Was this a helpful comparison for you? Leave any questions below and I'll do my best to answer. And I always appreciate your support when you use my affiliate links to buy either the Yubikey 5 series keys (geni.us/yubico-5c) and the Yubikey Bio series keys (geni.us/yubico-bio).
Very good explanation. Thanks. I just bought 2 x Yubikeys 5 NFC. Since I will be using them on my desktop, laptop, smartphone. That's exactly why I did not choose to buy the biometric version (No NFC).
@@AllThingsSecured i kind of didnt understand how for the laptop its necessary the bio Yubikey but than i could acess the account from a nft yubikey in my cellphone? I thought the only way to acess the account would be with a bio yubikey? Confusing
The USB-C standard is on most newer Android phones, meaning you can use the Biometric function on Android. I'd like to just point out that while you personally use Apple, a large mobile market segment will be able to use the bio series.
You need a micro-USB to USB-C adaptor (See Amazan). Note: Another option is to use a magnet adaptor for both the port on the mobile and, the Yubikey. Unfortunately, magnetic cables do not yet have an IEEE standard so, you are locked into brand and style. @@RogueAmendiaresyourgirl
Hey mate. Just gotta say I browsed your comment section and noticed youve replied to virtually everyone with advice or answers. Very strong commitment and impressive! I've followed.
@@comecontre7912 read the key? how?if you need to hold the key almost against the key to work? and if so then still how can one decrypt the software on the key?
I work for a company that uses cleaning chemicals daily and i've found that when I had the fingerprint scanner on a phone, I had to use multiple fingertips as backups to unlock that phone. The chemicals alter the way my prints registered on the ID pad. So i've become very leery about using my fingerprints for my sole access.
@Sayed Hamid Fatimi that power can be given by the device itself. so it wont matter. even a cell phone can power the biometric. any device has way more than enough power to power the biometric of any biometric key.
Great Video on 3 Factor Authentication Josh... Thank You... 1st Factor Auth: ... UserName & PassWord Submited 2st Factor Auth: ... Yubi Key inserted into your Desktop USB and clicked when prompted. 3rd Factor Auth: ... Yubi Key Biometrics test combined with Key and clicked when prompted. Excellent Video Josh...
Informative and concise! Thank you. When you say the bio doesn't work with some accounts....basically because the bio doesn't support the authenticator applications. If an online account requires you to use the authenticator app, then you would not be able to use the bio key.
That is correct. I don't think I did a good job of explaining that and perhaps even misspoke about the authentication protocols (I'll need to double check). The important point is that not all accounts accept a 2FA key and since the Bio doesn't have the authenticator - as you say - it can't be used for all your 2FA needs.
@@AllThingsSecured you did a great job. There's a lot to cover and so many different aspects. In the videos that I've done, it always seems I'm missing something in the presentation, so really appreciate your effort thanks again.
Question: What do you think of actively using 2 keys (the bio and the NFC)? I mean, using the bio for all the accounts it can be used for, and using the NFC for everything else. (with a third key stowed away as backup) Would this create any problems, like confusing the auth app, or creating some other odd conflict? Thank you for this informative and helpful video by the way!
I wouldn't think you'd run into any issues. It shouldn't confuse the auth app at all because it's designed to work with multiple keys. He even mentioned that a mix of the NFC and bio keys is an option. The biggest issue would probably be trying to remember which account is on what key!
I’m looking to upgrade my security with 2FA. Do you have a video on how to get started with the Yubikey and specifically, how to authenticate multiple Yubikeys with the same online account?
Hey John! Have you seen this video I produced last month? czcams.com/video/fzUVrz0ixn8/video.html To setup multiple Yubikeys on the same account, you simply have to go through the same process in the video above again with the backup key. There is no "migration process" or way to duplicate keys other than setting them up separately, preferrably at the same time, on the same account. Does that help?
5:33 you say "something that you have to have" but a finger print is "something that you are", while the YubiKey is the actual "something that you have" and the pin code is the "something that you know"
For me I see a potential HUGE down side : it'is/can more fragile an more prone to defect. That's a deal breaker for me, beside that I have a bad experience with biometric sensor so I don't like it. On the security side their is multiple way to use a MFA token, on yubikey you can use opengpg for everything and configure it to burn the subkeys if the wrong pin is enter 3 times. So loosing it isn't really an issues and I guess it's more secure them a biometric solution maybe.
