Got a camel camel camel alert. Lowest ever price.
Previous promo was for a usb-c. This one is usb-a.
https://www.ozbargain.com.au/node/605024
Hopefully it stays in stock for more than 10 mins after this post so some ppl can buy them this time.
Got a camel camel camel alert. Lowest ever price.
Previous promo was for a usb-c. This one is usb-a.
https://www.ozbargain.com.au/node/605024
Hopefully it stays in stock for more than 10 mins after this post so some ppl can buy them this time.
You should use 2 keys at least, with 1 of those keys held off site (safe deposit box).
No, did not really see any site would require 2 but you should use 2 at least just in case you lose it or physically damage it.
It would be kinda okay if you simply use it as a 2FA auth token as most sites will allow you to recover your account with other means.
The better use of this thing is to hold your private key as you can directly generate your PKI key pair on it and the private key is virtually not exportable and that's exactly why you need at least two of them. But if you have no idea what I'm talking about, then you probably should go for those 2FA tokens, which are much cheaper and less likely shoot yourself in the foot.
I am one of those people that has no idea what you meant and have been interested in buying a yubikey for quite some time now. I still do want to understand what you mean. So, are you talking about not using the ubikey's as 2FA but merely just to store private keys on both?
To add to cliffj’s reply…
Yep, some sites/services e.g., Google allow you register multiple security keys (for use with U2F). Others e.g., 1Password don’t (you can only register one).
RE: backup, yes, ideally you want to always register two but that’s not always possible. E.g., with 1Password you can only setup regular “old” TOTP as an alternative and therefore backup (note you can use your Yubikey for both U2F and TOTP and other things too — this is where people get confused).
The problem here then is your security posture is only as strong as the weakest link i.e., you’re exposed to the downsides of TOTP all over again e.g., shared secret, no origin validation, PITA to use, etc.
Additionally, some sites/services have gone down the path of implementing their own 2SV e.g., Blizzard Authenticator, Macquarie Authenticator, … so you can’t even use a Yubikey for U2F nor TOTP.
That said, I have 2 x security keys & still use U2F wherever possible & fall back to TOTP where I can’t. It’s just a little early still for widespread adoption.
good way to lose allyour dagta by locking yourself out
Reset…. would have to have majorly stuffed up setup.
after checking the comparison between version 5 and the rest, i decided the normal blue coloured security key with NFC (not version 5) is sufficient for me.
now waiting for them to go down a bit in price so i can buy 2.
this one
https://www.amazon.com.au/YubiKey-FIDO2-Security-Two-Factor-…
(this shop price is crazy for that, on ebay around $35 each)
The blue nfc keys you are looking for are currently $39 at umart.
Got a camel camel camel alert.
They're probably just running to the water trough at this time of the evening…
Price has gone up from $60 to $65. I have amended title.
Still shows as $60 for me.
Have wavered on getting one for quite some time. Main Aussie entities I'd want it for (banks, super, fed/state gov accounts, etc.) still don't support it.
Changed it back to 60.
And yeah, lack of widespread adoption is the disappointing thing about security keys. I would love to see them replace passwords full stop.
Even most banks don't even use any kind of 2fa still, and when they do, half are sending the otp through sms, which is crazy insecure
49 of my friends out of 50 think SMS otp is the safest. Go figure. How sad.
@CyberMurning: You have 50 friends?
Currently cheaper on yubico website (45 USD for USB-A) if you don't need it asap (excludes the 5 USD shipping), cheaper if you get more than one device and can use with 20% student discount.
Edit: The USB-C version on Amazon is $60 right now. https://www.amazon.com.au/dp/B08DHL1YDL
It is back to $80
ta
it is true some website or maybe all, requires 2 yubikeys during setup otherwise they wont let us to continue with just one ? (the idea is good, one is for backup)