Bitcoin Forum

0) Why Look into This
1) Info From Manufacture
2) The Products
3) Lastpass
4) Some Sites integrated with Yubikey Support(Including Blockchain.info!)
5) Conclusion
6) How to purchase



1) Why look into this?

Almost everyday we can see posts of someone losing their account in Meta on the forum.  This caused me to ask myself what is the reason?  And what can we do to stop it along with pushing security more.  The anwser varies from lack of good security procedures such as using same password on more than one site, to losing it to attacks including malware and phishing.

It is enough of a problem to look into possible options.  I have been using hardware wallets, and really liked the physical element added to your security.  I knew I wanted a physical key as part of my security on other security solutions, which is what brought me to Yubikey.

1) Info From Manufacture

A YubiKey is a small device that you register with a service or site that supports two-factor authentication. Two-factor authentication means that each time you log in, the service will request proof that you have your YubiKey in addition to your regular username and password. Phishing, malware, and other attack methods don’t work because they would need both your physical key and your passwords to breach your accounts.

To put it simply Yubikey is a physical key you can use to secure many of your digital assets.  This includes everything from 2 factor Gmail accounts, Blockchain.info wallets to entire storage of passwords working with programs such as LastPass.


2) The Products:


Above you will see three different Yubikey's.  I wanted to try multiple versions as the one best for you can depend on your needs.  I ended up testing the Yubikey 4, Yubikey 4 Nano, and the Yubikey Neo.   There are differences depending on if you want a full size to small, or even nfc.  To see all the differences look here: https://www.yubico.com/products/yubikey-hardware/

3) Lastpass
This program is great for your password storage.  I did use a premium version for 12 dollars a year, there is a trial and also a free version.   It has a lot of really good features, the biggest was being able to combine a regular password with my Yubikey.  So a great 2 factor storage system for password management.  

I cannot cover all the features which you can find here: https://lastpass.com/features/ .  But I can cover my favorite features.

Store Passwords in a Secure Vault- All of your passwords and notes are stored safely in a vault. Easy-to-use, searchable, and organized the way you like.
One Account or Many- Have multiple Gmail accounts? 12 WordPress logins? Save unlimited logins for websites, and easily switch between them.
Generate Random Passwords- The built-in password generator will create long, randomized passwords that protect you from being hacked.
2 factor Authentication - Tie a "master password" with your Yubikey

Again to put this simply it means I can store my passwords safely, using a 2nd factor authentication.  Even if I was to be compromised without my Yubikey an attacker cannot access my passwords stored within Lastpass. It allows for multiple accounts and makes this very easy, which is great if you are like me juggling Gmail accounts.

There is a possibility still if your computer was compromised to intercept username/password when entering into a website.   The next section are some sites you can use Yubikey as a part of your login with 2 factor security.

4) Some Sites integrated with Yubikey Support(Including Blockchain.info! )
Gmail and Google Apps
Dropbox
Blockchain.info

Above are some of the main sites for me, but there are others out there.   The main one and perhaps one of the biggest reasons I decided to try it was support with blockchain.info .  This means even if you logged into your blockchain wallet from a comprised system the password alone is not enough to login.  Without physical access of your Yubikey a "bad guy" is not going to be able to log in.   Below is how to sit this up with BlockChain.info

1) From within your blockchain.info account click the account settings button
2) Click continue on the warning about sensitive data.
3) Enter you password for your account to access the account settings.



4) On the side menu click on the security option.
5) Click on the Two Factor Authentication drop down box and select Yubikey.
6) After selecting Yubikey click on the box below it and press your Yubikey button, you will see "Yubikey Successfully Updated" when successful .


7) Make sure to enter a secret phrase and save it in case you lose your Yubikey.  I suggest storing it somewhere safe, as it will help recover your wallet access if you lose your Yubikey.
8 ) Now you can see your new blockchain.info login which requires your Yubikey as 2nd factor authentication!


5) Conclusion
This is a great tool to help you become more secure in your digital world.  You can combine it with sites that have Yubikey integrated such as blockchain.info, or use it with password managers such as lastpass.   These are great tools to help you keep good security practices.

Can it protect you from every possible compromise?  Not as long as there are sites that do not require dual factor authentication.  But if programs such as lastpass have you use unique and secure passwords that are different for each website, you have an advantage over a shared password used on multiple sites.  And with Yubikey giving you 2nd factor authentication on sites such as google, and blockchain it is definitely something to consider.


5) How to purchase
Below is link to order direct
1) Direct - https://www.yubico.com/products/yubikey-hardware/

Thanks for sharing this. It might come handy when the time comes that I really need such a secure way to access my online accounts.
For now, Im using 2FA and text confirmation to sites that were integrated by it. I also regularly reset my passwords in a random basis.

I have been trying different options out there.  This is one really to take a look at.  With using Yubikey it is a physical token that is great with Blockchain.  And it seems people use it a lot here as a hot wallet.

My worries with text might be small but I worry of someone compromising the phone, or managing being able to get it fowarded via social engineering.  With Yubikey I have full control of my physical key, which I like.   And I have in safty deposit box the secret phrase if I ever lose my Yubikey for blockchain.

