Yubico's Yubikey 5 NFC 2-Factor Hardware Authentication HowTo

YubiKey

2FA is a way to protect your account. A hardware key such as Yubikey, adds an additional layer by authenticating only when you connect your key with your Laptop or Android device.

By all means, this is for the high-level targets out there. So when are you?

- When you have great influence

- When you have a great deal of followers

- When you want to prevent bad publishments

- When you are working with financial businesses, such as cryptocurrencies

 

Currently the device works with the following password managers:

- psono.pw (complex, but free).

Suni

- lastpass (only with a premium or family subscription)

- 1password (recently added)

- Microsoft Accounts (only in Edge Browser)

- Google Accounts (only in Chrome Browser)

- Twitter

and many more services. For a full overview check this link:

https://www.yubico.com/works-with-yubikey/

Want to know more?

 

 

The NFC Function offers support to use it on your Android Phone.

Currently there are some basic features for OSX/iOS.

 

When you want to be sure you don't loose access to your accounts, it's best practice to purchase 2 Yubikeys.

A Yubikey 5 NFC can handle no more then 32 QR Codes. After that you won't be able to add more.

 

A QR Code, that is scanned, will show you the 6-Digit code for 2FA (Two Factor Authentication).

Generally, when setup initially, this code is sent to your mobile phone number via SMS.

 

What you need is:

- A Yubikey (rahter two, for backup / fallbackup)
- Thee Yubikey Authenticator.
- Resetting your accounts for switching your 2FA Method by scanning the QR Code
- It would be wise to remove your phone number from your account, after you've verified the 2FA is working. This way you can prevent the so called SIM-Swapping.

I've put up a schedule for you to get the picture.

 

2fa.Yubico.Yubikey5NFC

 

Download the Yubikey Authenticator for your device.

Main URL:
https://www.yubico.com/products/services-software/download/yubico-authenticator/

SubURLs
Yubico Authenticator for Desktop

Linux Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6.tar.gz

Mac (OS X and macOS) Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6b-mac.pkg

Microsoft Windows (32 Bit) Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6-win32.exe

Microsoft Windows (64 Bit) Download
https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-4.3.6-win64.exe


Yubico Authenticator for Android

Android Download (on Google Play)
https://play.google.com/store/apps/details?id=com.yubico.yubioath&hl=en

Yubico Authenticator OTP Clipboard App

Android Download (on Google Play)
https://play.google.com/store/apps/details?id=com.yubico.yubiclip&hl=en_US

 

Setup your account to make use of web services.

https://www.yubico.com/products/services-software/download/yubikey-personalization-tools/

Download the tool and install with the default setttings.

 

Go to Tools > NDEF Programming

YubiKey.Tools

 

Select Configuration Slot 1
NDEF Payload:
Submit this url: https://my.yubico.com/neo/

Yubikey.NDEF.Programming

 

Next is to generate an API Key to authenticate with web services

Yubico Get API Key

Here you can generate a shared symmetric key for use with the Yubico Web Services. You need to authenticate yourself using a Yubikey One-Time Password and provide your e-mail address as a reference.

 

https://upgrade.yubico.com/getapikey/

 

Yubico.Get.API.Key

 

Fill in your email address, select the OTP field and press the button of the Yubikey.

Mark the checkbox and press the button: Get API Key

This will take up to 5 minutes

 

Well, before we get started, make sure your Computer and Phone are synced correctly with their Time Settings.


 

For Windows 10:


- https://www.windowscentral.com/how-manage-time-servers-windows-10
- Pressing matter: sync with time.google.com because all Android Services depend on that.



Voor Android:


- https://play.google.com/store/apps/details?id=ru.org.amip.ClockSync

 

If you can verify both your computer and phone are within a 5-10 seconds timeframe of eachother, you're good. If it deviates, get the settings correct, because otherwise you will lock yourself out of your accounts! Be warned!

Next, we can setup our account for the Yubikey Authenticator.

To follow the instructions to register QR Codes on your Yubikey go to:
 

https://www.telesign.com/turnon2fa/tutorials/

It is of upmost importance that you'll:

Check your account / security settings and

- Generate Recovery Codes (mostly 1 code)
- Generate Backup Codes (usually 8-10 codes)
- Save the QR Codes by means of a screenshot (clearly and only scan from there with the Yubikey Authenticator Application).
- - Store these Backup and Recovery codes apart from your QR Codes!!!!

- This can be:

- Google Drive
- Dropbox
- Mail
- USB Stick

 

But don't put it in your
- password managers all together
- A Dropbox folder on your computer (desync that folder).

 

Yubikey Authenticator for Windows Desktop

Yubikey.Authenticator.ScanQR

 

With this menu item you scan the QR Code.

Put a password on your Yubikey. You don't want anyone else to use it, but share with your partner for example. Make sure he/she can access your accounts in case of emergency.

You can clear the password by filling in nothing and click OK.

 

YubiKey.Authenticator.Password

 

If you've got allot of services, it looks kinda like this. The green progress bar is the validity of the code. When the green bar starts over, a new code is generated.

Because of privacy concerns I've removed the last 3 digits and services with the full username/emailaddress.

Yubikey.Authenticator

 

 

Your passwords for your password manager can be securely stored in an app with fingerprint, facial recognition and/or pin like:

 

- SecNote
https://play.google.com/store/apps/details?id=com.skipser.secnotes



- Andere app
http://www.skipser.com/p/2/p/best-password-protected-secure-notes-apps.html

Well, if you have installed the Yubikey Authenticator on your Android you can touch the key, to the rear on your phone (some devices may differ) and Yubikey Authenticator will show you the codes.

 

 

YubiKey 5 with Android 247x296

 

Sometimes, you need the OTP Key. This is a long code which authenticates your when you have the YubiClip installed. If so, it will be the default App for the Yubikey.

When you need the 6-Digit code, you need to start the Yubikey Authenticator for Android manually. Sometimes it won't respond as nice, and you'll need to try again.

 

A small issue can be, when you've set applications as standard. In that case you need to remove the asciocations for certain types. Best is to reset all, and re-connect the correct apps to it's defaults.

 

In case you're in need of support of the Yubico / Yubikey, you can alway's submit a support ticket on the following URL. They're friendly and helpfull.

 

 

https://support.yubico.com/support/tickets/new

 

When you can authenticate succesfully against cloud services, it would be wise to remove.

- your phone number from the verified accounts

- Warning: only if you have access to the recovery, backup, and QR Codes you've stored apart and somewhere safe!

 

When you've come this far, your optimally protected against threats to your account! Best of luck to you! 

Attach the key, to your key ring and on your way.

 

yubikey 5 on key ring 247x296

Thanks for reading. I hope to have support you well!

 

Kind regards,

Martijn Kamminga