As we become more dependent upon online platforms for social and professional purposes, it grows increasingly important that we adapt to stronger online security measures. One of the most important steps you can take to secure your online services is setting up two-factor authentication. This protocol commonly refer as 2FA requires you to type in a password and provide one other piece of proof that you are who you say you are before you can log in to a service.
One of the more common 2FA methods in use today employs six-digit passcodes that are sent to your phone via text message. When a unique scramble of numbers shows up on your phone, you type them into the browser along with your password at the login screen.
But no matter how strong a password is, or what level of code-based authentication a website is using, any system that sends codes in a text message can be compromised from afar by a skilled attacker. The best way to set up two-factor authentication is to get a hardware security key and setup two factor-authentication on it.
The YubiKey—like other, similar devices—is a small metal and plastic key about the size of a USB stick. They plug into your computer, and some also connect to your phone. You can use them in either place, along with your password, to authenticate web logins. Think of it as a physical key that, instead of unlocking a door, unlocks your online life.
Several manufacturers make these types keys, and they all basically work the same way. They stick to an industry standard called Universal 2nd Factor, or U2F. The standard hardware-based authentication with public key cryptography—a set of tools that is extremely difficult to hacked. These U2F keys simplify the process of securely accessing online services like Google, Facebook, Dropbox, Windows, and Mac OS. They also support password managers like Lastpass, Dashlane and pwSafe. U2F keys can even be used to unlock your Mac or Windows PC from the home screen.
Getting Started with YubiKey
Once your YubiKey arrives at your doorstep, you start by activating it. Go to Yubico’s website and select your YubiKey. Next, choose the services you would like to use your YubiKey to log in to. Popular services that support U2F and FIDO2, like Facebook, Google, and Dropbox, are listed at the top. Also, among the top choices are computer login options for Macs and Windows PCs.
You can set up your YubiKey for use with password management solutions like Dashlane and LastPass, and developer platforms like Github and Bitbucket. Just about every service you can access with non-SMS-based two-factor authentication lets you add a YubiKey to your login protocol.
To give you a clearer example, let us set up a YubiKey to work with Facebook. Note that for Facebook, the YubiKey can only log you in if you are using the latest version of Chrome or Opera. The hardware keys will work with Mozilla Firefox and Microsoft Edge on some services, but other services are fickler—check the browser requirements for each of your most used web services. For the ones that do not support your hardware key, you can use a 2FA code-generator app instead.
5 Most Popular Uses of YubiKey:
- Google Account. Millions of us rely on our Google account for access to Gmail, Google Apps, YouTube, Google+, Blogger, and more. Enable Google 2-Step Verification (2SV) and add the YubiKey to protect your Google Account login and the important information within your account.
- Microsoft Account. One Popular uses of Yubikey is to use a Microsoft account with a YubiKey as it gives you quick and easy access to services such as Outlook.com, Office, Skype, OneDrive, Xbox Live, and more. All you need to do is just tap your YubiKey and you are in. No password required.
- Fast mail enables an extensive range of authentication solutions to keep your email safe from hackers who are trying to access your private data. With support for FIDO U2F and Yubico OTP, Fast mail enables users to use the YubiKey for the peace of mind that comes with additional security.
Social Media Platform
- Securing your social media accounts with the YubiKey effectively helps keep bad guys out—even if they have access to your password. With the YubiKey enabled, the hackers cannot take control of your security and privacy on Facebook.
- Twitter users can protect their accounts with two-factor authentication leveraging WebAuthn and the YubiKey. Together, Yubico and Twitter provide hardware-backed, strong anti-phishing to user accounts.
- Instagram is a popular social media platform where you can share photos, stories, and videos with your friends and family. Prevent unauthorized access to your Instagram account. Enable 2FA with the Yubico Authenticator and the YubiKey.
- Dash lane. Dashlane is the first password manager to support FIDO U2F certified YubiKeys to keep you and your passwords safe. With the YubiKey, Dashlane Premium enables secure two-factor authentication that is not only easy to use, but also easy and simple to set up.