On passwords I went with Lastpass as it creates great long passwords that are unique, and can be saved within 2 factor security using Yubikey with it.  So if one site is hacked and a "bad guy" gets a password it just get's him one site.  No sharing of passwords.  

The more I test it the better I feel with it.  And the Yubikey 4 Nano fits so great in a usb slot.   I was surprised how much I liked the Nano.

is this better than ledger nano? or they are kind the same?

at first glance it seems that ledger is better but since they cost around the same, maybe they are equal is this correct?

They may look the same at first glance but they are very different.   The Ledger is a hardware wallet.   The Yubikey is a physical key for second factor authentication.  So the Yubikey has much more uses.

Some of the main uses I really liked was using it to secure a blockchain.info wallet instead of sms.   It also did great with gmail account's.  So these even if compromised an attacker needs my Yubikey to log in, which they should not have.  So great there.

And Lastpass is great addition.  It's a full program on it's own, but combines great with Yubikey to secure your passwords. 

This is a good stuff for better security of our digital assets. I heard in some countries the government itself has a high security wallet system to have their personal as well as government official documents.
Such an arrangement sounds good if implemented over every country, which will possible won't allow much hackers easily.

how about price ?
any ebay link of this product?

i've seen that this is not related to bitcoin only, it do much more as you said, for the same cost seems the better than between the two

also its nature of being so small i think it's even better than the ledger, make it more confidential

It's a good idea and the combinations you can do are great.   I have found Yubikey and Lastpass to be a huge changer in my online security.  And sites that have Yubikey integrated like Blockchain.info are great.

I was always pretty good at not using the same password.  But my passwords were no where near as hard to crack as the Lastpass generated ones.  These would take a bad guy a lot more time then standard accounts to crack during things such as a database being taken.

I really think Yubikey with it's layer of physical protection is a great thing in any case.

You must have missed last part of hands on.   Click on the link: https://www.yubico.com/products/yubikey-hardware/

There are many different versions of it.  And the great thsing is you can pick which is best for you.  This could vary for each person.  I thought I would like one of the longer full Yubikey's.  But I ended up loving the nano version, it's fit with a laptop is just great.  But for everyone it could be different.

Not sure why you would want to get off eBay.  Go direct link I listed above and by direct from manufacture.  I just like buying direct on anything dealing with my security.

Exactly it's just a really good product to add a physical layer to your security, which is great.  There are some sites that are related to bitcoin and some that are not that use it, as it is a great tool.   And Lastpass really takes it to a whole new level on regular password security with using a Yubikey with it.

The nano really was my favorite which was surprising.  I thought a full sized on my key chain would be,  But the nano is perfect for laptop use.  You can stick it in the side of your laptop leave it there, and it can only be activated by your touch.  So you can leave it in your laptop if you wanted to.

It does add a physical token to a Blockchain account, which is great.   I have seen how popular it is, that is part of reason I tried these out.

The nano that is kinda the point being so small, so it is meant to fit just in usb slot with a small overhang.  So you are right on that one being very small.  On the other 2 I reviewed you should not be losing them. They are in the same size as a usb drive.   All are slim though where you could slip within a wallet.   They were more designed for a key chain with the hole, but most wallets would likely work.

Great guide. I have at least 10 different yubikeys, one of almost every type. I love them and use them for everything.

I have one programmed for static password, so it outputs the same password every time. I use that to unlock my KeePass database. :)

Glad to hear another person using them!  They really are a great physical key for security.    I love they they are not tied down to one thing, there are a ton of more things they can do that I scrapped the surface and focused on bitcoin and site security.

Some programs such as Laspass also also allow multiple.  So great to be able to use multiple Yubikeys to one sign-in.

Have still been testing Yubikey with blockchain.   I think it is one great use due  to it's popularity.

Also the more you use Lastpass and get unique strong passwords the better it gets.   I would say Lastpass gets stronger and stronger the more you use it.

I used Lastpass before, but after they sold out, and security issues started appearing i I started using KeyPass instead. I feel more in control. And as I wrote i use a Yubikey in static password mode to store the password for my KeePass database. :) KeePass with chrome extension gives me the same functionality.

And that is another thing great about Yubikey is you can use it for so many different things. Just like this we prefer different password managers... and it allows us to pick our favorite which is great.

I think Lastpass is pretty good.  There was one exploit for Lastpass they named Lostpass you just need to make sure your signing into your Lastpass and not a phishing site.  Which you really should always check that when logging into a password manger.  And having two factor with Yubikey does help on most possible security problems tremendously.

Can I ask? Is this "Yubikey" a souped up version of Ledger's HW.1? It works with more than just a few bitcoin wallets, has NFC support, and looks less flimsy?

Completely different things.   A Ledger is a bitcoin wallet, it stores your bitcoin wallet on it and signs the transactions.   There are many different ones but they are hardware wallets.

Yubikey is a physical security key.  So it's not a hardware wallet but a security token.  It can be used on some hot wallets like blockchain.info .  And it really gives the extra option of adding security by using it as a 2nd factor authentication on many sites.   

