I've been awarded with a free Yubikey at MtGox. I had already set up a Google Authenticator, and now I have a doubt:
Which solution you like better? Yubikey or GA?
I see two different pros and cons:
- Yubikey looks more secure, as I'm sure that smartphone malware targeting Google Authenticator (among other things) is on his way
- On the other side, Google Authenticator seems easier to backup. For MtGox specifically, you just have to print the QR code at set-up, and your set. What about Yubikey? What happens if you loose it/break the key? I will have it in my keyring... And that's a place where is getting a lot of "action" (bouncing around with coins, keys, etc.)
Opinions?
You should have both setup. Both methods are two factor-authentication. even if both of those methods are compromised, you still have your regular user/pass as a security feature. Also, why would you keep your key on a keychain with other keys, coins, etc? your yubikey belongs to a safe place in your house and you should use it as a secondary method (if you have google authenticator enabled)
At least that's my setup.
I hope it helps.
Thanks for the info. Si if I set up both (GA and Yubikey), I will just need ONE of them to withdraw (for example) - is it correct?
That would be cool, because it would be like a sort of "backup" of the 2FA
