Captain-Cryptory (OP)
Newbie
Offline
Activity: 23
Merit: 853
|
|
February 05, 2020, 04:33:09 PM Last edit: January 12, 2022, 03:54:03 PM by Captain-Cryptory |
|
.
|
|
|
|
nakamura12
|
|
February 07, 2020, 07:57:10 AM |
|
So basically, this device is used to manage passwords and OTP (One-Time Password) for 2FA authentication. I read your post and mostly what I understand is it focus more on 2FA. Even though using a authenticator such as google auth and authy are still helpful and those who got your pass and username won't do much unless they can get the OTP in your phone or devices. The Yubikey 5 NFC cost $45 and $100+ if you buy a Yubikey set if someone is interested to buy. The price is from amazon.
|
| | | | | | | ███▄▀██▄▄ ░░▄████▄▀████ ▄▄▄ ░░████▄▄▄▄░░█▀▀ ███ ██████▄▄▀█▌ ░▄░░███▀████ ░▐█░░███░██▄▄ ░░▄▀░████▄▄▄▀█ ░█░▄███▀████ ▐█ ▀▄▄███▀▄██▄ ░░▄██▌░░██▀ ░▐█▀████ ▀██ ░░█▌██████ ▀▀██▄ ░░▀███ | | ▄▄██▀▄███ ▄▄▄████▀▄████▄░░ ▀▀█░░▄▄▄▄████░░ ▐█▀▄▄█████████ ████▀███░░▄░ ▄▄██░███░░█▌░ █▀▄▄▄████░▀▄░░ █▌████▀███▄░█░ ▄██▄▀███▄▄▀ ▀██░░▐██▄░░ ██▀████▀█▌░ ▄██▀▀██████▐█░░ ███▀░░ | | | | |
|
|
|
LbtalkL
|
|
February 29, 2020, 11:19:35 PM |
|
This sounds cool, can we import our google authenticator keys to this authenticator dongle and vice versa? do you have a video on how to use this and what is the price range just curious. If its really affordable and flexible for sure I am gonna buy it, thanks for the info.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2310
Merit: 1803
|
This sounds cool, can we import our google authenticator keys to this authenticator dongle and vice versa? do you have a video on how to use this and what is the price range just curious. If its really affordable and flexible for sure I am gonna buy it, thanks for the info.
OP already mentioned that Yubikey 5 (that he uses) supports U2F, so yeah you can use it with Google[1]. It's priced around $45 USD for a single one. Do check the official website: https://www.yubico.com/product/yubikey-5-nfc[1] Additional info: https://support.yubico.com/support/solutions/articles/15000006418-using-your-yubikey-with-google
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Chikito
Legendary
Offline
Activity: 2506
Merit: 2076
|
|
March 01, 2020, 05:34:51 AM |
|
I read up news, Trezor hardware wallet already has further expanded ability with a secure and comfortable two-factor authentication. Trezor reserve as a hardware security U2F with backup/recovery functions (seed/mnemonic phrase) [1]disclaimer: i don't use it, you can read manual setting up trezor as 2fa hardware [2] with your own risk [1]. https://wiki.trezor.io/U2F[2]. https://wiki.trezor.io/User_manual:Two-factor_Authentication_with_U2F
|
|
|
|
Saint-loup
Legendary
Offline
Activity: 2730
Merit: 2410
|
|
March 02, 2020, 11:35:18 PM Last edit: March 03, 2020, 06:08:27 AM by Saint-loup |
|
This sounds cool, can we import our google authenticator keys to this authenticator dongle and vice versa? do you have a video on how to use this and what is the price range just curious. If its really affordable and flexible for sure I am gonna buy it, thanks for the info.
