Yubico discounted keys via Cloudflare

To post in this sub-forum you must have made 30 posts or have Trust status or have completed our ID Verification

Forums › Bargains and Deals › Yubico discounted keys via Cloudflare

1 | 2 | 3

4800 posts

Uber Geek
+1 received by user: 3660

#2979289 8-Oct-2022 23:23

I have received them in the meantime, 8 of them are already as gifts with my best customers of whom I know that they are concerned about internet and data security and can handle it. Five have already obtained a second backup key at their own request, two more will do so, one is still experimenting. ;-)

In the meantime, the number has been reduced to 4 keys, as there were probably too many offers for sale on eBay of 10 YubiKeys.

Qui nihil scit, omnia credere debet.
Firewalls do NOT stop dragons.
In effect we have everything to hide from someone, and no idea who someone is.

timmmay

20859 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#2979302 9-Oct-2022 08:18

I looked at it, and decided that for me using Authy / Microsoft Authenticator was likely sufficiently secure, and quite flexible, given I'm reasonably security aware.

Interesting that it can be used with BitWarden. I've just started playing with the open source version, packed as VaultWarden, but it uses the BitWarden plugins and apps. I can lock it down to specific IP addresses. It can complete MFA for you if you put the MFA tokens into BitWarden / VaultWarden, but that would seem to me to turn two factor back into a single factor, so I wouldn't do that for important sites.

Does anyone have any thoughts on how necessary Yubikey is? Or additional thoughts on BitWarden with Yubikey?

fearandloathing

537 posts

Ultimate Geek
+1 received by user: 206

ID Verified

Lifetime subscriber

#2979329 9-Oct-2022 11:55

Tinkerisk:
The USB-C part of it doesn‘t currently work with Apple‘s restrictive policy and the iPad has no NFC in general.

The iPhone, the PCs and the linux servers are completely fine with it, it‘s just the USB-C iPad.

USB-c yubikey works with my iPad

Tinkerisk

4800 posts

Uber Geek
+1 received by user: 3660

#2980180 10-Oct-2022 15:31

fearandloathing:
Tinkerisk:

The USB-C part of it doesn‘t currently work with Apple‘s restrictive policy and the iPad has no NFC in general.

The iPhone, the PCs and the linux servers are completely fine with it, it‘s just the USB-C iPad.

USB-c yubikey works with my iPad

Well, the two LEDs of the YubiKey 5C when touching the sensor pins work here also with my USB-C. ;-)

What about the yubico authenticator APP? Or just button press OTP within the Safari browser?

Qui nihil scit, omnia credere debet.
Firewalls do NOT stop dragons.
In effect we have everything to hide from someone, and no idea who someone is.

MurrayM

2502 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#2991508 3-Nov-2022 14:12

Today I received the 2 Yubikeys that I ordered through the Cloudflare offer. This is the first time I've used a Yubikey so I thought I better do a bit more reading up on them before I tackled setting them up. However the more I read the more confused I am as to exactly how they work, so I thought I'd ask here for some clarity.

I'm used to using Authy and have my Google accounts and a few other websites set up to use it. I was under the impression (probably wrongly) that the Yubikey was a replacement for my use of Authy and that I'd be able to ditch Authy and any other 2FA apps and just use the Yubikey hardware key. However the more I read the more I've come to the conclusion that there is more to 2FA than I'd realised and there's actually several different ways of doing 2FA which requires different 2FA protocols.

Apparently for some uses I can use just the Yubikey hardware key, but for other uses I have to use an app called "Yubico Authenticator"? How do I know when I can use just the hardware key and when I need to use the app?

I think (but I'm not sure), that some applications support the Yubikey though a protocol called WebAuthn/FIDO2 and for those applications I just need the Yubikey hardware key. For applications that don't support WebAuthn/FIDO2 but do support 2FA (eg Geekzone?) then I need to use the Yubico Authenticator app in conjunction with the Yubikey hardware key. Is this correct?

Tinkerisk

4800 posts

Uber Geek
+1 received by user: 3660

#2991521 3-Nov-2022 15:06

MurrayM:

I think (but I'm not sure), that some applications support the Yubikey though a protocol called WebAuthn/FIDO2 and for those applications I just need the Yubikey hardware key. For applications that don't support WebAuthn/FIDO2 but do support 2FA (eg Geekzone?) then I need to use the Yubico Authenticator app in conjunction with the Yubikey hardware key. Is this correct?

Yes U R. When the application supports the direct use of the yubikey („works with yubikey“) you only need the key. If it doesn‘t support it, you can use 2FA via an authentification app (yubikey authentificator or an authentification app from the catalog) to use it indirectly.

Qui nihil scit, omnia credere debet.
Firewalls do NOT stop dragons.
In effect we have everything to hide from someone, and no idea who someone is.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#2991523 3-Nov-2022 15:10

Tinkerisk:

MurrayM:

I think (but I'm not sure), that some applications support the Yubikey though a protocol called WebAuthn/FIDO2 and for those applications I just need the Yubikey hardware key. For applications that don't support WebAuthn/FIDO2 but do support 2FA (eg Geekzone?) then I need to use the Yubico Authenticator app in conjunction with the Yubikey hardware key. Is this correct?