Hello! The authentication process must be an anonymous cross-system process. For the guarantee of security must not collect any identity from individuals needs your security. Attackers can find ways to identify the target user. So it's very clear to me that a fingerprint option is not a viable option.
The biggest downside to Yubikeys is that if you want backups. You need two (or more) keys at the time you set them up. This is where the Onlykey really shines imho. It lets you export an encrypted config file which you can later use to create new keys.
Ledger also has a Fido U2F app. I use my older Ledger Nano S as my universal backup key. It can be restored with the seed phrase, which I safely store with a Cryptosteel Capsule in a bank vault.
Having the ability to export on a key is like having a "secure" backdoor in software. No matter how hardened the security it's always a potential point of failure. The fact that YubiKey does not have this will always make it superior. You are correct that this makes the YubiKey less practical for the average Joe. However the people that need the extra security can surely afford it. I also want to add that you can setup keys later. One way to do this is keep your private key on your YubiKey, then save your OTP QR codes and encrypt it with the key. This way you can unencrypt and add them to a second or third key.
@@AllThingsSecured Hi, I am interested in Security Key NFC so I could get a spare on a budget. However, from your comment, does that mean that if I currently use OTP authenticator apps right now, I should go for the Yubikey 5 NFC instead?
Re Nano option. Is the depression of the unit a toggle switch or is the product somehow reading my print? If merely a toggle, what's to prevent non-me from gaining access? Txs.
4:44 Your fingerprint actually is Not Stored in the key, but the mathematical result, sum let's say of the calculation that is checked if it matches with the result of scanning of your finger. This cannot be read from the key, But even if it is read it is Not like a scan, or photo of your fingerprint and cannot be used somewhere else. 🙂
Hey Josh, I enjoy watching your videos-keep up the good work! Can you make a video on how to set up your Mac, iPhone, Android, Windows for privacy (like settings to use, apps to install, etc.)? Also, making a video on email forwarding service, such as AnonAddy or iCloud Mail relay, would be really helpful! Furthermore, I would like your opinion on using apps vs web browsers. Do you sign in to apps on iOS or use the web browser? For example, using the CZcams app vs the browser or the Amazon app vs the browser or the Netflix app vs browser. I wonder if it's better to use the web browser because the company will have less access to data, but at the expense of user experience. Wouldn't companies be able to link the dots together easier if you use native apps? For instance, signing in to the CZcams app also signs the user into every other Google app. (Any thoughts on progressive web apps, LOL?)
Hi mate, excellent videos and responses here in the chat 👍 I have 2 of the blue keys that serve me well.Thinking of getting the bio so i can just leave it in the laptop without the worry of someone stealing my laptop with the blue key in it. Then obviously I'll have the 2 blue ones as backups. I can't see a issue with this,do you? One would have to know the password of the bio yubikey to use it right? Thank you 🙏
Yubikey has some apps that are not supported and at present after multiple attempts Yubikey manager will not run on my win 10 laptop. Leaving me with default options and zero backups of PUK or PIN.
Awesome as these are the two I selected for that exact reason. Now concerned that the BIO may not work for the sites I want to use it for. Hopefully, support is added in the future if that's the case.
Like you can set up a security key for your iCloud account can you do the same with Samsung for your Samsung account I personally haven't seen an option in settings all I can see is backup codes authenticator app SMS text which I hate and that's pretty much it there's no option for security key I hope Samsung address this I hope Samsung add an option for for security keys like Google and apple and so on
I agree that no NFC is a pain but this can be overcome by using a USB-A to USB-C converter or for the older iPhones a USB-A to Lighting converter. I do this without issue on my Android.
