jnelsoninjax Posted April 30, 2021 Share Posted April 30, 2021 Is there any difference in the physical keys made by Google or YubiKey, etc? Do they all function the same way? Link to comment Share on other sites More sharing options...
adrynalyne Posted April 30, 2021 Share Posted April 30, 2021 (edited) 18 minutes ago, jnelsoninjax said: Is there any difference in the physical keys made by Google or YubiKey, etc? Do they all function the same way? They might provide some overlap features, but no. Google’s key is more limited (not talking about connectivity), and the last I checked, just as expensive as Yubikey. Plus I don’t trust Google with something like that. Link to comment Share on other sites More sharing options...
jnelsoninjax Posted April 30, 2021 Author Share Posted April 30, 2021 3 hours ago, adrynalyne said: They might provide some overlap features, but no. Google’s key is more limited (not talking about connectivity), and the last I checked, just as expensive as Yubikey. Plus I don’t trust Google with something like that. How about Solokeys? They are billing themselves as open source. Paging @BudMancan I get your insight? Link to comment Share on other sites More sharing options...
adrynalyne Posted April 30, 2021 Share Posted April 30, 2021 (edited) 9 minutes ago, jnelsoninjax said: How about Solokeys? They are billing themselves as open source. I don’t know enough about them to say either way. I guess I should clarify my last comment. Yubikey has different types of keys. Their full-featured one has more features. Their FIDO/2 keys are more comparable to what Google and Solokey offers. AFAIK, Yubikey firmware also offers some open source, but I don’t know to what extent. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted April 30, 2021 MVC Share Posted April 30, 2021 What is your planned use for whatever key you might happen to get? I have a hard time justify their use for most things to be honest. What is the scenario that you will use it? To auth to some site on your phone or your phone itself even - so your really going to carry this key with you, along with your phone? And pop it out every time you need to do xyz? Are you going to use it to log into your computer - in your house? Really? Or you going to just leave it plugged into your PC all the time? Now if you were going to use it say access your bank website that you only access on rare occasions, or maybe to access your crypto exchange account. Don't get me wrong - they do have their use for sure.. But without the scenarios you plan on using it.. Keeping in mind that all security is always going to be something extra that has to be done.. The more "extra" that thing is - the less likely it will ever be used. Or will be circumvented for ease of use that defeats the whole purpose. Give you a perfect example of this in a work environment, with IT professionals.. So to login to the laptops you needed tiks card, got specific certs on it, etc. Because the laptop drive is encrypted. What your suppose to do is carry said card in your wallet. And place into the laptop when your using it, then say when you go home and putting the laptop in your bag where it might be stolen.. Or really even say you were going out for a business lunch or something and leaving your laptop at the desk. The card should go with you.. Guess what happens.. Users just left the card in their laptops 24/7 - shoot they even cut off the end of the card so it didn't stick out so they could just slide it into their bags when leaving. So they leave said laptop bag in their car, and it gets stolen, or leave it in the uber or bus.. The whole point of the 2fa auth token is defeated because it was "too much" effort to take it in and out So I ask - what is the scenario of use? Are you going to put the key in a safe place - and only use it to access your crypo/bank account which is something you don't do every day? Or you plan on using it to auth to say neowin Which you do every day, or multiple times a day.. So the thing ends up sticking out the usb port of your PC 24/7/365 My 2fa is my phone.. I have it with my 24/7/365 - other than when sleeping (right next to me) or taking a shower - again most likely on the sink in the bathroom with me.. What are you going to do with this key? Are you going to carry it with you on a chain around your neck.. And put it into a device, and take it out the device every time you need to auth? Yusuf M. 1 Share Link to comment Share on other sites More sharing options...
