• Last Updated:
  • May 14th, 2020 9:58 pm
[OP]
Deal Addict
Jan 6, 2006
2853 posts
946 upvotes

Yubikey and Hotmail

I purchased one of these keys from Amazon: https://www.yubico.com/products/security-key/

Confused about this because when I added this key to my hotmail account. It doesn't prompt me to insert my key. It just asks for my password then it sends a code to my phone or my secondary email. Then it successfully logs in. It does give me the option to login with a security key BUT it's optional. How do I make it so that its required to use my key. Kinda defeats the purpose of having a security key if it's only optional when logging in.

AND if i turn off two-factor authentication off. It will just log in after entering my password. Totally ignores the yubikey....
5 replies
Deal Expert
Jun 15, 2011
44393 posts
7695 upvotes
Did you go into Security settings for your hotmail account? I remember browsing through it recently and noticed there's an option to configure a security key.
Blanka
[OP]
Deal Addict
Jan 6, 2006
2853 posts
946 upvotes
djemzine wrote: Did you go into Security settings for your hotmail account? I remember browsing through it recently and noticed there's an option to configure a security key.
Yes, I have my key added. Now that I read more about it. Microsoft only made it so that its more convenient when logging into your account not more secure. So, in other words if someone has my password they can still log in...or if i have sms two-factory authentication on and someone steals my numbers. they can access my account....

Oh well...time to migrate over to gmail.
Deal Expert
Jun 15, 2011
44393 posts
7695 upvotes
Phat_cow wrote: Yes, I have my key added. Now that I read more about it. Microsoft only made it so that its more convenient when logging into your account not more secure. So, in other words if someone has my password they can still log in...or if i have sms two-factory authentication on and someone steals my numbers. they can access my account....

Oh well...time to migrate over to gmail.
Yup. Nothing is ever 100% secure ;)

2FA can be bypassed via social engineering too. I never stick with sms 2FA. Use the Microsoft Authenticator app. That's what I use,
Blanka
[OP]
Deal Addict
Jan 6, 2006
2853 posts
946 upvotes
djemzine wrote: Yup. Nothing is ever 100% secure ;)

2FA can be bypassed via social engineering too. I never stick with sms 2FA. Use the Microsoft Authenticator app. That's what I use,
Yeah, i hate sms 2fa too. Thats why i got a yubikey! Can the microsoft authenticator app backup your accounts on line? I'd hate to have it on all my accounts then my phone dies and lose access to everything.
Deal Expert
Jun 15, 2011
44393 posts
7695 upvotes
Phat_cow wrote: Yeah, i hate sms 2fa too. Thats why i got a yubikey! Can the microsoft authenticator app backup your accounts on line? I'd hate to have it on all my accounts then my phone dies and lose access to everything.
I’m not sure on that if it has a backup and sync feature. You do get an option to get a recovery key or backup codes whenever you setup mfa. That way you can use the backup codes in case your phone doesn’t work.


Edit: Seems like it does.

https://docs.microsoft.com/en-us/azure/ ... p-recovery
Blanka

Top