I use Two-Factor Authentication with several applications and while they're quickest with my smart-phone, they almost all have the option of calling me on my landline to provide the security code.
I haven't used any of the physical security keys in years, primarily because I was too cheap to buy a personal one several years ago (I did use the old code-key generator devices for work years ago). Of course, losing or damaging one of these keys is always a risk, and if it's left plugged in to the device, that doesn't really secure it from anyone who somehow gets access to (by stealing the device for example).
As mentioned in the article (https://www.theverge.com/22458935/two-factor-security-key-how-to-yubico), the Yubikey can be used as part of your logon authentication to Twitter, Facebook, Google, Microsoft, and many other applications running over the Internet. That is probably where I would start because our userIDs and some of our passwords are likely to be available on the dark web somewhere (you need to set up Two-Factor Authentication for them first).
As an aside, if you have a password manager like LastPass, then you can fairly easily set up unique UserIDs and (most important) unique passwords for each of them. LastPass can be added to most browsers to fill-in your credentials for you (that's what I do, primarily with FireFox), or you can use LastPass to launch the sites and login to them for you (like some other password managers, I can access LastPass locally {on my PCs}, from my phone, or from the Internet - it's the same database everywhere).
"If you lose your security key, you can use two-factor authentication on your cell phone or an authenticator app. Then, if you want to use a new key, you will have to go through the process of reauthorizing your accounts all over again.
...
In order to use a security key with your Google account (or any account), you need to have already set up two-factor authentication."
Some articles I found useful:
1 Yubikey, multiple devices: https://www.reddit.com/r/yubikey/comments/sl5w22/1_yubikey_multiple_devices/
https://www.reddit.com/r/yubikey/comments/auvrrf/can_i_use_one_yubikey_for_both_my_laptop_and/?rdt=65410
Is it possible to use one Yubikey for multiple accounts?:
https://www.reddit.com/r/yubikey/comments/m8kdkf/is_it_possible_to_use_one_yubikey_for_multiple/
"Use Chrome {browser} to register. There are several sites that I can't register keys with FireFox, but I can login with them"
How many accounts can I register my YubiKey with?
https://support.yubico.com/hc/en-us/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with-
"... can be registered with an unlimited number of services."
Using YubiKeys With Chromebooks: https://support.yubico.com/hc/en-us/articles/4412780094866-Using-YubiKeys-With-Chromebooks
https://support.google.com/accounts/answer/6103523
Ubuntu Linux 20+ Login Guide - Challenge Response:
https://support.yubico.com/hc/en-us/articles/360018695819-Ubuntu-Linux-20-Login-Guide-Challenge-Response
(Something I hadn't thought of) Using YubiKeys with LastPass:
https://support.yubico.com/hc/en-us/articles/360013717580-Using-YubiKeys-with-LastPass
https://www.lastpass.com/solutions/authentication/yubico
"To use a YubiKey with LastPass, you need to have a LastPass Premium, Families, Enterprise or Teams account." $
File encryption with Yubikey: https://www.reddit.com/r/yubikey/comments/q315bo/file_encryption_with_yubikey/
"Yubikey can act as a Smartcard. Veracrypt does support Smartcard" (Linux & Windows)
"I use bitlocker and program the password to the short touch" (Windows)
Which YubiKeys are right for me?: https://www.yubico.com/quiz/
GNU Privacy Guard (GPG, open-source PGP): https://gnupg.org/index.html
"GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP)"
Ubuntu 22.04 Enable full disk encryption: https://linuxconfig.org/ubuntu-22-04-enable-full-disk-encryption
Enable Full Disk Encryption - Ubuntu 20.04: https://jumpcloud.com/blog/how-to-enable-full-disk-encryption-on-an-ubuntu-20-04-desktop
It's Now Easy to Protect Windows With a YubiKey: https://www.pcmag.com/news/its-now-easy-to-protect-windows-with-a-yubikey
"... add an extra layer of security to your Windows login"
"... as the app uses the challenge-response authentication protocol you'll need a YubiKey 5 Series, which can be purchased for as little as $45."
Firefox support for FIDO2 authenticators is here! (2023):
https://www.yubico.com/blog/firefox-support-for-fido2-authenticators-is-here/
"Starting with Firefox 114 – released on June 6, 2023 – Firefox has enabled support for FIDO2 security keys for both registering and authenticating to sites that support passkeys."
How to Navigate FIDO U2F in Firefox Quantum: (2017):
https://www.yubico.com/blog/how-to-navigate-fido-u2f-in-firefox-quantum/
FireFox: https://developers.yubico.com/yubico-piv-tool/YKCS11/Supported_applications/firefox.html
Enabling Smart Card in Firefox on Windows: (2021)
https://support.yubico.com/hc/en-us/articles/360021087299-Enabling-Smart-Card-in-Firefox-on-Windows
Firefox Add-On - Yubikey Companion by dyeray (Python 3.7+): https://addons.mozilla.org/en-US/firefox/addon/yubikey-companion/
https://github.com/dyeray/yubikey-companion#installation
YubiKey Manager CLI: https://developers.yubico.com/yubikey-manager/
I haven't used any of the physical security keys in years, primarily because I was too cheap to buy a personal one several years ago (I did use the old code-key generator devices for work years ago). Of course, losing or damaging one of these keys is always a risk, and if it's left plugged in to the device, that doesn't really secure it from anyone who somehow gets access to (by stealing the device for example).
