I received my free Yubikey from MtGox today

[geek-trader]

It's little, the "up" side (when plugged into my MacBook Pro) has a small copper circle that you press.

When logging in you press it for 1/2 second.  When you release, it sends a string of text to the MtGox "Yubikey" input field.

I have not done a withdrawal yet, but my understanding is that you press it for 3 seconds (instead 1/2 a second), and it sends a different string.


When you first plug it in, OS X thinks it's a keyboard, but you can just cancel out of that, and it works fine.

With this, I'm confidant that my MtGox account is safe from hackers.  Is my MtGox account safe from MtGox?  I don't know, but they have all the volume, so they have me for now.

[rate5]

Glad to hear you got your free Yubikey from mtgox.  They look cool I am thinking of buying one.

[RyanWebber]

Definately worth having if you're involved in high volume trading there. I'll probally buy one soon cause I'm pretty paranoid after the previous cluster §$%¤

[elggawf]

What were the requirements to get a free one?

[RchGrav]

What were the requirements to get a free one?

If you had an active order to purchase BTC at the time of the breach..  you are eligible.

[geek-trader]

What were the requirements to get a free one?

I had a trade nullified by the rollback after the hack.

[Jack of Diamonds]

I also got a free one a while back, have to say I can really sleep at ease now even with significant $$ or BTC stored in the account.

Spent time researching how feasible it is to crack Yubikey authentication, seems to be very infeasible so I trust it for now.

Negative side, it's bound to Mt. Gox so you can't use it as a normal YK on any other site.

[RchGrav]

I also got a free one a while back, have to say I can really sleep at ease now even with significant $$ or BTC stored in the account.

Spent time researching how feasible it is to crack Yubikey authentication, seems to be very infeasible so I trust it for now.

Negative side, it's bound to Mt. Gox so you can't use it as a normal YK on any other site.

Not really that negative from a security standpoint..  I have evaluated the Yubikey solution and can confirm that a higher degree of both security and functionality is possible when it is used in a site specific fashion.

[d.james]

What were the requirements to get a free one?

If you had an active order to purchase BTC at the time of the breach..  you are eligible.

where do you request for one?

[Jack of Diamonds]

What were the requirements to get a free one?

If you had an active order to purchase BTC at the time of the breach..  you are eligible.

where do you request for one?

Just click on 'Order a Yubikey', on the checkout page it will say the
price is free if you had a trade open when the site crashed.

If it doesn't show 'free' as the price but you really had a trade cancelled, email Mt. Gox and they'll send you one

[Spacy]

How can I activate the Yubikey on the MtGox website?

[julz]

How can I activate the Yubikey on the MtGox website?

Just login and use it.  After the first use - it'll be required next time.

You only need to give the pad a very short press for it to spit out it's stuff.

oh.. and make sure the key is the right way up in the USB port.. if you're not used to those flat keys, it's kind of ambiguous

[Spacy]

How can I activate the Yubikey on the MtGox website?

Just login and use it.  After the first use - it'll be required next time.

You only need to give the pad a very short press for it to spit out it's stuff.

oh.. and make sure the key is the right way up in the USB port.. if you're not used to those flat keys, it's kind of ambiguous

Thx, I did that. After the code is entered, I get logged out again, and I still can login withouth the Yubikey. I think I have to contact Mtgox support Thx for the help.

[julz]

Thx, I did that. After the code is entered, I get logged out again, and I still can login withouth the Yubikey. I think I have to contact Mtgox support Thx for the help.

That happened to me when I touched the pad too long. Have you tried a really short tap?

[Spacy]

Thx, I did that. After the code is entered, I get logged out again, and I still can login withouth the Yubikey. I think I have to contact Mtgox support Thx for the help.

That happened to me when I touched the pad too long. Have you tried a really short tap?

Ah, thank you very much, now it works. When I pressed too short, no code was entered, so I pressed a "little bit" longer ;-)

[MagicalTux]

Thx, I did that. After the code is entered, I get logged out again, and I still can login withouth the Yubikey. I think I have to contact Mtgox support Thx for the help.

That happened to me when I touched the pad too long. Have you tried a really short tap?

Ah, thank you very much, now it works. When I pressed too short, no code was entered, so I pressed a "little bit" longer ;-)

Yep, timing can be tricky, we'll add some explanations.

[elggawf]

I got mine a while back, forgot to mention it. I'd thought I had trades open at the time, but when I visited the Yubikey page while logged in it kept asking for $29.99. MT straightened that out though, and I received it quite quickly from Japan.

Yep, timing can be tricky, we'll add some explanations.

My only issue with it has been the withdrawal press: 3s seems way too long and the key won't do anything. To log in, I do a fast-touch and don't even count. To withdraw, anything longer than "one mississippi" and it won't do anything, but about 1 second press works for withdrawals.

[falkenberg]

Negative side, it's bound to Mt. Gox so you can't use it as a normal YK on any other site.

Did you try it on http://demo.yubico.com/php-yubico/one_factor.php ?
It is pitty if the key cannot be used outside MtGox (yes, I've read their EULA AFAIK yubikey has 2 slots for secret key, they can be switched by long tap. I wonder why they removed Yubiko key instead of using the second slot. If they would leave Yubico's secret key then the key could be used on other sites for authentication...

[error]

Negative side, it's bound to Mt. Gox so you can't use it as a normal YK on any other site.

Did you try it on http://demo.yubico.com/php-yubico/one_factor.php ?
It is pitty if the key cannot be used outside MtGox (yes, I've read their EULA AFAIK yubikey has 2 slots for secret key, they can be switched by long tap. I wonder why they removed Yubiko key instead of using the second slot. If they would leave Yubico's secret key then the key could be used on other sites for authentication...

I was under the impression that MtGox used both keys.

[falkenberg]

I was under the impression that MtGox used both keys.

After reading the forum I came to the same conclusion. But why? What's the reason to allocate both slots if just one is needed for OTP? Even if they do not want to share secret keys with Yubiko (but I would trust them more then mtgox: they never loose their database while mtgox was hacked because someone steel the database. What will it be if the database with secret keys will be stolen next time?), they need just one slot.