I Lost My Yubikey! How To Setup Backup Keys
Vložit
- čas přidán 17. 12. 2023
- Get $5 a Yubikey 5 NFC: www.yubi.co/shannon-2024
Get a Yubikey and protect your accounts! amzn.to/3S8BSLL *
Did you know you can set up TWO Yubikeys on ANY accounts that have a 2FA Option for OATH TOTP?! Those six digit codes just got much more secure with this little known hack.
This episode is sponsored by Yubico!
Watch my Passkey episodes here! - • All About Passkeys
Facebook Security Page:
accountscenter. ?...
Becoming a Morse Code Member by checking out the perks linked here!:
/ @shannonmorse
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
SUBSCRIBE! 🌸 czcams.com/users/ShannonMorse?s...
TWITTER 🌸 / snubs
Patreon 🌸 / shannonmorse
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
SUPPORT MY WORK
Patreon 💛 / shannonmorse
Buy Me a Coffee 💛 www.buymeacoffee.com/snubs
Shop 💛 snubsie.com/shop
TeeSpring 💛 teespring.com/stores/morsecode
Coupon Codes 💛 snubsie.com/support
Tech I Use & Recommend 💛 kit.co/ShannonMorse
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
FOLLOW THE SOCIALS THINGS
Twitter 🌸 / snubs
Instagram 🌸 / snubs
CZcams 🌸 czcams.com/users/ShannonMorse?s...
Website 🌸 www.shannonrmorse.com
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
TECH I USE AND RECOMMEND
My Kits, Builds, and Must Haves ✨ kit.co/ShannonMorse
My Amazon Influencer Page ✨ www.amazon.com/shop/shannonmorse
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
MY OTHER SHOWS
ThreatWire 🌙 czcams.com/users/hak5?sub_confi...
Sailor Snubs 🌙 czcams.com/users/sailorsnubs?s...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
GET IN TOUCH
Mail ✈
snubsie.com/contact
Email for Business and Sponsorship Inquiries ✈ Shannon@ShannonRMorse.com
My Media Kit ✈ snubsie.com/work-with-me
Sponsor This Channel ✈ snubsie.com/shannon-morse
Music from 🎵 Epidemic Sound: www.epidemicsound.com/referra...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
😍 FTC DISCLAIMER 😍
Affiliate links listed above allow me to receive a small commission. Any sponsorships for videos are noted in video and listed in descriptions. Any products provided as gifts are listed above. Thank you for your support!
Comment section code of conduct policy:
Constructive feedback is appreciated, but please leave unproductive, divisive and harmful conversation at the door. Hateful comments are not tolerated, and these kinds of messages will be automatically removed. Thank you for making this community a welcoming experience for all viewers :)
snubsie.com/code-of-conduct - Věda a technologie
I'm glad you mentioned they are separate entities, and aren't linked to each other. The backup key idea can confuse people. Really, there is no "backup key" and "primary key". They are just 2 keys that both can unlock the account.
I agree, back up and primary creates confusion
The same way you have spare house keys.
Just wanted to say thank you for making this. I was always annoyed that you kept talking about always having two keys but never explainkng how to do that. I also didn't realise that they're completely seperate, I always thought it was a clone of the first one so this has clarified a lot. We need more videos like this where we get baby-ed through exactly how to do it and with all the information so that we can feel comfortable using them.
Took advantage of the yubi-deal last time. Mad good deal to get multiples. Thx Shannon!
Putting 2nd key in a safe place-->if traveling overseas, and I lost the key (or got robbed), my second key would be 5000 miles away 😢.
Two is the recommended minimum. I have four keys myself. One stays in my desktop, two on my key chain (one for usb A and one UBS-C/Lightning) and one in my fireproof safe.
If I’m traveling, one comes off my keyring and into either my laptop bag or suitcase. Both could still get stolen but the odds of that are very low.
That why I have 2x Yubi keys, just like a real key
@@supawiz6991 I wouldn't keep the key in the laptop bag as thieves always target them. Keeping it in a suitcase is a better idea so it's separate from your computer.
