nwchicago Posted February 3, 2017 Share Posted February 3, 2017 Any recommendations as to which Yubikey to buy? $18 Fido u2f or $40 Yubikey 4 or the nano? Sent from my iPhone using Tapatalk Link to comment
nwchicago Posted February 3, 2017 Share Posted February 3, 2017 Is it safe to leave the Yubikey nano in a desktop at home if you believe your home environment is secure? Also, can you check gmail using the gmail app on your phone or does a second factor need to authenticate it? Thanks. Nwchicago Sent from my iPhone using Tapatalk Link to comment
MWareman Posted February 3, 2017 Share Posted February 3, 2017 Is it safe to leave the Yubikey nano in a desktop at home if you believe your home environment is secure? Also, can you check gmail using the gmail app on your phone or does a second factor need to authenticate it? Thanks. Nwchicago Sent from my iPhone using Tapatalk On the first question, only you can decide. Just because someone else can access the hardware token does not mean they could logon as you. They need your password as well. The more important consideration is how long would it take you to notice it was missing if a guest removed it? Personally, I wouldn't (but that's mainly because I probably wouldn't notice for a few days....). On the second question. The Gmail app uses a variation of oAuth to authenticate (sometimes called 'bearer' authentication). 2FA is only used on initial setup to get the bearer credential and from then on the app 'just works'. No additional auth. If you lose your phone, you can revoke the oAuth authorization from your account online, and 2FA will be required next time to re-link. Another reason not to configure a recovery account on your phone's Gmail app! Link to comment
nwchicago Posted April 18, 2017 Share Posted April 18, 2017 Mike, First, a very big thank you for all of your super awesome guidance and patient answering of my questions! You are the incredible! Second, a quick update - a few months ago I purchased the Yubikeys and began slowly implementing a migration across email accounts, password managers, and anything else I can yubikey. In general, I've aggressively pursued 2FA as well finding the lastpass authenticator, google authenticator, etc... also helpful. I created a new gmail account for notification and implemented 2FA using Yubikey and google authenticator. I created an application specific password to enable ISY access to the gmail account and it worked perfectly - oddly I did not have to select the gmail option to "use a less secure authentication" method. Google seemed comfortable with their app specific password. One thing I'v recently seen is that my Yubikey 4 and Yubikey nano are becoming less responsive and may have even stopped working. I'm going to follow up with Yubikey on this but it is inconvenient. I'm glad I have alternate 2FA backup means. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.