Perhaps a silly question, but I assume you can have more than one backup Yubikey. My daily one, my backup at home, my backup at a family member's house, etc. Is that the case? In the same way, if I did break or lose my main key then I could just make a backup from my backup. Correct? Thanks for all your videos Josh!
hi josh. i have a couple questions 1) if i leave the yubikey in my pc 24/7 , and i have lasspass, if my pc is stolen, won't they have access to all my logins? and if so what do you reccomend to prevent that? 2) another question, not related to yubikey per say, but i want to do estate planning for my kids when i pass on and was thinking if there is a device that i could put my kids finterprints like the yubikey bio so only they could access and on this device would be my will and bank info, btc wallet and info they need, where i can put all my notes/instructions to them on how to use and what to do where i know this can't get into the wrong hands. or it could be online method as well, but this is what i'm trying to accomplish that if i become 'inactive' i want them to access and only them this info, would love to hear your suggestions or maybe you made vid on this topic already
Hey Andrew, interesting questions. Here are my answers: 1) I don’t leave my 2FA key constantly plugged into my computer and I generally don’t recommend that for the very reason you stated: theft. 2) I generally don’t like to rely on technology for estate planning. I use it as a backup, to be sure, but I have a primary estate plan that is kept with my lawyer or printed and physically put in a safe. I just don’t trust that the technology won’t break or no longer be compatible 10 years down the road. I mean, imagine if you had kept all your estate stuff on a CD 10 years ago! I do t even know if I have a CD reader in my house anymore! 😜
If your PC with the key and LastPass gets stolen you immediately change your masterpassword and from there refresh all 2FA Codes (the OTPs) and disable the missing key from FIDO enabled accounts.
Hi Josh, a query I currently have the Yubikey Security Key (the blue one), with which I have registered all my services with authentication by Key. I want to buy a second device now to have a backup in case I lose one ... I want to buy the Yubikey 5 NFC (The black one), and use it as the main one because I have the TOTP there and I currently use the authenticator microsoft, I would like to pass it all to the authenticator yubikey. Now, if I have as a second option the blue one for backup, the TOTP will not be able to recover it in case of losing the black one, correct? What do you recommend me? Thank you very much for your videos.
If I understand your question, Juan, you want to have the 5 NFC as your primary key as well as Authenticator. The blue key is the backup (which doesn’t have an Authenticator). In that case, you can always keep Microsoft Authenticator as a backup to the 5 NFC. Does that sound right to you?
I have a question. I want to go passwordless on outlook 365, personal account. How can I do this without the MS authenticator app? I just want to use my key ONLY to login, otherwise what's the point of the security? How do you accomplish this?
Thanks for the video. You answered some questions I had about using it with mobile devices etc. Is the pin backup open to brute force? It would not take long to go though 9999 numbers if it allows 4 digit pins?
These keys should be MUCH smaller! Type C and using smaller fingerprint readers, as we see on the side of some smartphones. With a reinforced loop to hold it in a keychain, chain or use itself as a keychain.
No they don't. We need to chose between size and aditional security, or bio or nfc. There is no option with all 3 in the same device yet.@@AllThingsSecured
Care to post a link? I just checked out their website. There is no option with NFC+BIO+USB-C+Additional Security+Smallsize. The biometric sensor itself is huge. @@AllThingsSecured
Man why is it so hard to find video's on yubikeys? I just want to know if I'm getting the actual yubitkey. I bought my yubikey from Amazon for $35 vs if you buy it from pretty much anywhere else it's double what I paid.
Great video! Something I do not like of the Yubikeys is that someone can of course, steal them (or I can lose mine). I have two standard Yubikeys but I am thinking I will buy the Yubikey bio. Would you know if the Yubikey Bio works with Binance? Cheers.
Hi Josh, I’m considering buying an YubiKey 5Ci, since I suppose, owning only two iPads Pro (one 2020 and one M1) and an iPhone 12. So I have no desktop or laptop. I use 1Password for all my passwords and 2FA codes. Considering this and that my use is mostly personal, and at €70 each key (buying 2), would you still recommend the investment. After looking at the services compatible, I would probably using the YubiKey withe no more than 5-6. Thanks and keep up the nice videos.
