Yubico is one of the names well recognised for aiding individuals and businesses in keeping their accounts secure. This is through their range of both software and hardware authentication keys. But that’s not all you can do when it comes to online security.
There are a number of things you can do to protect yourself such as:
- Having a quality spam filter on your email to protect from Phishing
- Never reuse passwords
- Make your passwords long and strong
- Use a password manager
- Wherever it’s available, use multi-factor authentication
It’s the latter where Yubico steps in with their Yubikey range of hardware riding the trend from major tech. This trend has in some ways, been spearheaded by Google when it automatically enrolled over 150 million users to multifactor authentication. This includes a requirement for YouTube creators to have the feature enabled as of the start of November 2021.
Recently they launched a new blue Security Key C NFC, a consumer-grade hardware authentication key. In terms of cost, the blue Security Key C NFC will set you back US$29 per unit and for the headaches that can help prevent: That’s a bargain!
The features of the device hit all the marks you need in the current era such as USB-C connection, NFC for tap authentication and a durable design. This makes it an ideal entry device for users currently looking at hardware keys, or a perfect upgrade for someone who has an older style USB-A authentication key.
Larger scale solutions
Yubico doesn’t just offer consumer-grade hardware, they also have YubiEnterprise aimed at offering businesses a turnkey solution to security needs. Until recently, only available in the USA, Canada and Europe – The service has now expanded to a total of 49 countries including Australia.
The offering gives businesses the option to manage enabled security keys, ship and track while offering certainty of delivery and continuity of services to their staff.
The giveaway
Thanks to our friends at Yubico we have 5 of the Yubikey blue Security Key C NFC to give away. To get your name in the running, let us know in the comments below why you need to up your game for online security and — given the wide range of compatible accounts and services — services you’ll consider hardware authentication for. Bonus entries will be considered for readers who offer constructive and helpful comments to other readers on ways to improve their online security.
Winners will be selected on Sunday 14th November at 5 pm AEDT and contacted via email for a delivery address.
Winners must reside within Australia.
If you’re not one of the lucky few who pick up a freebie, you can still grab a Yubikey from Yubico, Amazon or Trust Panda online.
So in terms of security, I think I’ve got things pretty well down pat.. So I’d love a Yubico literally just so when colleagues see a that blue thing sticking out of the PC, they’ll ask questions and I can tell them why it’s a good idea!
100% but for me it’ll be when they see it on my keys. It’ll be a talking point and selling point.
With an increase in crypto use and all the hidden dangers that go with keeping your crypto safe, I can see a great use for this key to help keep my assets secure.
I use LastPass and MFA for everything… this would be the next step up! Never save your passwords in Chrome or your browser. If anyone gains access to your computer, they have full access to everything! LastPass can be set to log out automatically, so this is never an issue.
But what if the computer is encrypted and has password on it? I lock mine each time I walk away. I use touch ID for fast unlocking the Mac.
I run my own certificate authority at work to create certificates to protect internal HTTPS websites (Management interfaces on infrastructure, internal websites etc) . The private root certificate is stored on a computer (all be it protected by a crazy password) . If you gain access to that password you can do amazing things in my network that would be traditionally protected by a certificate (intercept https traffic, run code as trusted as it’s signed) . It would be awesome to store that private key in a Yubikey. Also, I use a password manager to store all my passwords, however… Read more Β»
I am paranoid about security on the web. The thing about the apps that help and deal with 2FA is great and all. The terrible thing is when they go missing. When you misplace your device you misplace your 2FA. This has happened to me. I would love to have a physical store of my 2FA and passwords, given the Yubikeys can do OTP codes which are awesome, as well as that I love the idea of smart card authentication to my windows and mac devices using their plugins.
I am terrible with my password management. Although I do use Bitwarden for password management AND Authy for 2FA, I have them both remaining logged in on multiple PCs, even at work! I know, I also face palm myself.
I carry a 400gb microsd card in my wallet in a tiny microsd reader. The Yubikey would be the perfect addition to carry with me wherever I go.
Actually thats not a bad idea having a microsd card, only issue is if you keep it in plain text and lose your wallet…
Can you remotely log out of your work machine (Bitwarden session)? I use 1Password so I don’t know about BW. Good idea to review logged in sessions and revoke them if you don’t use them. Same goes for OAuth connections. If you must use it at work, use private/incognito and close the window once you’re done?
Yeah you can. There is an option within the apps web version to Deauthorise sessions, but i have mine to time out after 5mins when im at work. But I always lock my device at work and yeah at home i have my desktop to timeout after i close out of my browser.
Monday the 15th Nov not Sunday?
Sunday 14th – My bad!
So, did I win? π Did the winners get emailed yesterday arvo?
Was actually thinking the same thing…
No email here (also checked my spam) so assuming i didn’t win =(
Emails were delayed until a short time ago.
The winners have now been notified. π
I am slack when it comes to passwords, and use the same password in too many places. I need to overcome this lazy habit.
Use Chrome sync with auto-generated unique (strong) passwords. It saves per site/credential. So if you get hacked, it won’t be the same password everywhere.
Depending on how nit-picky you want to be, chrome is quick and simple but still you are allowing an other application look at your credentials and upload to an other source. Personally i would use apps like bitwarden or lastpass, generate new passwords for all log-ins and only have to remember 1 password.
Then in reality you should go to https://haveibeenpwned.com/ every so often and enter in your email address and see what comes up.
I have 1Password too so really just remember two passwords: 1 for 1Password, which I hardly ever use these days, and the other being my Google account password which I have Chrome sync on, with password autofill/auto-generate etc. Both passwords are unique/strong too.
I have setup a hardware security key using OpenSK and a NRF52840-DONGLE, while it is great for most websites some require a actual Yubikey to use Hardware Authentication (Looking at you Google)
So it would be great to have a Yubikey for these sites and keep my other key as a backup
I’d love to have this as a backup for all things Google, for that day when the phone breaks (and you realize how dependant you are).
Especially if you use the phone as the 2FA (Google Prompt, Pixel) or SMS (not recommended).
Been relying on my phone for 2FA and never had an issue, till that one time I didn’t have the phone. Needed to sign in via Okta and no other authentication method had been configured (my fault – consider SMS auth a dangerous non starter). I’ll use Yubikey everywhere I can, but first cabs off the rank will be M365 and Lastpass.
Office 365 might be picky with the type of key you use JFYI.
You’re right, so now I’m moving to the no password model on my M365 accounts. See how that goes.
I’ve been using 2FA via the authenticator app but I’m always looking for a new layer of protection. Would love to give this a try
Move to Authy app. It does cloud backups and allows multi-device. Authenticator has account export now but I don’t think it does cloud backups or multi-device sync.
Would easily use for my microsoft, Google and bitwarden accounts. Im eagerly waiting to travel again so using SMS otp may not be an option especially in remote areas where phone reception is pretty poor.
Google services and Dropbox. Cloud storage for the photos and personal files. SMS OTP is not enough!