• Last Updated:
  • Dec 30th, 2019 11:05 am
Member
Aug 8, 2019
341 posts
195 upvotes
rcxAsh wrote: One of the main applications as far as I've understood it is to use it as a second factor for your authentication. So then to log into an account that supports it, you would need both your password and the YubiKey physically present to log in. The idea is that you cannot log in with only your password (something you know) or only with the YubiKey (something you have). You need both at the same time. This makes it more difficult for someone to access your account even if they know your password because they would have to physically obtain your YubiKey before they can log in. Similarly, if someone stole your YubiKey but did not know your password, they could not log into your account either.

If you've used other two-factor authentication systems before (a common one is where you have to enter a numeric code generated by your phone or a physical token in addition your password), this is another type of second factor (e.g. you can setup your accounts to use this instead of using a one-time password generated on your phone).
Thanks for the explanation.
I understand this part but I don't understand how to set it up.
I've read it works without any setup but maybe that's skipping some details?
Does it only work on certain websites that have explicit support for yubikey?
For example, how do I use it to authenticate to RFD?
Deal Addict
User avatar
Dec 31, 2006
1466 posts
80 upvotes
canadianpancakes wrote: Mine shipped yesterday with USPS. If i get dinged customs, I will return it asap or deny package and buy from amazon.
Paid $85 USD with shipping = $113 CAD
For 2 items.
Yes, I hope you don't get dinged.

It sucked when it happened, as it's the 1st time it did for me.

Yubico told me it was them having to disclose the costs for the Canada Border protection office.
Search GamerzPlace on google for your gaming needs
Member
Jun 22, 2006
326 posts
42 upvotes
roleless wrote: Thanks for the explanation.
I understand this part but I don't understand how to set it up.
I've read it works without any setup but maybe that's skipping some details?
Does it only work on certain websites that have explicit support for yubikey?
For example, how do I use it to authenticate to RFD?
A site or service would have to support multifactor auth (MFA), most (such as RFD) don't. Some major ones (Google, Github, etc) support it.

How it works from a user perspective (this is how it works for example with my Google/gmail account):
  • I go to gmail.com.
  • I type my name and password & hit enter
  • I then am prompted to press the button on my yubikey, if I fail to do this, I'm not allowed to proceed.
The idea is that if your password were compromised/stolen/guessed, a person still wouldn't be able to log into your account without your Yubikey. If you've ever used the Google Authenticator app on your phone, essentially this is a hardware replacement for that app.

I have yet to find a bank that supports MFA.

One thing you *can* do with a Yubikey that is handy is you can configure it to emit a "static password". Essentially this is a random-ish 32 character or so (can't remember exactly how long) string that is emitted whenever you long press your Yubikey (ie the static password is always the same). The way this is used is for example say you want to make your password "mypassword" and your static password from your yubikey is "8349ee0641e84de3b2d80f0c0c81d536", on the site or service you have to log into you make your password "mypassword8349ee0641e84de3b2d80f0c0c81d536", and then to log in, you type "mypassword", then long press your yubikey to complete the password. Works quite well actually for sites that don't support MFA, but support long passwords.
Member
User avatar
Aug 28, 2005
352 posts
80 upvotes
roleless wrote: Thanks for the explanation.
I understand this part but I don't understand how to set it up.
I've read it works without any setup but maybe that's skipping some details?
Does it only work on certain websites that have explicit support for yubikey?
For example, how do I use it to authenticate to RFD?
(edit: didn't see PedleZelnip's post above when I posted this response; their explanation covers it)

It works very much like how you would use a one-time-password second factor. You need to use it with a service that supports using one of these keys as a second factor. Using Google as an example, you would setup the YubiKey as a second factor and from then on when you try to log into your Google account from a new device, it will prompt you to plug in the key and press the button on it.

For a site like RFD that itself may not have support for this type of second factor, I don't think you can use the YubiKey directly as a second factor. Instead you might use the YubiKey to authenticate/unlock a password manager you use that contains your RFD credentials. But that is not two-factor authentication for RFD, so ultimately the sites you use it with need to support using a hardware second factor.

There are several videos on YouTube that demonstrate it in practice; this one starting at 5:30, for example, lets you see how it works with Google:
Member
Nov 23, 2014
361 posts
249 upvotes
Kelowna, BC
diav wrote: What are the chances of being dinged with duties if we get the Yubikey with this subscription?
Pretty low. It's a 'free gift' since you're buying the subscription.
Member
User avatar
Jun 3, 2007
430 posts
301 upvotes
Toronto
Damn, I wish the Guardian had something like this. Unfortunately, I'm only an occasional Arstechnica reader.
Member
User avatar
Aug 28, 2005
352 posts
80 upvotes
How do you get the coupon? Still shows as $59.00 when I look.
Sr. Member
Aug 20, 2011
896 posts
1010 upvotes
rcxAsh wrote: How do you get the coupon? Still shows as $59.00 when I look.
It shows under the price. If you don't see it, must be gone.
Did you see other links with coupon?

Edit, still shows:
coupon.png
Member
Jul 19, 2006
476 posts
50 upvotes
I have bitwarden. I presume it's well recommended to use something like a yubikey to work with bitwarden and get the premium? Any input or reviews of that set up?
Member
User avatar
Aug 28, 2005
352 posts
80 upvotes
BlackXstar wrote: It shows under the price. If you don't see it, must be gone.
Did you see other links with coupon?

Edit, still shows:
coupon.png
Oh interesting, I don't see that in my browser. Instead I just see:
Annotation 2019-12-02 134221.png

That is a great deal though if you're able to get it!
Newbie
Aug 16, 2010
15 posts
2 upvotes
Vancouver
You can find out if a site supports 2FA by going here https://twofactorauth.org but you should definitely use it for important stuff like email, banking, appleID etc
Member
Aug 30, 2015
388 posts
356 upvotes
BC
iheartdeals wrote: I have bitwarden. I presume it's well recommended to use something like a yubikey to work with bitwarden and get the premium? Any input or reviews of that set up?
Same question. I’m on RoboForm which doesn’t appear to support things like yubikey (it supports 2FA from email, sms (shudder) and google Authenticator); so if I go this route - any recommendations on what to switch to as my password manager?
Member
Dec 13, 2006
258 posts
16 upvotes
blocky wrote: You can find out if a site supports 2FA by going here https://twofactorauth.org but you should definitely use it for important stuff like email, banking,
Many banks dont even have 2 FA let alone supporting a hardware security key Angry Face

Top