But if you got robbed of one, and have them in the same place, wouldn’t that make it likely that both would be stolen? “In a safe place” might even just be “in a separate piece of luggage while traveling.” If you’re on a long multi-destination business trip, just carry one on your keychain, the second in a locked pocket in your luggage. And put that second one in the hotel safe when you get there.
This is the most logical answer.
Hey Shannon, thanks for these yubikey videos! I had always known about hardware keys but didnt have much knowledge on them. Once I saw your vids, I got two. Ps. I'd love to see a video on how to use a yubikey for a keepass db 😉
Happy to help!
Thanks, you are the first of many watched videos that explained that Google only has accommodations for 1 security key but will accept a second yubikey as a passkey and that is OK. I'm not very good with this stuff and I was a little worried that I did something wrong.
I feel like that's a really important fact that a lot of folks don't know!! Glad it helped!
Thanks for sharing. Blessings on your day!
Hi Shannon all of the best for you and your family for 2024🙏🏻 73's and 88's
Thanks for this. I picked up 3 yubikeys during black friday sales (A + C + one bio at full price). I'm torn between yubikey and google authenticator when both options are available. I use the transfer option to keep an authenticator backup on an old phone.
Thanks for the info. Easy to follow.
Shannon, thank you for the great videos. FYI, I tried to get your discount at Yubikey on the 5 NFC key with USB C . They would not apply to my order. However they would allow for the USB A model. Not a big issue for me but just letting you know so that you don't lose sales credit in the future.
They had to change how the code applied because someone kept putting it on a coupon site 😕
Services that don’t allow two keys annoy me. Especially ones that insist on having SMS as “MFA” to add other methods.
Subbing to the channel because of this video,... just seeing if this helps in what direction the channel is headed.
Thanks was wondering about how to do this for the app for sites that do not support this.
Thank you for these great videos. My work is about to supply us with a yubi key for our work computes but I had a Question? If I setup a yubi key for my laptop do I need one for my phone to access the the apps? for example my bank app vs my bank website?
Thanks, you helped me a lot!!
❤
so am i understanding this correctly; you need to set up each account for every yubikey you intend to use interchangeably? basically set up 2fa twice every time in most instances?
Thank you, Shannon. It's a informative video. But the coupon is not valid. Would you like to update it?
I use the black ones and the blue, the blue is back up though and my black is for windows and sites as well.
Inspired me to buy one! (Two actually XD), also love the hair! :)
thank you! thank you! thank you! 😄
Thanks Shannon the bit of printing the QR code was genius I’ve printed out with back up codes when they were available and added all my accounts to both of my keys.Can I ask do you know how to change the pin on windows/pc as that’s the only time it seems to be required when using the keys to log in on accounts and I’ve not set up a pin on the key itself
Glad it was helpful!
Question: Can we add 4 keys of the same log in type. For example I travel a lot. I want 2 keys with me and 2 keys with my best friend back home. Can we do 4 keys via passkey/2fa. The way you explained it made it seem like we can only have 1 for pass key and 1 for 2fa. Which means only 2 back ups (I could easily loose both while travelling).
Thanks, Shannon~
I've been using a couple of hardware keys for the last year or so. I'm wondering what is stored on the hardware key after I secure an account. Do I need to worry about storage space or removing anything if I close the account?
? can an adapter be used if the key has a different connection...
My yubikey is coming to me tomorrow, only 1 however. I plan to buy one more soon, but I have question regarding that.
I bought Yubikey 5 NFC (black one). So I can use that to secure logging in to my Windows OS.
Now, If I loose the black one, and let's say I have another one, BUT BLUE (so the cheaper version, which DOESN'T support securing logging into Windows), I still can't log in with the blue one, am I correct? So I'm basically locked out forever for my Window OS.
(Except for the very last lifeline which are backup codes)
Another problem is: even you have two hardware keys, some accounts only allow to register and use one key, for example PayPal.
Exactly! I also have two keys, but Paypal only allow one.
Can you use the same key for more than one google account?
I saw that it is possible to use Yubikey to access Windows (offline /local machine user only).
