You and your Yuibikey

Written By Alex Phinn

Happy new year to everyone. I think this is the best time to review our internet security, especially after the SolarWinds hack, which showed that anyone, including the government, can fall victim to hacks. 

SolarWinds, How did it happen?

OIP.jpg

The Solar Winds hack was not a one-day operation. The APT group had access to the Solarwinds system since 2018. They were able to gain access due to weak passwords, and then move around connected apps to access different companies.

Lesson learned...Don't use weak easy to guess passwords. The first thing to do is set up a password manager like Keepass, which will generate strong passwords and save your login for you to auto-fill it at a later date.

This is not the only thing that we should do to secure our accounts. We need to enable two-factor authentication (2FA).


What is 2FA?

Two-factor authentication is using alongside a strong password, having another system to authenticate our login. 

Some examples of 2FA are:

  • Authentification apps (Like Google Authenticator)

  • Text messages (We won't go over since it is easy to get around)

  • Email(Same Above)

  • Biometrics (Using fingerprint or Face)

  • Yubi Keys

This article will go over Yubi Keys, as they are considered one of the best forms of 2FA.

A Yubi what now?

yubi.jpg

A Yubi Key is a hardware device generally in the form of a USB drive that allows you to access multiple services like websites, computers, or networks. The Yubi key has a cryptographic algorithm software that will enable users to securely login to their accounts. Using this Algorithm is generates a robust and unique passcode to a service or program you are using.

What makes this safer than many of the above examples is that someone will need physical access to the Yubikey to use it. Text messages and email are weak because criminals have ways of spoofing your email and text messages so that the one-time passcode is sent to them.


Ok, how do I get one of these magical Keys?

You can go to  Yubico.com to purchase a key. There are several versions of the Yubikey. I bought the Yubi key 5, which has NFC, so I can unlock my phone.

Setup is simple but is Unique to each service, Normally you will have to go into your account settings to an app or website like amazon. And choose the setup 2FA option. You can use the below site to see how to set up 2FA for multiple locations.

You can use this site to find a way to set up 2FA; Two Factor Auth.

You can also use the Yubi key site to set up your Key for specific websites.

How to Setup the YubiKey | Yubico


I am not going to explain how to set this up as it is self-explanatory on the above sites.


Next, we will talk about Password managers. I will also start security-focused IG, and I am thinking of posting some of the hacking challenges. 

Alex Phinn
Previous

Something Smells Phi-shy
Next

Shut your Pi-hole!!