Slickdeals is community-supported.  We may get paid by brands or deals, including promoted items.
Heads up, this deal has expired. Want to create a deal alert for this item?
expired Posted by Megaweapon about 2 years ago
expired Posted by Megaweapon about 2 years ago

Cloudflare Users (Free to Join): YubiKey 5C NFC $11.60, YubiKey 5 NFC

+ Free Shipping

$10

$45

77% off
1,002 Comments 298,952 Views
Visit Retailer
Deal Details
Update: The offer terms have changed. The new terms are listed below under more info.

Cloudflare.com is offering Cloudflare Customers (free to join) the YubiKey 5C NFC for $11.60 or the YubiKey 5 NFC for $10 when you claim the offer via your account. Shipping is free.

Thanks to Community Member Megaweapon for finding this deal.

Instructions:
  1. Sign up (free to join) or login to your Cloudflare account.
  2. Navigate to the Cloudflare dashboard to claim the Yubikey Security Keys offer.
  3. The coupon code will be emailed to you from Yubico in 1-3 days.
More Info:
  • Eligible customers must have an active zone or actively use Cloudflare Zero Trust.
  • Exclusive 'good for the Internet' pricing on security keys
    Cloudflare has partnered with Yubico to offer hardware authentication security keys at a promotional price to eligible Cloudflare customers. Select "Claim my offer" and Yubico will email the offer to the email address associated with your account if you are eligible. Eligible customers must have an active zone or actively use Cloudflare Zero Trust. You may not claim this offer multiple times from the same email and this offer may be restricted to one email per account. Cloudflare may modify, limit, or discontinue this promotion at any time. Offer is subject to Yubico's terms.
  • Both Cloudflare and Yubico developer docs and support organizations will guide customers in setting up keys and integrating them with their Identity Providers and with Cloudflare's Zero Trust service.

Editor's Notes

Written by SlickDealio | Staff
  • About the deal:
    • The YubiKey 5 NFC is $35 less (77.77% savings) compared to the regular price of $45.
    • Refer to the forum thread for additional deal discussion.
    • Valid for a limited time or while supplies last.

Original Post

Written by Megaweapon
Community Notes
About the Poster
Deal Details
Community Notes
About the Poster
Update: The offer terms have changed. The new terms are listed below under more info.

Cloudflare.com is offering Cloudflare Customers (free to join) the YubiKey 5C NFC for $11.60 or the YubiKey 5 NFC for $10 when you claim the offer via your account. Shipping is free.

Thanks to Community Member Megaweapon for finding this deal.

Instructions:
  1. Sign up (free to join) or login to your Cloudflare account.
  2. Navigate to the Cloudflare dashboard to claim the Yubikey Security Keys offer.
  3. The coupon code will be emailed to you from Yubico in 1-3 days.
More Info:
  • Eligible customers must have an active zone or actively use Cloudflare Zero Trust.
  • Exclusive 'good for the Internet' pricing on security keys
    Cloudflare has partnered with Yubico to offer hardware authentication security keys at a promotional price to eligible Cloudflare customers. Select "Claim my offer" and Yubico will email the offer to the email address associated with your account if you are eligible. Eligible customers must have an active zone or actively use Cloudflare Zero Trust. You may not claim this offer multiple times from the same email and this offer may be restricted to one email per account. Cloudflare may modify, limit, or discontinue this promotion at any time. Offer is subject to Yubico's terms.
  • Both Cloudflare and Yubico developer docs and support organizations will guide customers in setting up keys and integrating them with their Identity Providers and with Cloudflare's Zero Trust service.

Editor's Notes

Written by SlickDealio | Staff
  • About the deal:
    • The YubiKey 5 NFC is $35 less (77.77% savings) compared to the regular price of $45.
    • Refer to the forum thread for additional deal discussion.
    • Valid for a limited time or while supplies last.

Original Post

Written by Megaweapon
Leave a Comment
To participate in the comments, please log in.

Top Comments

These are a "second identifying device" to prove you are you - "2fa" abbreviated.

When you visit websites that need you to log in, almost always, you use a password and username. That password is 1 identifier.

...

Life used to be simple and you can pick a simple password like "a" and login. Easy to remember.