adrynalyne Posted April 30, 2021 Share Posted April 30, 2021 (edited) 30 minutes ago, BudMan said: What is your planned use for whatever key you might happen to get? I have a hard time justify their use for most things to be honest. What is the scenario that you will use it? To auth to some site on your phone or your phone itself even - so your really going to carry this key with you, along with your phone? And pop it out every time you need to do xyz? Are you going to use it to log into your computer - in your house? Really? Or you going to just leave it plugged into your PC all the time? Now if you were going to use it say access your bank website that you only access on rare occasions, or maybe to access your crypto exchange account. Don't get me wrong - they do have their use for sure.. But without the scenarios you plan on using it.. Keeping in mind that all security is always going to be something extra that has to be done.. The more "extra" that thing is - the less likely it will ever be used. Or will be circumvented for ease of use that defeats the whole purpose. Give you a perfect example of this in a work environment, with IT professionals.. So to login to the laptops you needed tiks card, got specific certs on it, etc. Because the laptop drive is encrypted. What your suppose to do is carry said card in your wallet. And place into the laptop when your using it, then say when you go home and putting the laptop in your bag where it might be stolen.. Or really even say you were going out for a business lunch or something and leaving your laptop at the desk. The card should go with you.. Guess what happens.. Users just left the card in their laptops 24/7 - shoot they even cut off the end of the card so it didn't stick out so they could just slide it into their bags when leaving. So they leave said laptop bag in their car, and it gets stolen, or leave it in the uber or bus.. The whole point of the 2fa auth token is defeated because it was "too much" effort to take it in and out So I ask - what is the scenario of use? Are you going to put the key in a safe place - and only use it to access your crypo/bank account which is something you don't do every day? Or you plan on using it to auth to say neowin Which you do every day, or multiple times a day.. So the thing ends up sticking out the usb port of your PC 24/7/365 My 2fa is my phone.. I have it with my 24/7/365 - other than when sleeping (right next to me) or taking a shower - again most likely on the sink in the bathroom with me.. What are you going to do with this key? Are you going to carry it with you on a chain around your neck.. And put it into a device, and take it out the device every time you need to auth? I’m not OP but I will give you my uses for it. My Yubikey stays with me at all times, on my key chain. I use it where I can, but mostly to add additional protection to LastPass, GitHub repos, and Gmail accounts. I have several keys that are setup for these sites. In addition, I carry my Authenticator info on my keys, so I can install Yubikey Authenticator safely on any machine and if the key isn’t plugged in, the cycling OTPs aren’t present. A FIDO/2 key isn’t going to be as useful to someone like me. Yusuf M. 1 Share Link to comment Share on other sites More sharing options...
jnelsoninjax Posted April 30, 2021 Author Share Posted April 30, 2021 55 minutes ago, BudMan said: What is your planned use for whatever key you might happen to get? I have a hard time justify their use for most things to be honest. What is the scenario that you will use it? To auth to some site on your phone or your phone itself even - so your really going to carry this key with you, along with your phone? And pop it out every time you need to do xyz? Are you going to use it to log into your computer - in your house? Really? Or you going to just leave it plugged into your PC all the time? Now if you were going to use it say access your bank website that you only access on rare occasions, or maybe to access your crypto exchange account. Don't get me wrong - they do have their use for sure.. But without the scenarios you plan on using it.. Keeping in mind that all security is always going to be something extra that has to be done.. The more "extra" that thing is - the less likely it will ever be used. Or will be circumvented for ease of use that defeats the whole purpose. Give you a perfect example of this in a work environment, with IT professionals.. So to login to the laptops you needed tiks card, got specific certs on it, etc. Because the laptop drive is encrypted. What your suppose to do is carry said card in your wallet. And place into the laptop when your using it, then say when you go home and putting the laptop in your bag where it might be stolen.. Or really even say you were going out for a business lunch or something and leaving your laptop at the desk. The card should go with you.. Guess what happens.. Users just left the card in their laptops 24/7 - shoot they even cut off the end of the card so it didn't stick out so they could just slide it into their bags when leaving. So they leave said laptop bag in their car, and it gets stolen, or leave it in the uber or bus.. The whole point of the 2fa auth token is defeated because it was "too much" effort to take it in and out So I ask - what is the scenario of use? Are you going to put the key in a safe place - and only use it to access your crypo/bank account which is something you don't do every day? Or you plan on using it to auth to say neowin Which you do every day, or multiple times a day.. So the thing ends up sticking out the usb port of your PC 24/7/365 My 2fa is my phone.. I have it with my 24/7/365 - other than when sleeping (right next to me) or taking a shower - again most likely on the sink in the bathroom with me.. What are you going to do with this key? Are you going to carry it with you on a chain around your neck.. And put it into a device, and take it out the device every time you need to auth? Honestly I was just asking because I read an article on Gizmodo that suggested that we should be using them as opposed to the cell phone, so I am not sure that I am going to buy any, it was mainly just a question for my own information. Link to comment Share on other sites More sharing options...
