expired Posted by august_leo • Nov 22, 2020
Nov 22, 2020 1:54 PM
Item 1 of 1
expired Posted by august_leo • Nov 22, 2020
Nov 22, 2020 1:54 PM
Yubico: Buy Two YubiKey 5 Series Keys, Get $20 Off or Security Key NFC
$14
$27
48% offGood Deal
Bad Deal
Save
Share
Top Comments
Which of the following passwords is easiest to memorize?
1. "SlickDeals2020"
2. "4 God So Loved The World"
3. "3!dFi&m_udhUfhhaAEJ75jf@HbzOpm37lauma_25381047361"
You've probably answered #1 or #2. Security professionals (hackers by another name) have tools that generate passwords. Without getting into the details, it would be beyond trivial to crack password #1. Password #2 would take longer, but since it is a passage in a popular book, the time it would take to crack it is reduced. Either one should take less than 1 day to compromise. (The first should take less than 10 minutes)
Password #3 is sufficiently random and has a very long length. It would take even the best known supercomputers *years* to crack that password. That makes it the best password of the 3, but obviously the most difficult to memorize.
That's what a passsword manager like LastPass, 1Password, Keychain with a YubiKey is for. You can generate wildly complex pass phrases that make accessing your data out of reach for most would-be hackers and secure all of that data with a physical hardware device that stays in your possession.
Yes, I hear you: "I haven't done anything wrong; the govt isn't cracking my passwords;I don't care if they get into my acct" and so on. Cool, I get it. Do you. Just know that using your spouse's name and 4 digits makes you the low-hanging fruit for somebody learning how to hack, let alone someone who is competent at their job.
Note that you should always buy a minimum of 2, because if you ever lose a key you don't want to be locked out of your accounts. (should always have 2 associated).
220 Comments
Sign up for a Slickdeals account to remove this ad.
I currently require a code from LP authenticator app along with the master password.
Currently, I just use keypass on my PC and mobile.
Modern android phones are FIDO certified and in some places they can be used in place of yubikey.
https://www.theverge.co
On other side Yubikey are great for both Windows and Linux. You can use them for passwordless authentication via Windows Hello/PAM, use them as ssh keys, use them for GPG encryption and much more.
Under Maintenance
We'll be back shortly
yubico
Sign up for a Slickdeals account to remove this ad.
This hardware key is much harder to hack.
So all this key does is replace the authenticator app? Is it like the RSA tokens where you used to enter the keys manually in your vpn app? Now that everyone is moving away from the physical RSA tokens to app based, why should we go back to physical keys?
Edit: found this, "Any YubiKey that supports OTP can be used. This includes all YubiKey 4 and 5 series devices, as well as YubiKey NEO and YubiKey NFC."
Note that you should always buy a minimum of 2, because if you ever lose a key you don't want to be locked out of your accounts. (should always have 2 associated).
If you are serious about this, disable SMS and OTP for any system that's supports it. Use backup printed (literally) keys that you store in a fireproof safe at home, if needed.
Google's Advanced Protection Program is great too.
I have two YubiKeys for work accounts and a separate Titan key with one of the YubiKeys for personal, as not all sites support Titan keys, like LastPass.
I've had success with both keys on android, iOS, Mac, and Linux/Windows PC's. There are still restrictions to some combinations and versions of OS' so you need to be careful to investigate your anticipated usage scenarios.
Edit: USB-A to USB-C adaptors are included with Titan non bluetooth keys, and nfc works fine on anything I've tried that supports it. The Titan BT key isn't 100% compatible though.
Sign up for a Slickdeals account to remove this ad.