Then, hackers got smart and tried "a" on all the sites and accounts, got into a few, so sites decided to force you to use complex passwords like IcantRemembr853!#.

So then password managers became popular - standalone or built into browsers. They can create and remember complex passwords so you don't have to write them down.

Naturally, you still must remember the 1 master password to get into the password manager.

..

Naturally, someone can look over your shoulder or install spyware into your computer to steal your complex passwords, and still hack into your accounts.

So some things offered alternative methods that are harder to steal/duplicate. One such is fingerprint login into Windows on PCs with fingerprint readers. Another is face recognition on iPhones.

Naturally, hackers got smart and copied your fingerprint, or simply cut off your finger to log into your accounts. Or simply forced your face in front of the phone or PC to gain access.

...

So then companies started using a second identifying device/method.

The common one is a text (sms) message with a numerical code to your mobile phone.

Once enabled on websites, you then need to enter your username, complex password, and unique text code.

The idea here is even if someone knows your password, they don't know the unique text code.

Naturally, hackers got smart and figured out how to clone/copy/steal your mobile phone number. The SIM card and related mobile technologies aren't as secure as they ought to be, much like most of the internet.

So every text to your phone is automatically copied on another hacker owned phone.

There are other sophisticated devices that can pull the data live from the mobile networks, too, so sim cloning isn't even necessary.

....

So then, 2fa devices like yubikey, titan, and others were created.

Rather than texting you a unique code, you own a device that creates a unique code each time you use it to log in. So still username + complex password + unique code.

Naturally, hackers try.
The poorer, non-state sponsored ones don't seem to have found a good way around them short of stealing it and your password.

It's very likely state sponsored hackers working for the nsa and the like have no issues because they have the tools, equipment, and capability to pull what they need directly from the sites you're logging into.
Ie. Why hack your account when they can hack into the entire company you're accessing?

The fact that they're already planning for obsoleting current encryption standards for emerging quantum means they've got the ability and quantum computers to hack into encrypted accounts today, albeit slowly.

2fa devices do have problems.
To prevent theft of the second unique code, the manufacturing companies can't keep any records of what's embeded - supposedly.
This means if you lose your 2fa device, and have not setup recovery methods for your accounts, you lose all access forever.

This forces uses to keep multiple devices, some off-site, which means hackers can have access to those 2fa devices not in your possession at all times.

Naturally, companies add more layers of complexity by adding fingerprint readers, pin codes, etc to the 2fa devices.

So now you have a password/pin/fingerprint to access the 2fa device, the unique code from that, your username, your master password to the password manager, and your complex password to log into a site protected by 2fa.

...

Cell phones have apps from Microsoft, Google, etc that duplicate the functionality of 2fa devices. Some say it's not as secure because hackers can hack into it and steal it. (But that's just stealing virtually vs stealing in reality taking a 2fa device, so no real difference to hackers that really want your 2fa devices.)

It's the same however as 2fa devices when lost/stolen/broken. No backup? No recovery method? Equals you lose access to all your accounts.

You can read the thousands of mobile 2fa uses screwed because of this fact. The exact same applies to 2fa devices like this one on sale.

...

Keep in mind that MOST Americans have had their personal info stolen, the biggest of which was the recent Equifax breach exposing name, social security and other info.

The hackers have access to this info, so why worry about 2fa protected accounts? There's often some HUMAN server administrator willing to take the hacker on their word that they've properly identified themselves as you with the stolen personal info and unlock your accounts to give hackers access.

And besides that, there's other ways around all that like infecting your pc/phone with a screen copy & remote control software. Why worry about getting your 2fa + passwords when hackers can wait for you to login, then they have full access and control.

Even the smart North Koreans are doing it the easier way to steal bitcoins etc after you login.

......

Many American banks still use text messages because of cost (free), simplicity, and widespread use and carry of a mobile phone.

2fa devices become useless/unused when they're inconvenient.

Naturally, banks, credit card, etc have also started utilizing more advanced AI having detection methods and cell phone tracking to help verify you're you.

Eg cell phone tracking alone.
They have live info on your exact phone location even with cell tower enhanced gps off, so when you're using your credit card, logging in to websites, etc, the banks/credit card companies know and have mapped out your typical, daily routine and locations.

