be wary of anything and everything is the best advice anyone can give you .......
a paper wallet with bip 38 or equivalent maybe your best bet if
your yubikey maybe compromised for any reason
Topic: Are Yubikeys really safe? (Read 789 times)
So I read http://arstechnica.com/security/2016/12/this-low-cost-device-may-be-the-worlds-best-hope-against-account-takeovers/
Then remembered I had a yubikey from MtGox but it was locked down so you couldn't reprogram it.
Then found this http://crypto.stackexchange.com/questions/14809/any-use-for-now-defunct-mt-gox-yubikey
But after unlocking it using the Yubikey personalization tool on the Yubikey website I got this.
It has OTP (one-time-pass) but not universal 2 factor authentication. I thought they were the same thing. I registered the key with Yubikey and then tried to pair it with Dropbox but it was not detectable to the website. (yes i was using Chrome)
Now I can still use it for 2 Static passwords (like something really random to pad my existing passwords or unlock my wallet) but I really want to utilize the One-time-pass feature on websites.
I could just buy a new $18 dollar one from Yubikey... but I'm cheap, I also have questions about possible government take over or hacking of the Yubikey servers.
I hear their code is no longer open source.
Dose anyone else use these things or know of any alternatives?
Are they safe? The Private keys are stored on the Yubikey servers so they could be backdoored by the US government no?
I see that they sell a variety of products all based on the same hardware, but with different firmware. In fact, they advertise that firmware is upgradeable. This has me a little concerned. I'd feel a lot better about a security product, if the firmware couldn't be tampered with by malware.
Then remembered I had a yubikey from MtGox but it was locked down so you couldn't reprogram it.
Then found this http://crypto.stackexchange.com/questions/14809/any-use-for-now-defunct-mt-gox-yubikey
But after unlocking it using the Yubikey personalization tool on the Yubikey website I got this.
It has OTP (one-time-pass) but not universal 2 factor authentication. I thought they were the same thing. I registered the key with Yubikey and then tried to pair it with Dropbox but it was not detectable to the website. (yes i was using Chrome)
Now I can still use it for 2 Static passwords (like something really random to pad my existing passwords or unlock my wallet) but I really want to utilize the One-time-pass feature on websites.
I could just buy a new $18 dollar one from Yubikey... but I'm cheap, I also have questions about possible government take over or hacking of the Yubikey servers.
I hear their code is no longer open source.
Dose anyone else use these things or know of any alternatives?
Are they safe? The Private keys are stored on the Yubikey servers so they could be backdoored by the US government no?
I see that they sell a variety of products all based on the same hardware, but with different firmware. In fact, they advertise that firmware is upgradeable. This has me a little concerned. I'd feel a lot better about a security product, if the firmware couldn't be tampered with by malware.
Jump to: