Bitcoin Forum
July 20, 2018, 10:52:35 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MtGox security: Yubikey vs Google Authenticator  (Read 1911 times)
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
March 19, 2013, 04:17:29 PM
 #1

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

There are several different types of Bitcoin clients. EWallets such as Coinbase are like banks -- a central organization has complete control over your money. You shouldn't put much money in EWallets.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532127155
Hero Member
*
Offline Offline

Posts: 1532127155

View Profile Personal Message (Offline)

Ignore
1532127155
Reply with quote  #2

1532127155
Report to moderator
deathcode
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250



View Profile
March 27, 2013, 04:00:52 AM
 #2

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
March 27, 2013, 08:32:32 AM
 #3

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?

That would be cool, because it would be like a sort of "backup" of the 2FA

deathcode
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250



View Profile
March 27, 2013, 01:44:58 PM
 #4

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?

That would be cool, because it would be like a sort of "backup" of the 2FA
Entirely up to you. You can setup the google auth for all three option (security, login, withdrawal) and yes, you'll need only one.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!