- Together, LastPass and Yubico help organizations fortify their defenses to reduce the risk of credential theft and security breaches. With the LastPass Enterprise Admin Dashboard, IT administrators can provision accounts, see actionable security reports, enforce YubiKey 2FA, and effectively manage password security enterprise wide.
- pwSafe is an open source password manager for Mac OS X users that also comes with cloud backups, so you can securely back up your passwords online. pwSafe uses YubiKey’s HMAC-SHA1 challenge response mode.
- Windows OS. Yubico has created a utility (for Microsoft Windows 7 and later), YubiKey Windows Login, that secures access to a Windows account when used with a YubiKey. When you have properly configured, both your password and YubiKey are required to gain access to your account. When configuring your YubiKey for YubiKey Windows Login, I highly recommended that you configure a second, backup YubiKey with the same secret key, if access to the primary YubiKey is lost.
- Mac OS. A popular uses of Yubikey is to secure your log in for Mac with your YubiKey. using the native smart card (PIV) mode or by setting up Challenge-Response using the Yubico Pluggable Authentication Module (PAM). These methods help better create the ideal ecosystem for a password-less future.
- Ubuntu Linux. Ubuntu is a free open source operating system and Linux distribution based on Debian. The Ubuntu community has created many apps with YubiKey support to enable strong authentication and encryption to protect your personal data.
- If you turn on two-step verification for OneDrive, you will get a security code to your email, phone, or authenticator app every time you sign in on a device that is not trusted. When it is turned off, you only get and re-send security codes occasionally, and when there might be a risk to your account security.
- Google Cloud. Secure your Google Cloud and all the apps you use for work with Yubico U2F-compliant security keys. The YubiKey provides hardware-backed two-factor authentication on top of your password to protect your Google Cloud infrastructure from account takeovers
- Dropbox Personal makes managing your photos, videos, and documents simple. Easily protect your Dropbox Personal account and all the files within with strong YubiKey two-factor authentication.
Multi-Protocols of YubiKeys
A single YubiKey has multiple Protocols for securing your login to email, online services, apps, computers, and even physical spaces. Use one or more YubiKey features or use them all. The flexible YubiKey requires no software installation or battery; just plug it into a USB port, and touch the button, or tap-n-go for secure authentication. A very useful and popular uses of YubiKey is that if you fall victim of a data breach and your sensitive data is stolen, malicious hackers will not be able to get into your private account without your physical Yubikey. That is why there are zero Google credentials ever been stolen before after using YubiKey.
Yubico offers different keys for devices with USB-A, USB-C, or NFC connections, while Google offers one that uses Bluetooth. Here are three reason why you should consider YubiKey.
Each individual key has their own uniqueness and the reason why Yubico offers different keys for devices with USB-A, USB-C or NFC connections is to allow any devices to be able to use Yubikey as all electronic devices have different USB port. So, some Yubikey may be more suitable for Apple iPhone or Mac OS and some may be more suitable for Android or Window OS.
The difference between YubiKey 5 Series (Black Key) and YubiKey Security Key Series (Blue Key) is that YubiKey 5 is an upgraded version of Yubikey Security Key with more functions. The cheaper Blue Keys has some limitation, for example it cannot be use for Computer logins such as logging in Windows or Mac.
Fast and Reliable
One-tap login, nothing to download, no batteries, crush, and water resistant. Manufactured in Sweden and California.
Zero recorded account takeovers in 11 years. The physical key requires a human touch and cannot be hacked remotely.
One key for many services
One key to access hundreds of top sites. No user and Security information is shared between the services thus protecting your privacy.
|Application Uses /YubiKey||YubiKey 5NFC||YubiKey 5C||YubiKey 5Ci||YubiKey Nano||YubiKey Sky3||Yubikey Sky2|
|Social Media Platform||√||√||√||√||√||√|
More of our “Be Safe Online” Special Edition:
Yubikey supports many applications or software and each of them have their own different functions to protect your password. Many of us tend to rely on social media platform or communication platform to do work or just mainly for entertainment, however we tend to overlook the importance of protecting our personal data in the cyber world as well.
If you are considering of ordering a Yubikey to protect your various online accounts, you can head over to our website at https://dtasiagroup.com.hk/yubikeys/.