Bitcoin Forum
December 05, 2016, 04:48:12 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Can I leave my Yubikey plugged in?  (Read 1130 times)
Spekulatius
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 08, 2012, 04:19:05 PM
 #1

Can I leave my Yubikey plugged into my computer while its running and connected to the internet?

Thats what I`ve been doing all the time, for its comfortability.

Or should I rather plug- and unplug my key as soon as I logged in to MtGox?


Thanks for clearing this up, Ive been asking this myself for month.
1480913292
Hero Member
*
Offline Offline

Posts: 1480913292

View Profile Personal Message (Offline)

Ignore
1480913292
Reply with quote  #2

1480913292
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
June 08, 2012, 09:12:09 PM
 #2

It's fine to leave it plugged in.  It only authenticates when you touch the button.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 08, 2012, 09:36:06 PM
 #3

It's fine to leave it plugged in.  It only authenticates when you touch the button.

There might be reason to be paranoid.

There haven't been reports of any physical thefts occurring yet, but you could be making yourself a target if you do this.

The operating system knows if the device is plugged in.  If your system is compromised, the attacker knows then that you leave your Yubikey plugged in.  Also knowable is your IP address (and probably your physical address using some account you access), and probably known is your balance at the exchange, and your username/password there as well.

This makes a physical burglary to become more likely as doing so would likely be successful in acquiring the bitcoins.

If the attacker / thief doesn't know where your Yubikey might be (e.g., do you carry it with you on your person, or is it kept locked up, etc.) then a risky burglary is less likely to occur.

Spekulatius
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 09, 2012, 01:00:39 PM
 #4

OK, but remote phishing of the key string entered is not possible then, at least as possible to the same extend, as plugging it in and pressing the button anymway?
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
June 09, 2012, 09:48:04 PM
 #5

Correct.  It's safe against viruses and hacking.  Someone coming to physically steal it is only a concern if you have a really large account.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!