If you mean TOTP based key then the answer is nope. But Google has the option to bring to bear U2F protocol and utilize the HW keys like Yubico to authenticate you. It works in following way. When you register you HW-key-dongle at Google it sends the random number to that dongle. Based on that number the last generates private - public keys pair. Then the public key of that pair is send back to Google that assigns it to your ID. Next time when you log in to Google it sends to HW-key the message and waits for outgoing one that must be signed by HW-key using the corresponding private key. After receiving encrypted message Google decrypts it with public key and checks. If everything is correct then you are in. P.S. I'm using Yubikey5 to log in to my bitcointalk forum account. But this is the other story. Here is a pretty good article explaining the main differences between TOTP and U2F. Unlike TOTP with U2F you don't have to share a seed with the server, so it doesn't need to store it and to send it to you, and you don't have to send any symmetric code. https://blog.trezor.io/why-you-should-never-use-google-authenticator-again-e166d09d4324
|
|
|
|
|
vapourminer
Legendary
Offline
Activity: 4452
Merit: 3979
what is this "brake pedal" you speak of?
|
|
March 08, 2020, 12:40:29 PM |
|
i just picked one of these up (yubikey 5 nfc). using google auth most places still and slowly changing over to yubi wherever i can. now that i know how easy it is, gonna grab some more, mainly the cheaper simple ones just to register as backups.
having my email and such protected by this is a great feeling. i was always worried my google auth token could be compromised during generation (screenshot or such). never happened that i know of but still.
trezor can do this too but who wants what is obviously a crypto wallet on their key chain.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3794
Merit: 6509
Looking for campaign manager? Contact icopress!
|
|
March 08, 2020, 07:34:07 PM |
|
trezor can do this too but who wants what is obviously a crypto wallet on their key chain.
I've been reading this topic and was thinking "why on earth would somebody buy this, since the hardware wallets can handle the job?" when I've finally read this. Yep. This can be the main selling point imho. I still believe that hardware wallets for day-to-day transactions should not have big amounts of coins on them (the big amounts can stay on another hardware or paper wallet in a safe), but they could still attract the eyes. This device definitely deserves a second look.
|
|
|
|
vapourminer
Legendary
Offline
Activity: 4452
Merit: 3979
what is this "brake pedal" you speak of?
|
|
March 20, 2020, 01:39:39 PM |
|
This can be the main selling point imho.
I would buy it even if it had have only one single features from its current numerous set i.e. ability to deliver user's password via interface unapproachable by malware. No one wants his main password to be stolen. I bought two samples of devices (one of them as backup) and didn't regret that because deep and calm sleeping was always my priority. they claim its immune to badusb and such, which is a necessity if youre plugging it into untrusted systems. https://www.yubico.com/blog/yubikey-badusb/ of course DYOR
|
|
|
|
charlie137
Full Member
Offline
Activity: 1204
Merit: 220
(ノಠ益ಠ)ノ
|
|
March 23, 2020, 01:27:23 AM |
|
very cool, but how practical is this tho? trezors are huge comparing to the rest of the devices in the segment
|
/__ ___ ( / \\--`-'-|`---\\ | AXErunners |' _/ ` __/ / '._ W ,--' |_:_._/
|
|
|
|
charlie137
Full Member
Offline
Activity: 1204
Merit: 220
(ノಠ益ಠ)ノ
|
|
March 28, 2020, 03:48:35 AM |
|
yes, yubico are currently leading here. i would recommend to test couple different models since they have different workflows (nfc/port)
|
/__ ___ ( / \\--`-'-|`---\\ | AXErunners |' _/ ` __/ / '._ W ,--' |_:_._/
|
|
|
charlie137
Full Member
Offline
Activity: 1204
Merit: 220
(ノಠ益ಠ)ノ
|
|
March 31, 2020, 05:56:04 PM |
|
Yubico proved to be a leader in the field. The first three are different in form-factor/type of USB terminal/NFC presence, DYOR. theres also new keys with fido2 https://www.yubico.com/products/security-key/
|
/__ ___ ( / \\--`-'-|`---\\ | AXErunners |' _/ ` __/ / '._ W ,--' |_:_._/
|
|
|
charlie137
Full Member
Offline
Activity: 1204
Merit: 220
(ノಠ益ಠ)ノ
|
|
April 10, 2020, 07:54:21 PM |
|
When you see something like that theres always a thought "well this one is reported, but what if other ones just not yet" but they probably done full revision of all current lineup
|
/__ ___ ( / \\--`-'-|`---\\ | AXErunners |' _/ ` __/ / '._ W ,--' |_:_._/
|
|
|
Mandarava
|
|
October 23, 2020, 12:05:36 PM Merited by vapourminer (1) |
|
Yubikey is great - I bought my first Yubikey back in 2016, but the problem is that I didn't fasten it to my keychain and ended up losing it after a couple of months. Since then, I regularly use my Trezor as a second factor. If someone is not in the know, then I remind you that any Trezor, in addition to the function of a wallet for cryptocurrencies, can be used as a second factor for authentication. Very convenient indeed.
