2FA USB security sticks
Discussion
Harpoon said:
Yes, or the alternatives.Google do one. Solokey another
I have two Yubikey. One on my home PC, one on my keyring.
About a year ago I had a spate of various accounts having login attempts. So ingot these keys and 1password and set up strong passwords for everything.
If I want to log into certain accounts on a new device I need to insert and touch one of they keys when requested, or use NFC to authenticate contactlessly. It's fairly faff-free.
The one at home is a mini USB-C that you can hardly notice, I just reach down and touch it, the one on my keyring is NFC and USB-C for phones work laptop etc.
I find it quite unobtrusive. Actually, I don't need to use them very often once the device has been authenticated initially. Just if you get a new phone or work laptop etc. It would be a problem if I tried to log in on my parents PC for example as they only have USB-A... But most new kit has USB-C now.
It's fairly seamless but It's a leap of faith to set your accounts to only require the security key. This is why they reccomend enabling 2 keys incase you loose one.
I had to get my head around how to set up the keys and 1password app on all my devices, and the browser extensions in browsers I used, including importing passwords from chrome to 1password.
Then another leap of faith to delete all the stored passwords in various places e.g. chrome built in password manager etc and hand it over to the 1password extensions etc.
Then I used the "watchtower" in 1password to show all the duplicated or insecure passwords and work through them all generating unique strong passwords. (I didn't in my paternity while mum and baby were sleeping).
About a year ago I had a spate of various accounts having login attempts. So ingot these keys and 1password and set up strong passwords for everything.
If I want to log into certain accounts on a new device I need to insert and touch one of they keys when requested, or use NFC to authenticate contactlessly. It's fairly faff-free.
The one at home is a mini USB-C that you can hardly notice, I just reach down and touch it, the one on my keyring is NFC and USB-C for phones work laptop etc.
I find it quite unobtrusive. Actually, I don't need to use them very often once the device has been authenticated initially. Just if you get a new phone or work laptop etc. It would be a problem if I tried to log in on my parents PC for example as they only have USB-A... But most new kit has USB-C now.
It's fairly seamless but It's a leap of faith to set your accounts to only require the security key. This is why they reccomend enabling 2 keys incase you loose one.
I had to get my head around how to set up the keys and 1password app on all my devices, and the browser extensions in browsers I used, including importing passwords from chrome to 1password.
Then another leap of faith to delete all the stored passwords in various places e.g. chrome built in password manager etc and hand it over to the 1password extensions etc.
Then I used the "watchtower" in 1password to show all the duplicated or insecure passwords and work through them all generating unique strong passwords. (I didn't in my paternity while mum and baby were sleeping).
Edited by Glade on Thursday 6th April 08:15
We issue a Yubikey 5 to everyone at work who needs access to certain systems, including any VPN use.
I like it as a solution - using webauthn as either a passwordless authentication method or as an additional factor works well, and I can use the PKCS#11 store to store SSH keys securely too.
I like it as a solution - using webauthn as either a passwordless authentication method or as an additional factor works well, and I can use the PKCS#11 store to store SSH keys securely too.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff