2FA HW security keys, Yubikey&such. - page 2.

charlie137

full member

Activity: 1204

Merit: 220

(ノಠ益ಠ)ノ

Quote from: ?? on ??

Quote from: madnessteat on March 26, 2020, 11:38:26 AM

I found other security keys

Yubico YubiKey 5 NFC
Yubico Yubikey 5C
Yubico YubiKey 5 Nano
CryptoTrust OnlyKey
Thetis Fido U2F Security Key
Thetis FIDO U2F Security Key with Bluetooth
Google Titan Security Keys
Kensington Verimark Fingerprint Key

but since I haven't yet had any experience with security keys it's hard for me to know which one is the best.

Am I right in understanding that the most functional and convenient to date is the Yubico YubiKey 5 NFC security key?

Yubico proved to be a leader in the field. The first three are different in form-factor/type of USB terminal/NFC presence, DYOR.

theres also new keys with fido2 https://www.yubico.com/products/security-key/

charlie137

full member

Activity: 1204

Merit: 220

(ノಠ益ಠ)ノ

Quote from: madnessteat on March 26, 2020, 11:38:26 AM

I found other security keys

Yubico YubiKey 5 NFC
Yubico Yubikey 5C
Yubico YubiKey 5 Nano
CryptoTrust OnlyKey
Thetis Fido U2F Security Key
Thetis FIDO U2F Security Key with Bluetooth
Google Titan Security Keys
Kensington Verimark Fingerprint Key

but since I haven't yet had any experience with security keys it's hard for me to know which one is the best.

Am I right in understanding that the most functional and convenient to date is the Yubico YubiKey 5 NFC security key?

yes, yubico are currently leading here. i would recommend to test couple different models since they have different workflows (nfc/port)

madnessteat

legendary

Activity: 2310

Merit: 2073

I found other security keys

Yubico YubiKey 5 NFC
Yubico Yubikey 5C
Yubico YubiKey 5 Nano
CryptoTrust OnlyKey
Thetis Fido U2F Security Key
Thetis FIDO U2F Security Key with Bluetooth
Google Titan Security Keys
Kensington Verimark Fingerprint Key

but since I haven't yet had any experience with security keys it's hard for me to know which one is the best.

Am I right in understanding that the most functional and convenient to date is the Yubico YubiKey 5 NFC security key?

charlie137

full member

Activity: 1204

Merit: 220

(ノಠ益ಠ)ノ

Quote from: Chikito on March 01, 2020, 12:34:51 AM

I read up news, Trezor hardware wallet already has further expanded ability with a secure and comfortable two-factor authentication.

Trezor reserve as a hardware security U2F with backup/recovery functions (seed/mnemonic phrase)^[1]

disclaimer: i don't use it, you can read manual setting up trezor as 2fa hardware^[2] with your own risk

[1]. https://wiki.trezor.io/U2F
[2]. https://wiki.trezor.io/User_manual:Two-factor_Authentication_with_U2F

very cool, but how practical is this tho? trezors are huge comparing to the rest of the devices in the segment

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: ?? on ??

Quote from: NeuroticFish on March 08, 2020, 02:34:07 PM

This can be the main selling point imho.

I would buy it even if it had have only one single features from its current numerous set i.e. ability to deliver user's password via interface unapproachable by malware. No one wants his main password to be stolen.

I bought two samples of devices (one of them as backup) and didn't regret that because deep and calm sleeping was always my priority.

they claim its immune to badusb and such, which is a necessity if youre plugging it into untrusted systems.

https://www.yubico.com/blog/yubikey-badusb/

of course DYOR

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: vapourminer on March 08, 2020, 07:40:29 AM

trezor can do this too but who wants what is obviously a crypto wallet on their key chain.

I've been reading this topic and was thinking "why on earth would somebody buy this, since the hardware wallets can handle the job?" when I've finally read this.
Yep. This can be the main selling point imho.

I still believe that hardware wallets for day-to-day transactions should not have big amounts of coins on them (the big amounts can stay on another hardware or paper wallet in a safe), but they could still attract the eyes.
This device definitely deserves a second look.

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

i just picked one of these up (yubikey 5 nfc). using google auth most places still and slowly changing over to yubi wherever i can. now that i know how easy it is, gonna grab some more, mainly the cheaper simple ones just to register as backups.

having my email and such protected by this is a great feeling. i was always worried my google auth token could be compromised during generation (screenshot or such). never happened that i know of but still.

trezor can do this too but who wants what is obviously a crypto wallet on their key chain.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: ?? on ??