The question is: what about access to HD? In this case, with more advanced techniques, they would be able to obtain the data from the independent HD, right?
What's the difference between a passkey & a 2FA let?
Shannon convinced me to get 2 Yubiceys, but I really subscribed for her hair (jk)
The only thing I dont like is when you have an app like Acronis that only supports 1 autheticator device. then I have to go to my other computer, get that key and plug it in.
Hi what can I do my yahoo account is lock and is asking me for for a back up number
I never was able to access it? Please help.
I use Roboform, will the Yubico key work with it or does it not matter?
Nice one 😊
I was trying to set up my backup yubikey and it looks like Google security has changed and you can no longer add multiple keys to 2fa, any solutions or am i missing something?
Another thing I have done is put the TOTP secret into my password manager, and I can add a new yubikey without having to have a printed copy.
If I have two Yubikey's, recovery codes and the authenticator app, is it wise to remove the rest of the authentication methods like email and phone number verification?
Also, in theory, if a hacker would simswapps my phone number, could he or she change all the other authentication methods in my Google account and make the first methods I mentioned useless?
what if you lose both the main and the spare keys?
Lol KABOOM!
I have way more than two FIDO keys.
Depending on the standard and brand. $500 can afford you many keys. Half that can get you a decent amount.
I have been trying to add additional yubikeys to my goggle accounts, but the prompt is not there anymore unlike before that I could keep adding keys. Comments please?
The version of Chrome Browser I am running doesn't support YUBIKEYS at the minute.
Can I get a chip implanted?
An important security/privacy question. For example you have two accounts both use the same YubiKey. Can the provider see that you have a same security key aka signature?
Smart question, ever figured it out?
@@baby333 I ask Yubico, short answer was no. :)
Oh my god, we can use the same QR code?! I'm new to yubikey's and i thought i had to re-setup all of the codes and everything if i got new keys.......... omg that's sick!!
Yes!!! Just securely store the QR code or authenticate all your yubikeys before clicking away from the QR code! You only see the code once on the screen but it's a great hack!!
Yea!! but i was planning on getting more, i currently have 2, and i was like uggghh i have to remove my 2fa and re do all the keys again.. but i just screenshotted the QR codes isntead now and stored them temporarily! @@ShannonMorse
Hi Shannon...wondering if you know: Does a yubikey have to be "ejected", like any other usb drive? or can it just be pulled out?
In my experience, I just remove it. Never had an issue.
If I’m not mistaken UniFi doesn’t allowing for a second key to be registered
Unifi doesn't even allow you to use a physical key last time I checked
@@estusflask982
Hm, I’ve used yubikey on unifi ubiquiti before I switched to other tipe of 2Fa, they may change their policies. Ill check it again later
My UBNT account has my phone authenticator app and 2 Yubikeys all providing me with the same OTP code no problem. Setup "app authentication"
@@Sean_Cockrell The "app authentication" is TOTP, not FIDO.
If Yubico sponsor you please tell them that yubico-luks seems like dying and decrypting LUKS partitions/disks with yubikey is a mess (partially also because of systemd)
Korbin Dallas MultiPass.
There are ways to literally clone yubikeys. It involves setting the underlying "seed" value that encrypts and anchors all of the other keys (secrets) you _derive_ from the master seed value on the device.
What this means is that for every key you setup with your yubikey, the others are automatically able to generate any of the derived keys because the cloned devices all have the same seed value/key.
How secure is logging into other sites with your Google account? Google is one of the few that implements hardware 2FA well. Would logging into other services via Google make them more secure? I don't really understand the protocol that lets this happen. How much info from my Google account can those other services see? Or is it better just to keep everything separate?
Using the key to login with Google on other websites/apps doesn't change what data the other websites can see.
When I need to deal with these things, I Google the various stuff like OTP and 2fa and Fido and then I probably forget what they are. I would appreciate it if you would tell us what those are when you mentioned them in your videos. It's helpful. And yes, I got two UB keys just like you said
Here ya go! czcams.com/video/w_Yn1dAqLO8/video.htmlsi=vkDJR3ByZXWA0JzC&t=116
@ ShannonMorse That's the present situation as I said. Saying "two factor authentication or TFA" the first time it comes up is a lot more efficient than asking a lot of people to Google stuff when they only need a prod.