Yes U R. When the application supports the direct use of the yubikey („works with yubikey“) you only need the key. If it doesn‘t support it, you can use 2FA via an authentification app (yubikey authentificator or an authentification app from the catalog) to use it indirectly.

haven't quite figure out the benefit of doing totp with the yubikey app over say authy on iphone with faceid or touch id. Isn't it much of a muchness?

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

MurrayM

2502 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#2991525 3-Nov-2022 15:13

Tinkerisk:

MurrayM:

I think (but I'm not sure), that some applications support the Yubikey though a protocol called WebAuthn/FIDO2 and for those applications I just need the Yubikey hardware key. For applications that don't support WebAuthn/FIDO2 but do support 2FA (eg Geekzone?) then I need to use the Yubico Authenticator app in conjunction with the Yubikey hardware key. Is this correct?

Yes U R. When the application supports the direct use of the yubikey („works with yubikey“) you only need the key. If it doesn‘t support it, you can use 2FA via an authentification app (yubikey authentificator or an authentification app from the catalog) to use it indirectly.

Thanks @Tinkerisk, it's now beginning to make more sense to me.

For the "Works with Yubikey" applications do you know if there's a limit to how many applications the key can hold?

MurrayM

2502 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#2991526 3-Nov-2022 15:16

davidcole:

haven't quite figure out the benefit of doing totp with the yubikey app over say authy on iphone with faceid or touch id. Isn't it much of a muchness?

I guess the Yubikey app is secured with the physical Yubikey so might be a bit more secure than Authy/Google Authenticator/etc?

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#2991530 3-Nov-2022 15:22

MurrayM:

davidcole:

haven't quite figure out the benefit of doing totp with the yubikey app over say authy on iphone with faceid or touch id. Isn't it much of a muchness?

I guess the Yubikey app is secured with the physical Yubikey so might be a bit more secure than Authy/Google Authenticator/etc?

But you'd assume touch Id for ios - would be of a similar quality? but maybe it is pandering a little for convenience.

I've been adding my yubikeys where I can (github, fastmail etc), but generally still have google authenticator (authy TOTP) set. Unsure if that's wise or not

MurrayM

2502 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#2991535 3-Nov-2022 15:35

davidcole:

But you'd assume touch Id for ios - would be of a similar quality? but maybe it is pandering a little for convenience.

I've been adding my yubikeys where I can (github, fastmail etc), but generally still have google authenticator (authy TOTP) set. Unsure if that's wise or not

After a bit more reading I think that for applications that don't work natively with the Yubikey and for which you therefore would need the Yubico Authenticator app, the code (or secret or seed or whatever it's called) is stored on the actual Yubikey hardware and the Yubico Authenticator app is just used as an interface. This means you can run the Yubico Authenticator app anywhere (there's Windows, Mac, Linux, Android, iOS versions) and not worry about syncing between them all.

Lego

Shop now for Lego sets and other gifts (affiliate link).

Tinkerisk

4800 posts

Uber Geek
+1 received by user: 3660

#2991536 3-Nov-2022 15:35

MurrayM:

Thanks @Tinkerisk, it's now beginning to make more sense to me.

For the "Works with Yubikey" applications do you know if there's a limit to how many applications the key can hold?

It depends of the auth method in use.

Qui nihil scit, omnia credere debet.
Firewalls do NOT stop dragons.
In effect we have everything to hide from someone, and no idea who someone is.

MurrayM

2502 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#2991542 3-Nov-2022 15:49

Tinkerisk:

MurrayM:

Thanks @Tinkerisk, it's now beginning to make more sense to me.

For the "Works with Yubikey" applications do you know if there's a limit to how many applications the key can hold?

It depends of the auth method in use.

Thanks for that link. So if I'm reading it correctly, then you can have an unlimited number of accounts when using the FIDO U2F protocol, and a limit of 32 when using the OATH protocol (which is what Authy, etc uses).

Tinkerisk

4800 posts

Uber Geek
+1 received by user: 3660

#2991544 3-Nov-2022 15:56

davidcole:

haven't quite figure out the benefit of doing totp with the yubikey app over say authy on iphone with faceid or touch id. Isn't it much of a muchness?

Not every (linux) server has a touch-id or face-id to auth itself physically for a specific service and not everyone has/uses an apple device. Furthermore there are simple methods available to reproduce a human‘s fingerprint physically.

@all Concerning pwd-mngrs (keep in mind that MANY DIFFERENT passwords like „SFq3@8Ef30TZ„ are a little bit harder to memorize than „123456“ for everything ;-)

Qui nihil scit, omnia credere debet.
Firewalls do NOT stop dragons.
In effect we have everything to hide from someone, and no idea who someone is.

Tinkerisk

4800 posts

Uber Geek
+1 received by user: 3660

#2991706 4-Nov-2022 06:23

Let Chris from Crosstalk Solution tell you what he does with the yubikeys.

Qui nihil scit, omnia credere debet.
Firewalls do NOT stop dragons.
In effect we have everything to hide from someone, and no idea who someone is.

1 | 2 | 3