Quote from: Saint-loup on March 02, 2020, 06:35:18 PM

Here is a pretty good article explaining the main differences between TOTP and U2F.

Yeah, pretty clear picture explaining U2F authentication with relatively small errors which fail to take account of the fact that public key goes to server's database at the first add of the dongle to user's account. Then it is stored in database forever.

There are also differing views on who generates "nonce" - the server or U2F dongle when registering at service. I have read somewhere that when it comes to Google it is his responsibility to generate that random number (nonce) that triggers private-public keys creation inside U2F stick. At the same time some services say that nonce is generated by U2F dongle. But I think it doesn't matter and arguably depends on the service.

BTW, Google has the option to add two U2F keys to your account.

Yes but unfortunately very few exchanges are currently proposing U2F authentification Sad

I've seen Binance, Coinbase and Bitfinex are offering it
https://www.binance.com/en/blog/351376985820852224/You-Can-Now-Use-Hardware-Security-Keys-on-Binance
https://blog.coinbase.com/securing-your-crypto-with-security-keys-and-webauthn-551124b72d8e
https://support.bitfinex.com/hc/en-us/articles/115003616589-Universal-2nd-Factor-U2F-2FA-Setup

But other big ones like Kraken for example are only planning to add this protocol
https://support.kraken.com/hc/en-us/articles/360001363963-Yubikey-and-2FA-device-compatibility

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: ?? on ??

Quote from: LbtalkL on February 29, 2020, 06:19:35 PM

This sounds cool, can we import our google authenticator keys to this authenticator dongle and vice versa? do you have a video on how to use this and what is the price range just curious. If its really affordable and flexible for sure I am gonna buy it, thanks for the info.

If you mean TOTP based key then the answer is nope. But Google has the option to bring to bear U2F protocol and utilize the HW keys like Yubico to authenticate you. It works in following way. When you register you HW-key-dongle at Google it sends the random number to that dongle. Based on that number the last generates private - public keys pair. Then the public key of that pair is send back to Google that assigns it to your ID. Next time when you log in to Google it sends to HW-key the message and waits for outgoing one that must be signed by HW-key using the corresponding private key. After receiving encrypted message Google decrypts it with public key and checks. If everything is correct then you are in.

P.S. I'm using Yubikey5 to log in to my bitcointalk forum account. But this is the other story. Wink

Here is a pretty good article explaining the main differences between TOTP and U2F.
Unlike TOTP with U2F you don't have to share a seed with the server, so it doesn't need to store it and to send it to you, and you don't have to send any symmetric code.

https://blog.trezor.io/why-you-should-never-use-google-authenticator-again-e166d09d4324

Chikito

legendary

Activity: 2366

Merit: 2054

I read up news, Trezor hardware wallet already has further expanded ability with a secure and comfortable two-factor authentication.

Trezor reserve as a hardware security U2F with backup/recovery functions (seed/mnemonic phrase)^[1]

disclaimer: i don't use it, you can read manual setting up trezor as 2fa hardware^[2] with your own risk

[1]. https://wiki.trezor.io/U2F
[2]. https://wiki.trezor.io/User_manual:Two-factor_Authentication_with_U2F

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: LbtalkL on February 29, 2020, 06:19:35 PM

This sounds cool, can we import our google authenticator keys to this authenticator dongle and vice versa? do you have a video on how to use this and what is the price range just curious. If its really affordable and flexible for sure I am gonna buy it, thanks for the info.

OP already mentioned that Yubikey 5 (that he uses) supports U2F, so yeah you can use it with Google[1]. It's priced around $45 USD for a single one.

Do check the official website: https://www.yubico.com/product/yubikey-5-nfc

[1] Additional info: https://support.yubico.com/support/solutions/articles/15000006418-using-your-yubikey-with-google

LbtalkL

full member

Activity: 1176

Merit: 162

This sounds cool, can we import our google authenticator keys to this authenticator dongle and vice versa? do you have a video on how to use this and what is the price range just curious. If its really affordable and flexible for sure I am gonna buy it, thanks for the info.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

So basically, this device is used to manage passwords and OTP (One-Time Password) for 2FA authentication. I read your post and mostly what I understand is it focus more on 2FA. Even though using a authenticator such as google auth and authy are still helpful and those who got your pass and username won't do much unless they can get the OTP in your phone or devices. The Yubikey 5 NFC cost $45 and $100+ if you buy a Yubikey set if someone is interested to buy. The price is from amazon.

Captain-Cryptory

newbie

Activity: 23

Merit: 853

.

Topic: 2FA HW security keys, Yubikey&such. - page 2. (Read 1091 times)