The YubiKey is a gadget that simplifies two-factor authentication. Instead of being texted a code or having an app on your phone generates one, you click a button on your YubiKey. That’s all there is to it. Each gadget contains a unique code that is used to create codes that assist validate your identification. You may log in by pressing the button.
Go to the Yubico website and choose your YubiKey. Next, then choose services to which you want to utilize your YubiKey to log in.
We could delve into the arithmetic and break down the different protocols supported by devices like these, but most users don’t need to know much more than “type your login and password as normal, then click the YubiKey button to log in.”
However, The YubiKey is not the only hardware two-factor authentication device on the market; it is just the most popular. There are other comparable devices on the market, and the majority of the information in this page applies to them.
What is two-factor authentication?
Setting up two-factor authentication is one of the most critical actions you can do to safeguard your online services. Before you can log in to a service, you must enter in a password and give another piece of verification that you are who you say you are, which is usually abbreviated as 2FA. Six-digit passcodes delivered to your phone through text message are one of the most prevalent 2FA techniques in use today.
Passwords are a nightmare. The majority are too simple for hackers to guess, while the remainder are too long or intricate for people to memorize. Even the most secure passwords are rendered worthless once they have been exposed, and breaches are virtually unavoidable. For these and other reasons, it’s best not to rely solely on passwords. That is the whole point of two-factor authentication (often shortened to 2FA).
You’ll need 2 things to sign in with two-factor authentication: First your password, of course, but also something else to confirm you’re who you say you are. There are two techniques to accomplish 2FA that you’re undoubtedly acquainted with:
Codes for SMS or email. Before you can log in, apps email you a code that you must input. Because you don’t have to install any software or buy any hardware, this is the simplest approach to set up. Because email and SMS are both unencrypted and readily hacked, it’s also the least secure.
Apps that verify your identity. Apps that you wish to log in to will prompt you for a code, which you can get by launching a phone app like Google Authenticator or Authy. This is considerably more secure than SMS or email, but it isn’t exactly convenient—you’ll need to take out your phone, launch an app, and then enter in a code. So The YubiKey is like a third doing two-factor authentication.
Authentication through hardware Apps need you to insert a device, such as a YubiKey, and click a button. The YubiKey delivers a one-of-a-kind code to the service, which it may use to verify your identity. This is both more secure and more handy because the codes are considerably longer and you don’t have to type them out yourself.
Of course, there’s a lot more subtlety to it. But, for the most part, all you need to know is that 2FA is more secure and convenient to use.
Why is a YubiKey better than other 2FA?
The reasons why YubiKey are superior to other kinds of two-factor authentication are as follows
Convenience: Copy & paste, or manually input, a code is required for SMS, email, and authentication apps. You just push a button on a device connected to your computer using the YubiKey.
Codes that are much longer: Other 2FA techniques generally only send you a six-digit number to prove your identity, owing to the fact that people are incapable of typing much more than that. Because YubiKeys don’t need you to manually input a code, they may utilize considerably longer codes. That’s a lot safer.
It is simple to move: Have you purchased a new computer? Simply disconnect your old YubiKey and insert it into the new one and you’ll be able to log in to all of your applications as usual. You may also log in to your account on numerous machines with a single key. I’ve found it to be a lot easier than transferring other 2FA systems.
Hacking is really difficult: Hackers can corrupt your email or SMS with reasonable ease. Faking the codes generated by a unique hardware device is far more difficult—nearly impossible with present technology.
Again, there’s a lot more subtlety to this, but these are the big benefits of the YubiKey over other 2FA options.
How to set up your YubiKey
Setting up a YubiKey is similar to setting up an app-based two-factor authentication system. Here’s what you need to do if you’re truly utilizing a YubiKey (rather than another hardware authenticator):
Connect your YubiKey.
To get started, go to Yubico.com/setup and choose your device.
Look through the list of compatible applications to see what you wish to protect.
Pay attention to the directions.
The specifics of how this works will differ each app, but I’ll use Google as an example. If you follow the Google instructions, you’ll discover a link with instructions for connecting your YubiKey to your Google account, as well as a link to add your key.
You will be prompted to connect your gadget to the computer and click the button on it.
That is what you should do. Your browser may request permission to access your key, but after you provide it, you should receive confirmation that your key has been created. If you have several YubiKeys, you may choose assign each one a name.
That is all there is to it. You may now log in to your Google account using your YubiKey on any device. Rep this procedure for each account you wish to secure in this manner.
How do I stop accidentally triggering my YubiKey?
The YubiKey 5C Nano, a small USB-C dongle, is just all I have fixed on my laptop; it’s shockingly simple to unintentionally trigger it—especially while lifting up my laptop. It’s a tiny strip of metal that activates when touched, rather than a button. When you touch it, it believes you’re attempting to log in to anything, so it enters a secure code in whatever text box you have open before pressing the enter key. On Slack, the end outcome is as follows:
These codes are created by OTP, one of the protocols used for connecting to servers by your YubiKey. You could avoid all this by disabling OTP, but it might impair your ability to log in to some services. I think it’s preferable for most people not to activate OTP if the button is not maintained for 3 seconds. It’s a bit difficult, but feasible. YubiKey provides instructions for this, however they are quite difficult to understand, and thus a summary is available here.
To start, download your computer with YubiKey Manager. Set it up, open it, mouse over apps and click OTP.
You should notice two OTP slots: one for the Short Touch and one for the Long Touch. To make OTP appear in Slot 2, click the Swap button.
Can I use one YubiKey with multiple devices?
Yes! Just connect your YubiKey to any computer and login as you would usually. That’s it—you may login to the same thing as previously on your accounts. You may log in as many devices you like with your YubiKey, as long as a slot is in place for it. It’s good to own more than one gadget, and nice to acquire a new PC as well.
Yubico – YubiKey 5 NFC – Two Factor Authentication USB
The YubiKey is intended to safeguard your online accounts against phishing and account takeovers. So a YubiKey makes it exceedingly tough to get access to or steal your data.