You mentioned that these keys cannot be copied, I wonder if that would be possible with a MITM attack. Any thoughts on that as a possibility?
If the key codes were copied in a man in the middle attack, Yubikeys also provide an extra layer of security in that you have to physically tap the key to complete authentication, so a hacker would not be able to use the code to log into your websites unless they physically had access to your Yubikey.
They should be sold in pairs IMO. Or at least provide a discount for buying two!
My discount stacks for each one you buy.
Buy a ledger hardware wallet. If you lose it just buy another ledger, enter your seed phrase and voila. Your hardware 2fa is tied to your seed phrase.
Antie EM!, Auntie EM!
how could you use this with an authenticator app? and is there a further backup if both keys (or if someone only has 1 key) is lost?
In some cases you can use the same QR code to set up authentication by more than one authenticator app (e.g., Authy, Yubico Authenticator, Google Authenticator, Microsoft Authenticator, 1Password, Apple Passwords, and so on). Each app has different strengths or weaknesses (for example, if you set up another device on the same account, does it automatically grant access to your credentials? A comparison of these is probably a whole separate video).
You can also store a screenshot of the QR code as an attachment in 1Password, for example, in case you need to set up another key later. If you want to be extra careful, you could encrypt the screenshot file before attaching it in your password manager (or before saving it in some other secure location).
do you set up more than 2 (multiple) keys the same way?
Yes, each additional key would be set up using the same process.
Is it possible to use some kind of 3-way authentification, password, phone (via sms or google auth) + yubikey?
Most (if not all) sites generally let you in at 2 Authenticators EVEN if you have 3+ enabled. (stay away from enabling SMS, its only a security concern tbh)
Some (let's say ProtonMail) you can have almost up to 3-4-way authentications XD (Pin + Password + TOTP + Two Password)
Also some Crypto exchanges websites might use 4 Auths on withdrawls. ( Password, Fund Password, TOTP, Email & then you must prove you're not a robot XD)
Better buy 3 or 4. I've had several Yubikeys stop working over the past couple years. Not to mention then you may need a USB-A, a USB-C and an NFC Yubikey.
So if you have this situation cant you sign into the account using the working key and delete the key that isnt working and then buy another one and setup your backup again?
Google titans only $35 and NFC compatible
I always worry about USB drives and Ubikey’s little contact tabs being exposed and damaged..? Any info on that..?
They may look damaged because of the oxidation on them, but that's how they look even if they are enclosed in a metal housing. It doesn't mean they are damaged.
Once I setup keys should I turn off the other Google methods like phone verification?
I would. Anything is better than nothing, but hardware keys are the most secure option, so removing the other options would be best since they could be used as alternatives modes to login
Just so you know I tried using your link because I wanted to get some spares and it doesn't work regardless the browser I try it in
Ooo thank you, the coupon code should work fine on yubicos website tho!
I have a question. I want to go passwordless on outlook 365, personal account. How can I do this without the MS authenticator app? I just want to use my key ONLY to login, otherwise what's the point of the security? How do you accomplish this?
Yubi has a walkthru on their webiste look for passwordless entra ID via the googs should be first hit.
Holy cannoli, Shannon! Sponsored by Yubico?! That's awesome. I need a couple replacement keys anyhow... 👍
Can you help me understand what happens if you were to lose both keys in a housefire? Assuming you don't have any family or friends you trust to keep a spare, and don't necessarily trust or know if it's safe to keep a spare in a bank safety deposit box? I'm at a loss for what happens if I lose access to both of my keys! I rent so i can't install a fireproof safe.
Make friends? Bury one in a cave? Save your backup codes digitally? I'm sure we could say "but the planet might freeze over!" but I'm sure you can figure something out for your specific scenario 😉.
@@ShannonMorse ahhh thank you! Can you talk about your third option - save your backup codes digitally? I don't understand what the backup codes are here. Thanks again!
