Yubikey and other such devices

[Chuckanut]

I have a Yubikey which I use for 2FA - two factor authorizaiton.

It has a hole in it for hanging on a key-chain. But, the part that inserts into the computer is exposed to whatever else is on the key-chain or in the pocket. It seems to me that eventually the gold contacts would wear out or be otherwise damaged. What do people do to protect the Yubikey from damage? Or am I worrying about nothing?

 

[Zona]

Amazon sells clever little plastic yubikey covers in different styles. I am considering getting one for the same reasons you mentioned. I haven’t had any issues with it so far, but does seem a bit flimsy to just shove it in a pocket or purse with the contact points uncovered.

 

[JoeWras]

I leave mine plugged into the computer. I only use it for Vanguard. VG forced me to re-register it with a PIN code, so I think I'm OK with this.

If you carry it, I agree about getting one of those holders. I'm hard on my keys, doing a lot of work outside. Dirt, grit, and screws in my pocket will wear things down.

 

[jim584672]

At work I had a RSA token with 6 numbers for computer work. I think for personal use it is security overkill. Plain two factor using a phone is good enough for me.

 

[The Cosmic Avenger]

At work I had a RSA token with 6 numbers for computer work. I think for personal use it is security overkill. Plain two factor using a phone is good enough for me.

I remember those! I like that I can basically have 50 of those by using an authenticator app with LastPass or Google. You can consider it one point of failure, but then it's also only one thing to secure and keep track of, and my phone stays locked even in my pocket.

 

[RetMD21]

I leave mine plugged into the computer. I only use it for Vanguard. VG forced me to re-register it with a PIN code, so I think I'm OK with this.

I did the reregister thing this week but no PIN, I wonder what is up with that?

 

[Vincenzo Corleone]

I did the reregister thing this week but no PIN, I wonder what is up with that?

Same here.

 

[RetMD21]

I thought that this was interesting from the Vanguard website.

Security keys can be purchased from various online and trusted technology retailers. Be sure to choose a key that is FIDO2 certified. Android users can also use their phone as a security key through Google Chrome or Microsoft Edge.

 

[JoeWras]

I did the reregister thing this week but no PIN, I wonder what is up with that?

Same here.

It is confusing. BH has a long discussion on it. This person's experience matches mine, although I did NOT reset my Yubikey to erase the PIN. It is important to note that if you decide to reset the key, your key may not work on other accounts you are using it on. Ditto for if you decide to add a PIN. So be careful.

https://bogleheads.org/forum/viewtopic.php?p=6813084#p6813084

 

[badatmath]

I have 2 keys for w*rk. Neither are robust enough to carry around IMO though I will admit I would be likely to lose one. It is type C so very small and thin. Touchy even when plugged in - I do not like them.

 

[Chuckanut]

https://support.yubico.com/hc/en-us/articles/4402836718866-Understanding-YubiKey-PINs

I've read this, but it seems to be more a guide for the already initiated than a primer for those of us who don't have a clue what the PIN is and does.

• [*]A YubiKey can have up to three PINs - one for its FIDO2 function, one for PIV (smart card), and one for OpenPGP.
  [*]The PIV and OpenPGP PINs are set to 123456 by default, but there is no FIDO2 PIN set from the factory.
  [*]If you are being prompted for a PIN (including setting one up), and you're not sure which PIN it is, most likely it is your YubiKey's FIDO2 PIN.
  [*]If you are using a blue Security Key, FIDO2 is the only PIN you will be prompted for, as the blue Security Keys do not support PIV and OpenPGP.

 

[RetMD21]

I noticed that somebody at BH was complaining about the SMS backup, but I have mine turned off

 

[JoeWras]

I noticed that somebody at BH was complaining about the SMS backup, but I have mine turned off

That person complains about it every opportunity they get.

 

[RetMD21]

That person complains about it every opportunity they get.

LOL, IDK why I was allowed to turn off SMS maybe because I have multiple keys? Anyway it is working for me

 

[JoeWras]

LOL, IDK why I was allowed to turn off SMS maybe because I have multiple keys? Anyway it is working for me

Yes. It is reported that if you have multiples, you can dump SMS.