What about the blue regular series ? Would be for coinbase. My phone does not support NFC so i was looking at the cheaper blue series. It is just as secure ? I think it would be. It supports what coinbase want's
Yes, the blue "Security Key" series is just as secure, but it lacks the ability to create one-time passcodes (OTP) to replace an authenticator app for those online accounts that don't accept 2FA keys. If all you need is something for Coinbase, though, you should be good with the Security Key.
regarding setting up the backup key: how many backups can you have? For example, could I have a backup I keep at home, and a third key I keep off site?
It seems to depend on the service. Google, for example, has allowed me to have 5 different keys associated with my online account. There may be a limit, but I’m not sure what it is.
depending on the service you can have many keys. (Lastpass for example lets you add 5 but you have to pay for premium AND NOTE Bio doesn't work with Lastpass but 5 series does.
I have 2 keys provided by employer. I wanted to do some checks what I can do. Very disappointed with the support. The tests are flaky. In some areas it works, but fails with OTP. BIO is not sold on a website. Such a disappointment. Hey Yubico, add some sort of clear documentation to troubleshot a concrete error instead odf sending to your QA section where you can lost. Why it reports invalid OTP and what is required to do to fix?
If this is supplied by your employer, then it’s the responsibility of your employer to help you troubleshoot. And yes, the Bio is sold on their website.
Very helpful video - thank you. Do you know how this adds security to my smartphone on my google account? On the google account I cannot log out but only remove the account from the smartphone. So - if I'm always logged on, therefore 2FA authenticated - is not that even worse? Cause if the phone is stolen its stolen with the 2FA on.
I'm not sure I understand completely. Your phone should be locked and you can always log the phone out of your Google account remotely if it is stolen/lost.
@@AllThingsSecured Hi, sorry if I cannot express my concern in a more clear way. Yes the phone is locked but I'm confident the usual street thiefs can find a way to crack that. Regarding log out the Smartphone from the Google Account remotely via a PC log-on. I tried that. And - suprise...I'm still logged on on the smartphone. Google is like HIV. You can't get rid of it.
I agree with CyberMedics. This doesn't replace your first line of defense (i.e. a good password), it simply add another layer of protection for those accounts that are more sensitive than others.
definately Yubico pricing more because i paid yubico 5 NFC 50+15$ with shipping. after if arrived in India UPS asked 39$ for import fee. this is super pricing with total of 103$. even they put in air cargo/kg it was 15$ but they put useless courier service, now I got forced to pay 39$ because of them.
@@AllThingsSecured Any theories why in God's name they wouldn't just keep the yubikey 5 formula with widespread acceptance - and throw the bio on that? A "yubikey 5 bio" if you will.
Thanks for this great video. I'm trying to understand why some services work with the 5 series but not the Bio. Is it just because they use TOTPs instead of FIDO2/U2F? My understanding of FIDO is that the biometric stuff is entirely local, and once that layer of authn is completed, the flow is the same as it would be with a Yubikey 5.
The 5 NFC also is procteted by a pin ... not impressed so far by the bio. If they could restore my 2FA codes by using any bio security key I would be totally sold (I mean, it would be like saving all my vital 2FA codes on my fingertips).
Yea, I understand. I feel like the Yubikey 5 NFC is the best option for that scenario right now. It doesn't offer any biometric lock, but it's still a key you can keep with you.
If you use OTP codes (rather than FIDO2), the secret key can be programmed into multiple authenticator for time-based solutions. Basically, if you are getting a 6 or 8 digit code that changes every 30 or 60 seconds, you can scan the same barcode to multiple tokens.
If fingerprint is stored on the device then why there's a generic windows prompt for scanning the fingerprint? Seems like it's Windows which does fingerprint check all the time.
I love the bio I use ro take fingerprints for the FBI have a wayy better gov gig but your prints will last a while unless you a hard worker in the field so guys/ladies folks use it it’s not a bad option of course have a back up just in case
Was this a helpful comparison for you? Leave any questions below and I'll do my best to answer. And I always appreciate your support when you use my affiliate links to buy either the Yubikey 5 series keys (geni.us/yubico-5c) and the Yubikey Bio series keys (geni.us/yubico-bio).
yes, this is very helpful
Glad to hear it!
Very good explanation. Thanks. I just bought 2 x Yubikeys 5 NFC. Since I will be using them on my desktop, laptop, smartphone. That's exactly why I did not choose to buy the biometric version (No NFC).
