This is why I use a YubiKey.

Discussion in 'Computers' started by Gromett, Jul 25, 2018.

  1. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    9,420
    Location:
    UK
    Ratings:
    +27,995
    Mandatory keys cut successful phishing attacks on Google to zero

    This is impressive for a company with so many staff and so many computer systems and third party contractors.

    Full story here.

    https://www.engadget.com/2018/07/24/security-keys-google-phishing/

    I use the Yubikey Neo which is a bit pricey but supports NFC for phones etc plus some other high tech features I need. https://amzn.to/2mFXX5T At £45 probably overkill.

    However they also do an £18 basic version which will allow you to protect most stuff when on a laptop or computer. https://amzn.to/2mIh93b : £18 one off cost.
     
  2. Guigsy

    Guigsy Funster

    Joined:
    Sep 17, 2017
    Messages:
    224
    Location:
    Birmingham, UK
    Ratings:
    +557
    I used the original Yubikey for years to 2-factor my Lastpass password vault. It is permanently attached to my keyring and has become scared from all the abuse of being jangled around with my keys and going through the washing machine a couple of times. It still works, but it's now my backup as I'm mainly use the Google Authenticator app on my phone now. Authenticator is used for securing several things including email accounts and some business related stuff.

    I've got a newer Yubikey (the cheap FIDO only one?), but I didn't realise that it didn't support Lastpass unless you bought it directly from them. Now there's direct U2F support in Chrome, maybe that's not an issue anymore? Or maybe I just get a Neo...
     
    • Funny Funny x 1
  3. The Dotties

    The Dotties Funster

    Joined:
    Jan 31, 2015
    Messages:
    844
    Location:
    Gloucester
    Ratings:
    +2,215

    I can understand somebody in your position using one of these, but does joe public need one?
    I struggle to understand computerese as it is:)
     
    • Like it Like it x 1
  4. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    9,420
    Location:
    UK
    Ratings:
    +27,995
    I will give a brief explanation but have to get back to work very shortly.. So if I am not clear can come back later.

    A password no matter how good is not secure. Hackers may install keyloggers on your system, hack the destination website etc.
    2 factor authentication (2FA) is where you have to have something you know (your password) and something you own (2nd factor)..
    This second factor is these days pretty much essential if you want to stay totally secure. The main option people use is on their mobile phone using either an SMS message with a 6 digit code or using an authenticator app. So the thief really need to get your password and your phone. This is a dramatic improvement.

    However, if you are out and about and lose your phone or it is stolen you are screwed. Also hackers can install remote access terminal (rat) software on your phone and they can remotely access your phone.

    With a separate dongle/usb key type device. You keep this in your wallet and only take it out when it is required. You are much less likely to lose this in day to day use. They also can't hack it or get remote access to it in anyway and because it uses public key encryption is a lot more secure.

    As for does joe public need it? only if you want to ensure that hackers have the least possible chance of them getting access to your email account, and from there to lots of other stuff. Once they have your email box, they can scour it for information to make any phishing attempt much more believable. However if you use 2FA even if they get your password it will do them no good when they try to access other sites protected with your dongle.
     
    • Informative Informative x 4
    • Like it Like it x 1
    • Useful Useful x 1
  5. The Dotties

    The Dotties Funster

    Joined:
    Jan 31, 2015
    Messages:
    844
    Location:
    Gloucester
    Ratings:
    +2,215
    Grommet,
    Thank you
     
    • Like it Like it x 1

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice