Bitcoin Forum
December 16, 2017, 09:29:00 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MtGox security: Yubikey vs Google Authenticator  (Read 1908 times)
Rampion
Legendary
*
Offline Offline

Activity: 1120


View Profile
March 19, 2013, 04:17:29 PM
 #1

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

1513416540
Hero Member
*
Offline Offline

Posts: 1513416540

View Profile Personal Message (Offline)

Ignore
1513416540
Reply with quote  #2

1513416540
Report to moderator
1513416540
Hero Member
*
Offline Offline

Posts: 1513416540

View Profile Personal Message (Offline)

Ignore
1513416540
Reply with quote  #2

1513416540
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513416540
Hero Member
*
Offline Offline

Posts: 1513416540

View Profile Personal Message (Offline)

Ignore
1513416540
Reply with quote  #2

1513416540
Report to moderator
1513416540
Hero Member
*
Offline Offline

Posts: 1513416540

View Profile Personal Message (Offline)

Ignore
1513416540
Reply with quote  #2

1513416540
Report to moderator
deathcode
Sr. Member
****
Offline Offline

Activity: 392



View Profile
March 27, 2013, 04:00:52 AM
 #2

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Rampion
Legendary
*
Offline Offline

Activity: 1120


View Profile
March 27, 2013, 08:32:32 AM
 #3

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?

That would be cool, because it would be like a sort of "backup" of the 2FA

deathcode
Sr. Member
****
Offline Offline

Activity: 392



View Profile
March 27, 2013, 01:44:58 PM
 #4

I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:

Which solution you like better? Yubikey or GA?

I see two different pros and cons:

  • Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
  • On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)

Opinions?

You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.

Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?

That would be cool, because it would be like a sort of "backup" of the 2FA
Entirely up to you. You can setup the google auth for all three option (security, login, withdrawal) and yes, you'll need only one.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!