Security these days need to be top notch in order to survive hacks and “break-ins” with data. Two-factor authentication needs to be implemented in all sites since [bad] tech-savvy people are finding more and more easy ways to hack into your account through security flaws and/or holes in systems i.e recent Twitter hacks. This is where Yubico’s Yubikey comes into play.
Yubico’s Yubikey is just like the ‘second’ step of the Two-factor authentication. It is a unique, physical token which cannot be duplicated or recorded, providing a credential based on something the user has in their possession. And when this is used with a standard username and password, the YubiKey provides a strong authentication process for any site, service or application.
In this case, I use the YubiKey with my LastPass password manager. LastPass password manager is a very easy-to-use, but has sophisticated technology that helps protect your important information, such as usernames and passwords, secret notes, and even pre-filled forms. It also fully encrypts all my passwords, generate randam but strong passwords, and syncs to the cloud so you can access it anywhere with an internet connection. So every time I have to log in to LastPass, it will always ask me for my YubiKey as a second authentication method. This process was very easy to setup, and can be found in the settings menu in your LastPass Vault. Once the settings menu opens you just need to go to the ‘Multifactor options’ tab and enable YubiKey authentication.
Then point your mouse cursor over to the YubiKey #1 field, plug in your YubiKey, then lightly touch the gold-plated circle with the green light. You will then see a long key being generated in the YubiKey #1 field row. This will of course be obfuscated by black dots.
So what if you ‘lost’ or ‘forgot’ your YubiKey? Will it be the end of the world? No, it won’t. All you have to do is when it asks you for your YubiKey code after you’ve signed in, just press ‘Remove YubiKey authentication for now’, and it will email you a link which you will have to confirm in order to be able to log in without your YubiKey for that time only.
Many of you will have to remember passwords for all your sites, social media accounts and so on. Now you would’ve all heard this before. “Choose long passwords, with a mixture of letters and numbers, and preferably symbols (if they accept them)”. So most of you would have to have either little sticky-notes to record all your different passwords, or have a secret, code-locked notebook, or even just a another password-protected document to save those passwords! Well that is where LastPass comes in. A review of LastPass will be up shortly; stay tuned!
To have a look at the YubiKey device, it is a very small and thin USB flash drive. In fact it is a lot more smaller and lighter than your average 4,8,16 etc. GB flash drive. This can be easily attached to your keychain without it being a burden to your pocket.
It doesn’t look very strong, but it is actually made from very strong plastic. Trust me, this thing is tough! The insides and contact strips are sealed to be water-resistant, and is ’embedded’ into the plastic (including the activation circle) and will definitely not break from a drop. It has been dipped in a glass full of water for 30-60 minutes and it didn’t show any signs of wearing.
Another good thing about this is that there is no drivers to install! Isn’t that great? It’s just plug-and-play and voila! It is classified as a keyboard peripheral and because keyboards are “universal-based” and nearly every single computer, including Macs, will recognise them, therefore, no drivers are required for the installation.
If you are just using the YubiKey with LastPass, the YubiKey should already be set to go as soon as you receive your YubiKey. If you want to i.e set up a static password (one that never changes when you press the touch-sensitive activation circle, you will have to install the YubiKey Personalization software. This allows you to configure your YubiKey to the way you want it to be.
The default setup is OTP (One-Time Password). It is exactly what it sounds like. The keys generated from your YubiKey is only ever used once; one time; ever. So when you press the button on the YubiKey, the first 12 characters of the key will always be the same (this is used to identify the key), then the rest of it is a long and random key, never repeated. As soon as this key is activated, it will verify with whatever service you are using it with, such as LastPass, and LastPass now checks this against its own database to see if it is eligible to authorize your account, then if all goes well, you should be logged in! But, after saying that, it is not as simple as what I just said.. way more complicated! But you won’t need to know all the inside mechanics of it.
Also if someone was to use a keylogger on your computer, and you are using your YubiKey, it will destroy their attempts to gain access to your account. This is because it generates a completely different key each time, so it will be just a bunch of garbage to the attempted hacker!
After using my YubiKey for about 3 months now, it has proved very useful indeed. I can not imagine travelling, or going anywhere without it! It goes inside my wallet, yes it is that small and unobtrusive to be able to fit in there, and I carry my wallet all the time! And once set up, your grandfather or grandmother will also be able to easily use the YubiKey! So make sure you protect your data with a YubiKey and LastPass password manager for the optimum security for your private information!
If you would like to get one, you can find out more information here: http://www.yubico.com/products/yubikey-hardware/yubikey/