As mentioned in the article (https://www.theverge.com/22458935/two-factor-security-key-how-to-yubico), the Yubikey can be used as part of your logon authentication to Twitter, Facebook, Google, Microsoft, and many other applications running over the Internet. That is probably where I would start because our userIDs and some of our passwords are likely to be available on the dark web somewhere (you need to set up Two-Factor Authentication for them first).
As an aside, if you have a password manager like LastPass, then you can fairly easily set up unique UserIDs and (most important) unique passwords for each of them. LastPass can be added to most browsers to fill-in your credentials for you (that's what I do, primarily with FireFox), or you can use LastPass to launch the sites and login to them for you (like some other password managers, I can access LastPass locally {on my PCs}, from my phone, or from the Internet - it's the same database everywhere).
"If you lose your security key, you can use two-factor authentication on your cell phone or an authenticator app. Then, if you want to use a new key, you will have to go through the process of reauthorizing your accounts all over again.
...
In order to use a security key with your Google account (or any account), you need to have already set up two-factor authentication."
Your operating system may support encrypting individual drives, folders, or even files (after backing them up) and you could store the encryption keys in your password manager or a security key.
If I were to encrypt an entire drive or device, I would make sure I had a current & tested backup of it first.
Some articles I found useful:
1 Yubikey, multiple devices: https://www.reddit.com/r/yubikey/comments/sl5w22/1_yubikey_multiple_devices/
https://www.reddit.com/r/yubikey/comments/auvrrf/can_i_use_one_yubikey_for_both_my_laptop_and/?rdt=65410
Is it possible to use one Yubikey for multiple accounts?:
https://www.reddit.com/r/yubikey/comments/m8kdkf/is_it_possible_to_use_one_yubikey_for_multiple/
"Use Chrome {browser} to register. There are several sites that I can't register keys with FireFox, but I can login with them"
How many accounts can I register my YubiKey with?
https://support.yubico.com/hc/en-us/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with-
"... can be registered with an unlimited number of services."
Using YubiKeys With Chromebooks: https://support.yubico.com/hc/en-us/articles/4412780094866-Using-YubiKeys-With-Chromebooks
https://support.google.com/accounts/answer/6103523
Using Your YubiKey with Linux:
"These steps are only necessary if your udev version is lower than 244 ..."Ubuntu Linux 20+ Login Guide - Challenge Response:
https://support.yubico.com/hc/en-us/articles/360018695819-Ubuntu-Linux-20-Login-Guide-Challenge-Response
(Something I hadn't thought of) Using YubiKeys with LastPass:
https://support.yubico.com/hc/en-us/articles/360013717580-Using-YubiKeys-with-LastPass
https://www.lastpass.com/solutions/authentication/yubico
"To use a YubiKey with LastPass, you need to have a LastPass Premium, Families, Enterprise or Teams account." $
File encryption with Yubikey: https://www.reddit.com/r/yubikey/comments/q315bo/file_encryption_with_yubikey/
"Yubikey can act as a Smartcard. Veracrypt does support Smartcard" (Linux & Windows)
"I use bitlocker and program the password to the short touch" (Windows)
Which YubiKeys are right for me?: https://www.yubico.com/quiz/
GNU Privacy Guard (GPG, open-source PGP): https://gnupg.org/index.html
"GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP)"
Ubuntu 22.04 Enable full disk encryption: https://linuxconfig.org/ubuntu-22-04-enable-full-disk-encryption
Enable Full Disk Encryption - Ubuntu 20.04: https://jumpcloud.com/blog/how-to-enable-full-disk-encryption-on-an-ubuntu-20-04-desktop
"... add an extra layer of security to your Windows login"
"... as the app uses the challenge-response authentication protocol you'll need a YubiKey 5 Series, which can be purchased for as little as $45."
Firefox support for FIDO2 authenticators is here! (2023):
https://www.yubico.com/blog/firefox-support-for-fido2-authenticators-is-here/
"Starting with Firefox 114 – released on June 6, 2023 – Firefox has enabled support for FIDO2 security keys for both registering and authenticating to sites that support passkeys."
How to Navigate FIDO U2F in Firefox Quantum: (2017):
https://www.yubico.com/blog/how-to-navigate-fido-u2f-in-firefox-quantum/
FireFox: https://developers.yubico.com/yubico-piv-tool/YKCS11/Supported_applications/firefox.html
Enabling Smart Card in Firefox on Windows: (2021)
https://support.yubico.com/hc/en-us/articles/360021087299-Enabling-Smart-Card-in-Firefox-on-Windows
Firefox Add-On - Yubikey Companion by dyeray (Python 3.7+): https://addons.mozilla.org/en-US/firefox/addon/yubikey-companion/
https://github.com/dyeray/yubikey-companion#installation
YubiKey Manager CLI: https://developers.yubico.com/yubikey-manager/
No comments:
Post a Comment