This is why I use a YubiKey. (1 Viewer)

Feb 27, 2011
14,671
74,887
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Mandatory keys cut successful phishing attacks on Google to zero

This is impressive for a company with so many staff and so many computer systems and third party contractors.

Full story here.

https://www.engadget.com/2018/07/24/security-keys-google-phishing/

I use the Yubikey Neo which is a bit pricey but supports NFC for phones etc plus some other high tech features I need. https://amzn.to/2mFXX5T At £45 probably overkill.

However they also do an £18 basic version which will allow you to protect most stuff when on a laptop or computer. https://amzn.to/2mIh93b : £18 one off cost.
 
Sep 17, 2017
5,337
9,945
Birmingham, UK
Funster No
50,575
MH
A-Class
Exp
2017
I used the original Yubikey for years to 2-factor my Lastpass password vault. It is permanently attached to my keyring and has become scared from all the abuse of being jangled around with my keys and going through the washing machine a couple of times. It still works, but it's now my backup as I'm mainly use the Google Authenticator app on my phone now. Authenticator is used for securing several things including email accounts and some business related stuff.

I've got a newer Yubikey (the cheap FIDO only one?), but I didn't realise that it didn't support Lastpass unless you bought it directly from them. Now there's direct U2F support in Chrome, maybe that's not an issue anymore? Or maybe I just get a Neo...
 

The Dotties

Free Member
Jan 31, 2015
1,872
4,022
Gloucester
Funster No
34,955
MH
In between
Exp
Ex Newbie
Mandatory keys cut successful phishing attacks on Google to zero

This is impressive for a company with so many staff and so many computer systems and third party contractors.

Full story here.

https://www.engadget.com/2018/07/24/security-keys-google-phishing/

I use the Yubikey Neo which is a bit pricey but supports NFC for phones etc plus some other high tech features I need. https://amzn.to/2mFXX5T At £45 probably overkill.

However they also do an £18 basic version which will allow you to protect most stuff when on a laptop or computer. https://amzn.to/2mIh93b : £18 one off cost.


I can understand somebody in your position using one of these, but does joe public need one?
I struggle to understand computerese as it is:)

Subscribers  do not see these advertisements

 
OP
OP
Gromett
Feb 27, 2011
14,671
74,887
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
I can understand somebody in your position using one of these, but does joe public need one?
I struggle to understand computerese as it is:)

I will give a brief explanation but have to get back to work very shortly.. So if I am not clear can come back later.

A password no matter how good is not secure. Hackers may install keyloggers on your system, hack the destination website etc.
2 factor authentication (2FA) is where you have to have something you know (your password) and something you own (2nd factor)..
This second factor is these days pretty much essential if you want to stay totally secure. The main option people use is on their mobile phone using either an SMS message with a 6 digit code or using an authenticator app. So the thief really need to get your password and your phone. This is a dramatic improvement.

However, if you are out and about and lose your phone or it is stolen you are screwed. Also hackers can install remote access terminal (rat) software on your phone and they can remotely access your phone.

With a separate dongle/usb key type device. You keep this in your wallet and only take it out when it is required. You are much less likely to lose this in day to day use. They also can't hack it or get remote access to it in anyway and because it uses public key encryption is a lot more secure.

As for does joe public need it? only if you want to ensure that hackers have the least possible chance of them getting access to your email account, and from there to lots of other stuff. Once they have your email box, they can scour it for information to make any phishing attempt much more believable. However if you use 2FA even if they get your password it will do them no good when they try to access other sites protected with your dongle.
 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Log in

Already a member? Log in here.

Funsters who are viewing this thread

Back
Top