Here ya go! czcams.com/video/0iq0BgiKlWM/video.htmlsi=JlQy2jT3J30M2qR5
This link is not valid.😢
If you do not do the whole login procedure every time you visit your account its useless.
Hackers symply steal your browser data after you have logged in, so the key provides no safety at all.
This comment assumes an attacker is only going to try one attack. Browser session hijacking (cookie stealing) isn't the only thing you should be protecting against. I did an entire video about protecting against session hijacking - you should watch it, because I answered your question in that video.
Physical keys prevent brute force attacks as well as 2FA code bypass attempts. These are different attacks and should be implemented alongside disabled cookies or deleting sessions after closing a browser. You can't prevent every attack by using just one prevention. Cyber security is holistic and requires a lot of different protections.
Ola, yubikay é melhor q o passkey q a google lançou se sim pq.😊
❤
Wen YubiRing, YubiCard?
Was surprised by your saying that you don't need your key every time you log into a site. I have not found this. Today I logged into my bank site looking to set that up. I used my key and I was brought straight into the site, no place to click to remember the browser, etc. The key I'm using is not Yubi, its a different brand.
Hi, it depends on the website. I explained this in much more detail in my video about how cookies work: czcams.com/video/xalg8a3eIy4/video.html - banks generally do require you to re-authenticate after shorter periods of time, or every time you close your browser or leave their site.
So in other words. If i alerady setup my account on one of them, and want to setup a second, i have to remove the ones i Just setup , and do them both at the same time.. *sigh* well that can be a massive pain if you have alot of accounts tied to them.
Also, how do you revoke just One of the keys?
Just make the 2nd key identical to the 1st one using the Yubikey software.
That is not possible, since you have to first register the key with the app/service you want to use it with. Although, you can have the same TOTP code on multiple Yubikeys.
So what happens if I only have the one key and lose it? Am I locked out of the account permanently?
Yep.
Backup codes is still a way.
My mom's been using a hand written password notebook for last 20 yrs ha.
While researching YubiKeys I noticed that Google is involved in their development. Given Google's privacy track record and that part of my security measures involve being as Google free as possible, is it possible to trust these keys or are there better alternatives?
Google is currently the pioneer of security regardless of their privacy practices.
Titan M2 chips on Google Pixel devices are better than the security implementations on Samsung, and Apple.
The Titan chip on Google Titan Key is the same ones being secured on Google's data center.
People who value their own privacy are still purchasing Google devices and using GrapheneOS. That's because Google has the best security on the planet; and everyone knows that. Many former NSA engineers are using a custom OS on Google's mobile phones such as the Pixel 8 Pro.
@@TorchCTI I still don't trust them regardless and would like to find a non Google alternative.
@@JunkheadAlice Token2 is an alternative and is made in the same country (Switerland) as Proton VPN.
PayPal only lets you set up one single key. I don't use it anyway, ao i might just close my account.
Paypal lets you use one key and one TOTP code. Better than most apps.
do t lose it in the first ace.. and put it on a keychain...
I wonder why a Raspberry Pi can't be programmed to operate as a YUBIKEY.
Love the new content. I Kinda feel like Darren should have given you the show. You kept it alive for years while he seemed absent.
Years ago he offered me a co-ownership. I declined as owning a hacker channel comes with a lot of negative bias and legal issues. I'm glad I've decided to work on my own solo career, it's very freeing.
Primary key and FOREIGN key. 😌
Y'know in case you lose it in a foreign country. 🤭
Are you serious buy two expensive keys. These keys may have a good purpose, but are over priced for old styled tech.
Thanks for the Info, and nice video, easy to follow.
Scenario, Husband & Wife and a spare, three keys. We both have different websites and yet would like to have a spare. Do we have to have four keys or is there a way to make three work?
You mentioned the storing of the QR Code. Where are you suggesting to store this security information?
Do you use a password manager, if so who?
and to let you know you get two subscribers for the price of one... This account (CZcamsr) and my Tex.Nolan account! LoL
~ Tex