So if a hacker tries to login with a text 2fa suddenly from across the globe, it triggers alerts.

Naturally, mostly computer/ai driven detection given the millions of logins a day, so they don't catch everything. But hey, up until a few years ago, atms were often running windows xp and such, so what do you expect?

Financial companies factor in the thefts, and as long as it's managable, they're not going to push for tons more security. They'll just reimburse you, and still make tons of profits.

.....

Beyond that, the rest of the internet is "leaky" meaning everything from the dns to ip to ssl site encryption were never designed for high security and such. So there's tons of other ways to get to and steal your data on transit.

Black Hat Security Conferences and the Presentations (tons listed on the site to read up on) reveal tons and tons and tons of hacks. Just the tip of what's really out there on the black market to get into anything electronic you own.

You can go hard on security, but keep in mind the likelihood you'll be targeted. Ie. If you're an average Joe without a ton of assets and money, you're not as rewarding to hackers as the multimillionaires or true idiots (like the ones that fall for the easy phone scams pretending to be a daughter in trouble needing money sent asap.).
...


There are possibly better things you can do to reduce hacks and vulnerabilities.

Eg 2 computers.
1 only for banking financials.
1 only for daily, casual use.
E.g. Multiple email accounts with different passwords for banking, financials vs friends vs junk mail/public.
Obviously, only use the financial emails in the financial pc, the other emails in the daily pc.

The point being, the PC that has the financials is kept off unless in use, not used for anything else to keep the exposure to hacks low.

Isolated from the daily PC where if it gets hacks, there only the latest Toks and such to steal.
One thing to note about Yubikey 5 and 5C is that these do not support biometrics! So, if a key is lost, you lose access plus all your private keys are exposed. So, you need to login to your account (using an alternative authentication mechanism) and disable/delete/disassociate the lost YubiKey from your account.

So, a spare key is needed, and is meant to hold an additional key for each of the accounts, so that you can continue to login to your accounts. This spare key doesn't contain a backup/copy of the exact same keys as that of the primary. Also, not all websites may support a spare. Some sites support multiple spare keys (LastPass Premium supports up to 5). So, each additional key can be used to access your account.
I haven't seen any warnings about this, so just a heads up: These put way too much strain on the USB port.

We use these at work and several users have complained that it made the port loose to the point where the Yubikey won't stay in or have broken the port entirely.

I strongly recommend connecting this to a cheap USB hub or USB extension cable instead of using the port on your computer directly. This is especially a must If you have a thinner laptop or one with an aluminum chassis,

1,002 Comments

Sign up for a Slickdeals account to remove this ad.

about 2 years ago
1,613 Posts
Joined Sep 2013
about 2 years ago
neoweb
about 2 years ago
1,613 Posts
Wonderful deal!
2
about 2 years ago
233 Posts
Joined Dec 2009
about 2 years ago
chris.h
about 2 years ago
233 Posts

Our community has rated this post as helpful. If you agree, why not thank chris.h

you _sure_ it's for the 5's? Your quote and the article both say it's for the stripped down "security" keys:

Yubico is providing Security Keys at "Good for the Internet" pricing - as low as $10 per key. Yubico will ship the keys to customers directly. The specific security keys and prices for this offer are: Yubico Security Key NFC at $10 USD and the Yubico Security Key C NFC at $11.60 USD.
2
2
Original Poster
about 2 years ago
269 Posts
Joined Sep 2007
about 2 years ago
Megaweapon
Original Poster
about 2 years ago
269 Posts

Our community has rated this post as helpful. If you agree, why not thank Megaweapon

Quote from chris.h :
you _sure_ it's for the 5's? Your quote and the article both say it's for the stripped down "security" keys:
Screenshot from reddit:

Attachment 12115462
2
about 2 years ago
1,780 Posts
Joined Jan 2015
about 2 years ago
khronos
about 2 years ago
1,780 Posts
Quote from chris.h :
you _sure_ it's for the 5's?
from the reddit link:
about 2 years ago
233 Posts
Joined Dec 2009
about 2 years ago
chris.h
about 2 years ago
233 Posts
damn. that feels like an error that's gonna get corrected soon 😂
1
about 2 years ago
1,780 Posts
Joined Jan 2015
about 2 years ago
khronos
about 2 years ago