Author

Topic: MtGox security: Yubikey vs Google Authenticator (Read 2048 times)

copper member
Activity: 1428
Merit: 253
I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?

That would be cool, because it would be like a sort of "backup" of the 2FA
Entirely up to you. You can setup the google auth for all three option (security, login, withdrawal) and yes, you'll need only one.
legendary
Activity: 1148
Merit: 1018
I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?

That would be cool, because it would be like a sort of "backup" of the 2FA
legendary
Activity: 1148
Merit: 1018
I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?
Jump to: