Why You Should Get Your Hands on a YUBIKEY

November 19, 2017 | Views: 6826

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I have covered the importance of MFA (Multi-Factor Authentication) aka 2-factor security with more and more vendors such as Gmail, Outlook, and others now supporting MFA there is no reason not to have it enabled. MFA  is the answer to a lot of security issues when it comes to authentication.

One of the common complaints with MFA is that it is not always user-friendly and can be hard to setup for the average user. Google has the authenticator app available on the play store and there are others such as Authy but for some reason still, users don’t embrace this security measure. worst of all its totally free! One vendor that is making this process easier for users while also streamlining the MFA support for everyone else is YUBIKEY

YUBIKEY uses a physical device that you can put on your keychain that has a button that you press on it. While the others use mobile apps and use the phone as the physical device that is used for the second piece of authentication remember MFA is something you have (phone/key) and something you know (Password).

Below is an image of the key itself. It’s sleek and fits nicely on a keychain.

One of the features I like is that you can use the key to help generate keys, such as PGP keys, the official site says that RSA 4096 for OpenPGP is supported! Amazing, right?

The Key is supported on tons of platforms which is a plus since some of the mobile apps don’t support every platform. Things like Facebook, Gmail, and other popular services, are supported out of the box, and the key works on all operating systems. The other thing I like about having a physical key is not having to worry if my phone has died or if I have to restore my phone that no longer contains the app. However, AUTHY has a cool feature where it backups the keys and you can log in to get them back. Google Authenticator does not have such a feature at the time of this writing.

The YUBIKEY can be used with full disk encryption and there is even integration with password managers such as KeePass which is also impressive. The key retails for $18 for the single protocol key there is also a multiprotocol key for $40 which comes in different form factors. They both have the same functionality recently Google has announced that it has added support for an additional layer of Gmail protection which uses the YUBIKEY.

You can buy the YUBIKEY at https://www.yubico.com/products/yubikey-hardware/yubikey4/

With all of the accounts that get hacked on a daily basis, it is important to take care to secure your online accounts. Whether it’s YUBIKEY or Google authenticator etc., you can protect your account for free or in YUBIKEYS case for a very small amount. I recommend if you don’t have an MFA enabled that you enable it, now.

I am not sponsored by YUBIKEY  and have not been paid by them I just like their product. Hope you enjoyed the article.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. Good points, and right on about using 2FA or MFA. Just some extra thoughts from my point of view.
    Yubikeys are great when needing a method of implementing MFA with end users, but it should be noted that physical devices used for accessing accounts can be risky. One example is when companies use tokens like the yubikey or RSA tokens for password reset management. All I need is your username and token and I can reset the password to your account. The same can be said for using google authentication on a mobile phone with a simple pin code.

    Assuming the end user uses google authenticator the following scenario can apply.
    >Step One: Target an end user with a simple 4 digit pin on their phone.
    >Step Two: Watch the user a few times input the pin to make sure you know it.
    >Step Three: Steal the phone and use google authinticator on websites that use GA for password resets.
    >Step Four: Access the account.

    The point being, end users need to take into consideration that a phone using an app is only as strong as the password protecting the device/app. A yubikey is only great if no one can have access to it, but the authorized owner. 2FA/MFA should never be treated as a final solution to securing accounts, it should be viewed as just another added security measure with benefits and risks included with it.

  2. Thanks.. interesting
    With a physical key there is always a chance that you may lose or forget it…

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel