool is rather overwhelming so where better to start than watching the introductory videos from Yubico to better understand the set-up procedure. Depending on your use of the YubiKey the configuration tool can be rather confusing and I had envisaged a more novice friendly approach. Set-up and writing of password configurations are handled through the personalisation tool which is available for Windows, Mac, and Linux. Using the YubiKey The YubiKey works on any device which has a USB port that can accept a USB Keyboard. In essence, the device functions as a keyboard but with one key that outputs your password. There is no battery in the device and it does not need installing which makes it simply plug in and play. Works effortlessly with desktop or tablet. The YubiKey NEO, a more expensive option also features NFC meaning it can be used with your mobile by holding it or swiping it across the device. Static Password From within the personalization tool you have the option to either type a password of your choosing or can use the advanced options to generate one. The static password can be used in a multitude of situations from being a single access for a specific site such as your bank or a VPN provider but works best in tandem with a password manager. A handy tip I read elsewhere was to type a portion of a password that was memorable and then finish it off with the auto input section from the YubiKey. This ensures if you ever lost the key, someone who found it would need to know the memorable portion too which is extremely unlikely. I thought this was a superb tip and certainly worth mentioning. One Time Password OTP OTP is set to work well with services such as LastPass especially the Premium edition. Upon logging into LastPass the process is the same as normal except an added layer of security is enabled by touching the YubiKey to generate a one time password. This allows you to login securely and safe in the knowledge that not only would someone need to know your login and password but they would also need access to your YubiKey to generate the OTP. A static password would be susceptible to a key-logger but a OTP would avoid this issue as after the password is used it can never be re-used to login again. Two Factor Authentication The area the YubiKey really comes into its own is two factor authentication which is used by sites such as Google to provide an extra layer of security to your account. As per usual you have your standard login and password but a second factor requires another layer to gain access. The YubiKey is that second layer. The set-up was extremely simple. All it entailed was logging into My Account at Google, locating the 2-step verification settings and adding the YubiKey, one press of the device and set-up was complete. The process is effortless, fast and foolproof adding an extra layer of security to your account with minimal effort. With Google having so many facets such as GMail, Google+, Adwords, Adsense, Analytics and a whole host of other apps having your password stolen will no longer be the end of the world because without the YubiKey no one can access your personal account. Final thoughts The YubiKey is a small, relatively cheap and practically indestructible password security tool. It has a multitude of uses and can solve a manner of password and authentication related issues. YubiKey and YubiKey Nano side by side. I attached the device to my keyring that got thrown in all manner of pockets, bags and on various hard table surfaces. Apart from a few minor scratches from the keyring when first attaching it the device remained intact and is extremely robust. Trying to bend the device by hand is basically impossible I know, I tried, YubiKey 1 — Hand 0. Having an added layer of security for my Google account really does give peace of mind and the fact anyone attempting to login would need my YubiKey really is a weight off my mind. With password security becoming ever more prevalent and simple passwords often being the weakest link in security either from poor password choice or company database hacks, having a second protection layer is important in an ever more connected world. Beginners may struggle to understand the set-up but for everyone else it really is an essential tool.
Two-factor auth often abbreviated as 2fa can by physical as well. They work fine you have to make a udev rule for the key. These devices can fit so many different roles, often at the same time—provided you know what you're doing. If you ever lose your YubiKey entirely, you can go into your service's settings and remove your old YubiKey from yubikey review list of security keys. Instead of storing the credentials needed to create those codes on your computer, the Yubico Authenticator stores that data directly on your YubiKey. We should note that if you already have 2FA set up through an app like Google Authenticator or Duo Security, yubikey review great. But hey, you can bet your ass my Gmail is secure.