@@AllThingsSecured i kind of didnt understand how for the laptop its necessary the bio Yubikey but than i could acess the account from a nft yubikey in my cellphone? I thought the only way to acess the account would be with a bio yubikey? Confusing
Hi!I’m sorry to bother you.I have an Apple MacBook Pro.Can I use the Bio series with that,to connect to my computer?(usb port etc.)
My friend who used to do woodworking also recommend you have a backup not based on your fingerprint.
👍🏻👍🏻
🤣🤣🤣
Add a toe for good measure
hahahahahh
Same for climbers... My macbook's fingerprint reader constantly fails me after a day of bouldering
The USB-C standard is on most newer Android phones, meaning you can use the Biometric function on Android. I'd like to just point out that while you personally use Apple, a large mobile market segment will be able to use the bio series.
@@kellyotter what adapter do you use? I’ve tried one and it doesn’t work.
Do you know if there's a Yubikey for microUSB ports?
You need a micro-USB to USB-C adaptor (See Amazan). Note: Another option is to use a magnet adaptor for both the port on the mobile and, the Yubikey. Unfortunately, magnetic cables do not yet have an IEEE standard so, you are locked into brand and style. @@RogueAmendiaresyourgirl
no. but you can go to the website and find it for your self like any decent human being.@@RogueAmendiaresyourgirl
@@RogueAmendiaresyourgirl I don't think so, but if you're device supports USB to go, you can probably get an adapter.
Hey mate. Just gotta say I browsed your comment section and noticed youve replied to virtually everyone with advice or answers.
Very strong commitment and impressive! I've followed.
Thanks, Daniel. I can't do it for every comment, but I do my best.
My advice for someone just getting into security keys, get 5 series with NFC. Covers the most use cases.
Agreed, Peter. I shared pretty much the same advice in the video. 👍🏻
Doesn’t work for iPads with lightning
Doesn't nfc reduce the security of the key? With a transmitter you can read the key? We lose the security of the hardware encryption principle
@@comecontre7912 read the key? how?if you need to hold the key almost against the key to work? and if so then still how can one decrypt the software on the key?
@@comecontre7912 you should NOT be able to read the secret key!😐
I think you mean an attacker could access the key from a distance.
This was very helpful, and gave me some clarity. Appreciated the insight!
I work for a company that uses cleaning chemicals daily and i've found that when I had the fingerprint scanner on a phone, I had to use multiple fingertips as backups to unlock that phone. The chemicals alter the way my prints registered on the ID pad. So i've become very leery about using my fingerprints for my sole access.
Very interesting. Thanks for sharing your experience!
Why don’t you wear gloves? Chemicals are not good for you.
Good point about the removal of NFC. I overlooked that initially. Thanks
Glad this was helpful, Marvin. Thanks for the comment!
@Sayed Hamid Fatimi that power can be given by the device itself. so it wont matter. even a cell phone can power the biometric.
any device has way more than enough power to power the biometric of any biometric key.
@@TwstedTV NFC and Biometric? So we'll have another 'You're holding it wrong' situation on our hands.
Dude, this video helped me to decide to buy which key as my backup. Thanks a lot.
Great Video on 3 Factor Authentication Josh... Thank You...
1st Factor Auth: ... UserName & PassWord Submited
2st Factor Auth: ... Yubi Key inserted into your Desktop USB and clicked when prompted.
3rd Factor Auth: ... Yubi Key Biometrics test combined with Key and clicked when prompted.
Excellent Video Josh...
One for you and one for spouse but both are also saved for you and spouse. I would also suggest a third that is stored in a VERY safe place.
Informative and concise! Thank you. When you say the bio doesn't work with some accounts....basically because the bio doesn't support the authenticator applications. If an online account requires you to use the authenticator app, then you would not be able to use the bio key.
That is correct. I don't think I did a good job of explaining that and perhaps even misspoke about the authentication protocols (I'll need to double check). The important point is that not all accounts accept a 2FA key and since the Bio doesn't have the authenticator - as you say - it can't be used for all your 2FA needs.