And where it really get's even extra great options is when combining with password managers.  It gives secure 2 factor on it, and if you use lastpass you use a unique password for every site so if one site was hacked not all your passwords are compromised from using same password on multiple sites.

No. Yubikey is a one time password generator. It has nothing to do with bitcoin, other than some online wallets lets you use it to protect your account, like they also lets you use Google Authenticator, or one time passwords delivered by SMS.

Just to make sure you know what I was talking about :) I don't think LastPass is a bad choice, but it's always good to know:

https://nakedsecurity.sophos.com/2015/06/16/bad-news-lastpass-breached-good-news-you-should-be-ok/
https://paul.reviews/privacy-password-managers-a-reality-check/
https://forums.lastpass.com/viewtopic.php?f=12&t=187485

I'm not debating your knowlege, it is true what your saying.   Also people should realize I picked Lastpass as I liked it.  There are many different password managers you can pick your favorite.

And even if say your master password is stolen the great thing with Yubikey attached, is without it they can't even access your stored info.  So that second factor authentication is important.

And I should be clear I'm  not telling people not to get hardware wallets, I'm a strong supporter of them.    They are a great option to use.

I am doing this thread as I think password security for a lot could be greatly secured with Yubikey and software, or 2nd factor log-ins.  Also blockchain is the number one mentioned hotwallet online, and I think Yubikey is great to use as 2nd factor.  So even if your blockchain password is taken they could not log in without your Yubikey.

So... A yubikey is a physical second factor? This is actually quite a cool idea. How did you push out your product so widely? I haven't heard of it at all, but it's widely supported.

I agree. Hardware wallets are great. And IMHO the best choice for any bigger amount of bitcoins.
As long as you use an online wallet, you should protect them with 2FA. So I totally agree with you, the Yubikey is a great choice for that.
Maybe my previous post was a bit unclear about that.

Correct.

It is made and promoted by a large Swedish company called Yubico. I do not think notlist3d is involved. :)

They have done a great job of making  good  products.   They have had multiple generations even, so this got them noticed and put on some great sites as physical second factor.

I love the Yubikey nano for a laptop.  I cant stress how nice it is on 2 factor.  I can leave it in the usb slot and it barley sticks out, so it's not noticeable hardly at all.  But on the sites using it and Lastpass it takes me to press the Yubikey for it to send a key to log in, and it's a unique code it sends each time.

I feel more secure with it then SMS even. With SMS if you were really unlucky it could be forwarded if a good social engineer to another phone, or a phone could be compromised.  Both of these are not worries with Yubikey.

And it is great Blockchain uses it.   Gives you some more security on the most popular hot wallet out there.

Correct I am just a fan of it.  I have been looking at hardware wallets and other way's to secure digital assets.  This was a product I liked.

I don't own part of company, stock, or involved in any way.   So I make zero off of sales.   I just really liked their quality products so tested it then shared it after I liked it so much.

i want to ask, can i save something at yubikey? like notepad or link site?
i have idea to create new blockchain wallet without email,
like this https://blockchain.info/wallet/678a3341-c9df-452e-9cef-dde026fd1bc5 (password trialtrialtrial)

can i do it ?

Its a good idea. Even few countries have their own security wallet technology for securing their important documents as well all personal asset documents.

I am using it in a mix with Lastpass as I really like it as a password manager.  With lastpass you get a "vault" where you can store notes even.   

So I have lastpass with storage of info and security of needing my master password, and my Yubikey.  And my Yubikey you must touch to send a code cannot be done remotely.  So it is pretty good for storage in my use.

Physical token are getting more and more common.   Just great tools to add 2nd factor.   I wish all site's used 2nd factor it is truly a great jump in security. 

With 2fa you could have my password and does zero good without my Yubkey.  So add that security to a popular site like blockchain.info I think its great for the money.

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

are you sure with password manager ?  :-\

That article is quite dated look at date, nothing new.    But yes I feel secure as I use 2 factor.

And with Yubikey the great thing is even if they have masterpass does them 0 good.  They need the Yubikey.   So the 2 factor saves you once again.  If you use a password manager use 2 factor.  And I still highly suggest Yubikey.

So those with Yubikey's were in no risk essentially with the 2 factor on lastpass even then.

thank's for the link, yesterday i suggest some exchanger using yubikey feature
i hope someday exchanger increase his secure system

Not a problem It really is a good 2 factor device.  The more sites that use 2 factor the better.  Making a system where if even password is compromised does bad guy no good.... is great.

I suspect we will see more and more 2 factor.  But it's kinda hard to get all sites to add it as a lot of "normal" users think single password is enough.  They are just unaware.

If the yubikey is lost or misplace. How can a user get all the passcode and data saved on the yubikey?

Sorry for how long it took saw this today.  It depends on the service you are using.   Most you would have to go through some sort of support for example here is dropbox - https://www.yubico.com/why-yubico/for-individuals/dropbox-for-individuals/#secret

I suggest having backup options where available I personally like one's that allow multiple Yubikeys to be registered where I can keep one safe incase other is lost.  Some can use phone numbers, or google authenticator.  But again varies a lot depending on what service you use it on.