Yusuf M. Veteran Posted May 5, 2021 Veteran Share Posted May 5, 2021 On 30/04/2021 at 16:04, jnelsoninjax said: Honestly I was just asking because I read an article on Gizmodo that suggested that we should be using them as opposed to the cell phone, so I am not sure that I am going to buy any, it was mainly just a question for my own information. It's great for security and arguably the best in terms of what's generally available. The thing is, it's overkill for the vast majority of typical use cases. Online banking and cryptocurrency exchange accounts come to mind but so few banks even offer 2FA, let alone support for physical security keys. Personally, I'd only use it for cryptocurrency stuff. In most cases, using an authenticator app is good enough. With that said, I don't think there's anything wrong with using it out of curiosity. SoloKeys seems like a good one because it uses open source firmware. adrynalyne 1 Share Link to comment Share on other sites More sharing options...
adrynalyne Posted May 5, 2021 Share Posted May 5, 2021 12 hours ago, Yusuf M. said: It's great for security and arguably the best in terms of what's generally available. The thing is, it's overkill for the vast majority of typical use cases. Online banking and cryptocurrency exchange accounts come to mind but so few banks even offer 2FA, let alone support for physical security keys. Personally, I'd only use it for cryptocurrency stuff. In most cases, using an authenticator app is good enough. With that said, I don't think there's anything wrong with using it out of curiosity. SoloKeys seems like a good one because it uses open source firmware. Agreed on it being overkill for a lot of people. I do everything overkill though. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted May 5, 2021 Veteran Share Posted May 5, 2021 12 hours ago, Yusuf M. said: It's great for security and arguably the best in terms of what's generally available. The thing is, it's overkill for the vast majority of typical use cases. Online banking and cryptocurrency exchange accounts come to mind but so few banks even offer 2FA, let alone support for physical security keys. Personally, I'd only use it for cryptocurrency stuff. In most cases, using an authenticator app is good enough. With that said, I don't think there's anything wrong with using it out of curiosity. SoloKeys seems like a good one because it uses open source firmware. few banks offer 2FA? I haven't come across one that didn't in years... even local banks around me that are smaller have it Link to comment Share on other sites More sharing options...
adrynalyne Posted May 5, 2021 Share Posted May 5, 2021 2 minutes ago, neufuse said: few banks offer 2FA? I haven't come across one that didn't in years... even local banks around me that are smaller have it Yeah but do they offer FIDO/2 ? OP I think was only looking at these keys. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted May 5, 2021 Veteran Share Posted May 5, 2021 3 hours ago, adrynalyne said: Yeah but do they offer FIDO/2 ? OP I think was only looking at these keys. no, but I was replying to this line "but so few banks even offer 2FA, let alone support for physical security keys." adrynalyne 1 Share Link to comment Share on other sites More sharing options...
jnelsoninjax Posted May 5, 2021 Author Share Posted May 5, 2021 6 minutes ago, neufuse said: no, but I was replying to this line "but so few banks even offer 2FA, let alone support for physical security keys." My credit union has OTK that they send via SMS whenever you call and talk to them, and 2FA via SMS on the mobile app. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted May 5, 2021 Veteran Share Posted May 5, 2021 45 minutes ago, jnelsoninjax said: My credit union has OTK that they send via SMS whenever you call and talk to them, and 2FA via SMS on the mobile app. My bank is so secure they wont let you change anything about your account unless you do it at the original branch.... problem for me is the original branch closed 😆 every time I call in for something they want a password and the location I took out my first account at.... which is a bit ridicilous... and to close an account you have to visit the original branch.. maybe that is something to stop you from closing it? lol.... Link to comment Share on other sites More sharing options...
spaceelf Posted May 5, 2021 Share Posted May 5, 2021 On 30/04/2021 at 08:52, jnelsoninjax said: Is there any difference in the physical keys made by Google or YubiKey, etc? Do they all function the same way? I have both. Googles can't be used by default with Windows 10, but it obviously works for websites. They function similarly but you can set a pin on the Yubikey (and promptly forget whatever the hell it was heh.) Checking if the Yubikey can work for logins now. I really don't know, but they have some software for it. Link to comment Share on other sites More sharing options...