@@AllThingsSecured you did a great job. There's a lot to cover and so many different aspects. In the videos that I've done, it always seems I'm missing something in the presentation, so really appreciate your effort thanks again.
@@AllThingsSecured The BIO also doesn’t include PIV. PIV support (when used with a PIN) is also protected if your device is stolen.
thanks! I just buy a backup Yubikey 5 yesterday, and I was scared you recommended the BIO one 😌
Ha! You're going to love the 5 series, Martin :)
Question: What do you think of actively using 2 keys (the bio and the NFC)? I mean, using the bio for all the accounts it can be used for, and using the NFC for everything else. (with a third key stowed away as backup)
Would this create any problems, like confusing the auth app, or creating some other odd conflict?
Thank you for this informative and helpful video by the way!
I wouldn't think you'd run into any issues. It shouldn't confuse the auth app at all because it's designed to work with multiple keys. He even mentioned that a mix of the NFC and bio keys is an option.
The biggest issue would probably be trying to remember which account is on what key!
Awesome thank appreciate it I'm going to buy it early next year
Hope you enjoy it, Mitchell!
What about PIN cracker tools?
Would've loved some more focus on the different protocols here. As far as I know the bio doesn't support OTP for example.
It doesn’t. I thought I made that clear, so my apologies.
He indirectly expresses that at 6:19, but he doesn't explicitly state why those services are incompatible.
@@AllThingsSecured you should make this clear. Add it to the description.
I’m looking to upgrade my security with 2FA. Do you have a video on how to get started with the Yubikey and specifically, how to authenticate multiple Yubikeys with the same online account?
Hey John! Have you seen this video I produced last month? czcams.com/video/fzUVrz0ixn8/video.html
To setup multiple Yubikeys on the same account, you simply have to go through the same process in the video above again with the backup key. There is no "migration process" or way to duplicate keys other than setting them up separately, preferrably at the same time, on the same account.
Does that help?
Can you use the Bio to log in to Linux and MacOS with just the touch of the sensor? (like Apple TouchID)
5:33 you say "something that you have to have" but a finger print is "something that you are", while the YubiKey is the actual "something that you have" and the pin code is the "something that you know"
Thanks , great information !
what about the new iPhone 15 with USB type-C?
If you lose a device, can you deactivate it remotely? Thinking from a business standpoint if an employee looses one especially if it's the NFC.
Yes, with every account I have, as long as I have an admin or backup key, I can go in and deactivate a lost or stolen key.
For me I see a potential HUGE down side : it'is/can more fragile an more prone to defect.
That's a deal breaker for me, beside that I have a bad experience with biometric sensor so I don't like it.
On the security side their is multiple way to use a MFA token, on yubikey you can use opengpg for everything and configure it to burn the subkeys if the wrong pin is enter 3 times. So loosing it isn't really an issues and I guess it's more secure them a biometric solution maybe.
a good use case would be if you wanted leaved one at a semi secure location like your work computer
Hello!
The authentication process must be an anonymous cross-system process. For the guarantee of security must not collect any identity from individuals needs your security. Attackers can find ways to identify the target user. So it's very clear to me that a fingerprint option is not a viable option.
Yubikey even says the bio version is for shared workstation scenarios, not for the normal individual. Just get the 5 NFC.
The biggest downside to Yubikeys is that if you want backups. You need two (or more) keys at the time you set them up.
This is where the Onlykey really shines imho. It lets you export an encrypted config file which you can later use to create new keys.
Ledger also has a Fido U2F app. I use my older Ledger Nano S as my universal backup key. It can be restored with the seed phrase, which I safely store with a Cryptosteel Capsule in a bank vault.
@@P8qzxnxfP85xZ2H3wDRV nooo nooo how dare you use logic here
Having the ability to export on a key is like having a "secure" backdoor in software. No matter how hardened the security it's always a potential point of failure. The fact that YubiKey does not have this will always make it superior. You are correct that this makes the YubiKey less practical for the average Joe. However the people that need the extra security can surely afford it. I also want to add that you can setup keys later. One way to do this is keep your private key on your YubiKey, then save your OTP QR codes and encrypt it with the key. This way you can unencrypt and add them to a second or third key.
