2FA is a way to protect your account. A hardware key such as Yubikey, adds an additional layer by authenticating only when you connect your key with your Laptop or Android device.
By all means, this is for the high-level targets out there. So when are you?
- When you have great influence
- When you have a great deal of followers
- When you want to prevent bad publishments
- When you are working with financial businesses, such as cryptocurrencies
Currently the device works with the following password managers:
- psono.pw (complex, but free).
- lastpass (only with a premium or family subscription)
- 1password (recently added)
- Microsoft Accounts (only in Edge Browser)
- Google Accounts (only in Chrome Browser)
and many more services. For a full overview check this link:
https://www.yubico.com/works-with-yubikey/
Want to know more?
The NFC Function offers support to use it on your Android Phone.
Currently there are some basic features for OSX/iOS.
When you want to be sure you don't loose access to your accounts, it's best practice to purchase 2 Yubikeys.
A Yubikey 5 NFC can handle no more then 32 QR Codes. After that you won't be able to add more.
A QR Code, that is scanned, will show you the 6-Digit code for 2FA (Two Factor Authentication).
Generally, when setup initially, this code is sent to your mobile phone number via SMS.
What you need is:
- A Yubikey (rahter two, for backup / fallbackup)
- Thee Yubikey Authenticator.
- Resetting your accounts for switching your 2FA Method by scanning the QR Code
- It would be wise to remove your phone number from your account, after you've verified the 2FA is working. This way you can prevent the so called SIM-Swapping.
I've put up a schedule for you to get the picture.
Download the Yubikey Authenticator for your device.
Main URL:
https://www.yubico.com/products/services-software/download/yubico-authenticator/
SubURLs
Yubico Authenticator for Desktop
Linux Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6.tar.gz
Mac (OS X and macOS) Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6b-mac.pkg
Microsoft Windows (32 Bit) Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6-win32.exe
Microsoft Windows (64 Bit) Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6-win64.exe
Yubico Authenticator for Android
Android Download (on Google Play)
https://play.google.com/store/apps/details?id=com.yubico.yubioath&hl=en
Yubico Authenticator OTP Clipboard App
Android Download (on Google Play)
https://play.google.com/store/apps/details?id=com.yubico.yubiclip&hl=en_US
Setup your account to make use of web services.
https://www.yubico.com/products/services-software/download/yubikey-personalization-tools/
Download the tool and install with the default setttings.
Go to Tools > NDEF Programming
Select Configuration Slot 1
NDEF Payload:
Submit this url: https://my.yubico.com/neo/
Next is to generate an API Key to authenticate with web services
Yubico Get API Key
Here you can generate a shared symmetric key for use with the Yubico Web Services. You need to authenticate yourself using a Yubikey One-Time Password and provide your e-mail address as a reference.
https://upgrade.yubico.com/getapikey/
Fill in your email address, select the OTP field and press the button of the Yubikey.
Mark the checkbox and press the button: Get API Key
This will take up to 5 minutes
Well, before we get started, make sure your Computer and Phone are synced correctly with their Time Settings.
For Windows 10:
- https://www.windowscentral.com/how-manage-time-servers-windows-10
- Pressing matter: sync with time.google.com because all Android Services depend on that.
Voor Android:
- https://play.google.com/store/apps/details?id=ru.org.amip.ClockSync
If you can verify both your computer and phone are within a 5-10 seconds timeframe of eachother, you're good. If it deviates, get the settings correct, because otherwise you will lock yourself out of your accounts! Be warned!
Next, we can setup our account for the Yubikey Authenticator.
To follow the instructions to register QR Codes on your Yubikey go to:
https://www.telesign.com/turnon2fa/tutorials/
It is of upmost importance that you'll:
Check your account / security settings and
- Generate Recovery Codes (mostly 1 code)
- Generate Backup Codes (usually 8-10 codes)
- Save the QR Codes by means of a screenshot (clearly and only scan from there with the Yubikey Authenticator Application).
- - Store these Backup and Recovery codes apart from your QR Codes!!!!
- This can be:
- Google Drive
- Dropbox
- Mail
- USB Stick
But don't put it in your
- password managers all together
- A Dropbox folder on your computer (desync that folder).
Yubikey Authenticator for Windows Desktop
With this menu item you scan the QR Code.
Put a password on your Yubikey. You don't want anyone else to use it, but share with your partner for example. Make sure he/she can access your accounts in case of emergency.
You can clear the password by filling in nothing and click OK.
If you've got allot of services, it looks kinda like this. The green progress bar is the validity of the code. When the green bar starts over, a new code is generated.
Because of privacy concerns I've removed the last 3 digits and services with the full username/emailaddress.
Your passwords for your password manager can be securely stored in an app with fingerprint, facial recognition and/or pin like:
- SecNote
https://play.google.com/store/apps/details?id=com.skipser.secnotes
- Andere app
http://www.skipser.com/p/2/p/best-password-protected-secure-notes-apps.html
Well, if you have installed the Yubikey Authenticator on your Android you can touch the key, to the rear on your phone (some devices may differ) and Yubikey Authenticator will show you the codes.
Sometimes, you need the OTP Key. This is a long code which authenticates your when you have the YubiClip installed. If so, it will be the default App for the Yubikey.
When you need the 6-Digit code, you need to start the Yubikey Authenticator for Android manually. Sometimes it won't respond as nice, and you'll need to try again.
A small issue can be, when you've set applications as standard. In that case you need to remove the asciocations for certain types. Best is to reset all, and re-connect the correct apps to it's defaults.
In case you're in need of support of the Yubico / Yubikey, you can alway's submit a support ticket on the following URL. They're friendly and helpfull.
https://support.yubico.com/support/tickets/new
When you can authenticate succesfully against cloud services, it would be wise to remove.
- your phone number from the verified accounts
- Warning: only if you have access to the recovery, backup, and QR Codes you've stored apart and somewhere safe!
When you've come this far, your optimally protected against threats to your account! Best of luck to you!
Attach the key, to your key ring and on your way.
Thanks for reading. I hope to have support you well!
Kind regards,
Martijn Kamminga