ThaCrip Posted May 5, 2021 Share Posted May 5, 2021 (edited) Just a small comment ill add about YubiKey's... those who want to use these basically need two of them at minimum. one for general use and one for a backup stored in a secure location. that helps ensure you won't get locked out of your Google account for example since you register both keys to the account. so even if you lose one, you can always use the backup to sign-in to the Google account, remove the lost key, then you can simply buy another key and register that to the account and you will now have two keys registered once again. p.s. I just have two of the standard/basic YubiKey's. but currently they are a bit pricier than what I paid for mine not all that long ago as for a couple of the basic ones it's $49 now where as I got two at a discount for $30. because for the price I paid it was nice peace of mind, but at $49 I could easily see how some might have second thoughts about using them as at that price it's a little steep. NOTE: YubiKey's work on Linux Mint but not by default. but it's easy enough to get them working as you just copy and paste the text from... https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules to a file (just load up Text Editor(Xed)) named '70-u2f.rules' and save it to "/etc/udev/rules.d/" then reboot. works on Chrome/Firefox (may work on other browsers but I never tested). but I noticed if a person is running their browser in Firejail (sandbox), to sign into ones Google account for example, you got to run the browser normally, sign-in into ones Google account with the YubiKey, then exit the browser, reload it in the Firejail sandbox and you will be fine here since it's using the cookie from previous session. Edited May 5, 2021 by ThaCrip Link to comment Share on other sites More sharing options...
Mindovermaster Moderator Posted May 5, 2021 Moderator Share Posted May 5, 2021 49 minutes ago, neufuse said: My bank is so secure they wont let you change anything about your account unless you do it at the original branch.... problem for me is the original branch closed 😆 every time I call in for something they want a password and the location I took out my first account at.... which is a bit ridicilous... and to close an account you have to visit the original branch.. maybe that is something to stop you from closing it? lol.... I'd move to a new bank, if I were you... Link to comment Share on other sites More sharing options...
Tantawi Posted May 6, 2021 Share Posted May 6, 2021 2 hours ago, neufuse said: My bank is so secure they wont let you change anything about your account unless you do it at the original branch.... problem for me is the original branch closed 😆 every time I call in for something they want a password and the location I took out my first account at.... which is a bit ridicilous... and to close an account you have to visit the original branch.. maybe that is something to stop you from closing it? lol.... Is your bank located in Egypt? that experience is awfully familiar to one I had... Link to comment Share on other sites More sharing options...
Mindovermaster Moderator Posted May 6, 2021 Moderator Share Posted May 6, 2021 7 minutes ago, Tantawi said: Is your bank located in Egypt? that experience is awfully familiar to one I had... Mine wasn't THAT picky... Link to comment Share on other sites More sharing options...
neufuse Veteran Posted May 6, 2021 Veteran Share Posted May 6, 2021 4 hours ago, Mindovermaster said: I'd move to a new bank, if I were you... not exactly easy when you have a mortgage there, that's an expensive move Link to comment Share on other sites More sharing options...
adrynalyne Posted May 6, 2021 Share Posted May 6, 2021 5 hours ago, Mindovermaster said: I'd move to a new bank, if I were you... Why because it’s secure? Link to comment Share on other sites More sharing options...
Mindovermaster Moderator Posted May 6, 2021 Moderator Share Posted May 6, 2021 Just now, adrynalyne said: Why because it’s secure? Not saying it's secure, just saying you can't do anything unless you come to the main branch. 21 minutes ago, neufuse said: not exactly easy when you have a mortgage there, that's an expensive move Oh, that says a lot... Link to comment Share on other sites More sharing options...
adrynalyne Posted May 6, 2021 Share Posted May 6, 2021 2 minutes ago, Mindovermaster said: Not saying it's secure, just saying you can't do anything unless you come to the main branch. Oh, that says a lot... Minor inconvenience. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted May 6, 2021 Veteran Share Posted May 6, 2021 9 hours ago, adrynalyne said: Minor inconvenience. what's a minor inconvenience? moving a mortgage that will cost a few thousand dollars in fees to do? 😂 adrynalyne 1 Share Link to comment Share on other sites More sharing options...
adrynalyne Posted May 6, 2021 Share Posted May 6, 2021 1 hour ago, neufuse said: what's a minor inconvenience? moving a mortgage that will cost a few thousand dollars in fees to do? 😂 No, not that lol. Going to a branch to change certain info. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now