|
|
|
|
vapourminer
Legendary
Offline
Activity: 4452
Merit: 3979
what is this "brake pedal" you speak of?
|
|
October 23, 2020, 12:12:51 PM |
|
Yubikey is great - I bought my first Yubikey back in 2016, but the problem is that I didn't fasten it to my keychain and ended up losing it after a couple of months. Since then, I regularly use my Trezor as a second factor. If someone is not in the know, then I remind you that any Trezor, in addition to the function of a wallet for cryptocurrencies, can be used as a second factor for authentication. Very convenient indeed.
yes, trezor is a good backup to a yubikey. of course i like having several yubikeys for just such a situation.. lost or broken although it seems awful tough to break. also a yubikey doesnt scream "crypto" if you use it in public for 2fa. another advantage a yubikey has over a trezor -- no bad usb infection possible. which i believe (not entirely sure) a trezor is susceptible to. i use both btw
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
October 24, 2020, 08:43:29 AM |
|
also a yubikey doesnt scream "crypto" if you use it in public for 2fa. I don't know, how many yubikeys were sold in total compared with Trezors? another advantage a yubikey has over a trezor -- no bad usb infection possible. which i believe (not entirely sure) a trezor is susceptible to. BadUSB is unlikely, the user would have to be socially engineered to ignore bootloader warnings at every step and even after changing firmware to a malicious one. The warnings about unsigned firmware won't disappear because the bootloader is in a write-protected area. The attack would be easier to conduct if Satoshi Labs was compromised, and afaik multiple people have to sign the firmware.
|
Signature space available for rent.
|
|
|
vapourminer
Legendary
Offline
Activity: 4452
Merit: 3979
what is this "brake pedal" you speak of?
|
|
October 24, 2020, 10:56:59 AM Last edit: October 24, 2020, 11:25:00 AM by vapourminer |
|
also a yubikey doesnt scream "crypto" if you use it in public for 2fa. I don't know, how many yubikeys were sold in total compared with Trezors? another advantage a yubikey has over a trezor -- no bad usb infection possible. which i believe (not entirely sure) a trezor is susceptible to. BadUSB is unlikely, the user would have to be socially engineered to ignore bootloader warnings at every step and even after changing firmware to a malicious one. The warnings about unsigned firmware won't disappear because the bootloader is in a write-protected area. The attack would be easier to conduct if Satoshi Labs was compromised, and afaik multiple people have to sign the firmware. yubikeys vs trezors? no hard data but id imagine yubikeys far outnumber trezors.. yubikeys can be for work, computer logins, banking, email login etc. are we talking about the same badusb here? badusb infects the usb chip itself, not the regular firmware of the device. so no approving bad bootloader etc, it just happens without user intervention.. poof the usb controler chip in the trezor is now compromised.. it can make the usb chip into any HID device it wants. it can emulate a keyboard for instance, and send keystrokes. or make itself look like a mass storage device and send a file. all with the trezor otherwise acting fine and with genuine firmware. as its the usb chip thats infected, not the trezor attached to the usb chip. https://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/yubikeys dont have a usb controller chip afaik (according to yubikey anyway, its a custom deal as it doesnt need full usb functionality) so its immune. perhaps my data is out of date?
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
October 24, 2020, 11:43:54 PM |
|
are we talking about the same badusb here? badusb infects the usb chip itself, not the regular firmware of the device. so no approving bad bootloader etc, it just happens without user intervention.. poof the usb controler chip in the trezor is now compromised.. it can make the usb chip into any HID device it wants. it can emulate a keyboard for instance, and send keystrokes. or make itself look like a mass storage device and send a file. all with the trezor otherwise acting fine and with genuine firmware. as its the usb chip thats infected, not the trezor attached to the usb chip. https://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/yubikeys dont have a usb controller chip afaik (according to yubikey anyway, its a custom deal as it doesnt need full usb functionality) so its immune. perhaps my data is out of date? There are several BadUSB attacks and not all controllers are vulnerable, Trezors have been pretty extensively tested/attacked/audited, none of the attacks to date involve BadUSB so I imagine it's safe in this regard.
|
Signature space available for rent.
|
|
|
|