YubiKey just came out with the “Security Key C NFC” for just $29.
I saw that! Thanks for sharing, Lex.
The Security Key still lacks the ability to act as a OTP authenticator, thought, so I much prefer the 5 series.
@@AllThingsSecured Hi, I am interested in Security Key NFC so I could get a spare on a budget. However, from your comment, does that mean that if I currently use OTP authenticator apps right now, I should go for the Yubikey 5 NFC instead?
can you describe the difference between the 2 keys from security point of view, which is better and which techonelgy each of them is using
Thank you !! With this video !!! This video helps !!!! 😎😎 !!!!
Glad to hear it.
Re Nano option. Is the depression of the unit a toggle switch or is the product somehow reading my print? If merely a toggle, what's to prevent non-me from gaining access? Txs.
4:44 Your fingerprint actually is Not Stored in the key, but the mathematical result, sum let's say of the calculation that is checked if it matches with the result of scanning of your finger.
This cannot be read from the key, But even if it is read it is Not like a scan, or photo of your fingerprint and cannot be used somewhere else. 🙂
Already have the 5c which will be my back up and trying to decide between NFC or Bio. Think I will go with NFC for now based on your feedback.
Please explain to me how a "Security Expert" recommends NFC, a protocol with 0 security?
It seems that you missed the use of an OTG device with bio vertion...
Hey Josh, I enjoy watching your videos-keep up the good work! Can you make a video on how to set up your Mac, iPhone, Android, Windows for privacy (like settings to use, apps to install, etc.)? Also, making a video on email forwarding service, such as AnonAddy or iCloud Mail relay, would be really helpful!
Furthermore, I would like your opinion on using apps vs web browsers. Do you sign in to apps on iOS or use the web browser? For example, using the CZcams app vs the browser or the Amazon app vs the browser or the Netflix app vs browser. I wonder if it's better to use the web browser because the company will have less access to data, but at the expense of user experience. Wouldn't companies be able to link the dots together easier if you use native apps? For instance, signing in to the CZcams app also signs the user into every other Google app. (Any thoughts on progressive web apps, LOL?)
Thanks so much for the suggestions, Harold! A few of the ideas you shared are already on my content calendar, but I'll add the ones that aren't there.
@@AllThingsSecured I just saw those! Good stuff. Did you read the second half of my comment?
A very helpful video! Thank you very much!
Glad it was helpful!
UB key should team up with the security camera company
Hi mate, excellent videos and responses here in the chat 👍
I have 2 of the blue keys that serve me well.Thinking of getting the bio so i can just leave it in the laptop without the worry of someone stealing my laptop with the blue key in it.
Then obviously I'll have the 2 blue ones as backups.
I can't see a issue with this,do you?
One would have to know the password of the bio yubikey to use it right?
Thank you 🙏
Yubikey has some apps that are not supported and at present after multiple attempts Yubikey manager will not run on my win 10 laptop.
Leaving me with default options and zero backups of PUK or PIN.
Bravo man! you are a pro!
Thanks so much!
Awesome as these are the two I selected for that exact reason. Now concerned that the BIO may not work for the sites I want to use it for. Hopefully, support is added in the future if that's the case.
Yea, I hope so too, Kevin.
Muchas por subir estos videos nos ayuda mucho. Saludos
Why would this key be more secure than my authenticator app on my phone?
I heard they dont work on banking sites. Is that true?
Excellent video....well done
Thanks, Chuck!
I use my yubikey with a USB C adapter on my phone, works great
That's good to hear! I've spoken with Yubico and they tell me that it should work, but that's not what it was designed for.
Like you can set up a security key for your iCloud account can you do the same with Samsung for your Samsung account I personally haven't seen an option in settings all I can see is backup codes authenticator app SMS text which I hate and that's pretty much it there's no option for security key I hope Samsung address this I hope Samsung add an option for for security keys like Google and apple and so on
I agree that no NFC is a pain but this can be overcome by using a USB-A to USB-C converter or for the older iPhones a USB-A to Lighting converter. I do this without issue on my Android.
Yikes, that would be crazy annoying to have to pull out a converter every time!
What's the Best yubikey 5 NFC or yubikey NFC?
Perhaps a silly question, but I assume you can have more than one backup Yubikey. My daily one, my backup at home, my backup at a family member's house, etc. Is that the case? In the same way, if I did break or lose my main key then I could just make a backup from my backup. Correct? Thanks for all your videos Josh!
hi josh. i have a couple questions
1) if i leave the yubikey in my pc 24/7 , and i have lasspass, if my pc is stolen, won't they have access to all my logins? and if so what do you reccomend to prevent that?
2) another question, not related to yubikey per say, but i want to do estate planning for my kids when i pass on and was thinking if there is a device that i could put my kids finterprints like the yubikey bio so only they could access and on this device would be my will and bank info, btc wallet and info they need, where i can put all my notes/instructions to them on how to use and what to do where i know this can't get into the wrong hands. or it could be online method as well, but this is what i'm trying to accomplish that if i become 'inactive' i want them to access and only them this info, would love to hear your suggestions or maybe you made vid on this topic already
Hey Andrew, interesting questions. Here are my answers:
1) I don’t leave my 2FA key constantly plugged into my computer and I generally don’t recommend that for the very reason you stated: theft.
2) I generally don’t like to rely on technology for estate planning. I use it as a backup, to be sure, but I have a primary estate plan that is kept with my lawyer or printed and physically put in a safe. I just don’t trust that the technology won’t break or no longer be compatible 10 years down the road. I mean, imagine if you had kept all your estate stuff on a CD 10 years ago! I do t even know if I have a CD reader in my house anymore! 😜
If your PC with the key and LastPass gets stolen you immediately change your masterpassword and from there refresh all 2FA Codes (the OTPs) and disable the missing key from FIDO enabled accounts.
Hi Josh, a query I currently have the Yubikey Security Key (the blue one), with which I have registered all my services with authentication by Key. I want to buy a second device now to have a backup in case I lose one ...
I want to buy the Yubikey 5 NFC (The black one), and use it as the main one because I have the TOTP there and I currently use the authenticator microsoft, I would like to pass it all to the authenticator yubikey.
Now, if I have as a second option the blue one for backup, the TOTP will not be able to recover it in case of losing the black one, correct?
What do you recommend me?
Thank you very much for your videos.
If I understand your question, Juan, you want to have the 5 NFC as your primary key as well as Authenticator. The blue key is the backup (which doesn’t have an Authenticator). In that case, you can always keep Microsoft Authenticator as a backup to the 5 NFC. Does that sound right to you?
@@AllThingsSecured Yes, I was thinking about it, and so I don't have all my eggs in the same basket. haha thanks
i have 5nfc black and 5nfc key for android
i use them all the time for my facebook and twitter and gmail
I have a question. I want to go passwordless on outlook 365, personal account. How can I do this without the MS authenticator app? I just want to use my key ONLY to login, otherwise what's the point of the security? How do you accomplish this?
Thanks for the video. You answered some questions I had about using it with mobile devices etc. Is the pin backup open to brute force? It would not take long to go though 9999 numbers if it allows 4 digit pins?
Awesome advice 👍🏾👍🏾
Thanks!
Great vid!
Unfortunately I don't have fingerprints so wouldn't work for me.
on Yubikey 5 series
These keys should be MUCH smaller! Type C and using smaller fingerprint readers, as we see on the side of some smartphones. With a reinforced loop to hold it in a keychain, chain or use itself as a keychain.
They have that available as well.
No they don't. We need to chose between size and aditional security, or bio or nfc. There is no option with all 3 in the same device yet.@@AllThingsSecured
Care to post a link? I just checked out their website. There is no option with NFC+BIO+USB-C+Additional Security+Smallsize. The biometric sensor itself is huge. @@AllThingsSecured
My phone uses microUSB, so if I just a USB-C to microUSBB converter, would the Yubikey work with it?
Man why is it so hard to find video's on yubikeys? I just want to know if I'm getting the actual yubitkey. I bought my yubikey from Amazon for $35 vs if you buy it from pretty much anywhere else it's double what I paid.
hi, thank you very much...
My pleasure!
Great video! Something I do not like of the Yubikeys is that someone can of course, steal them (or I can lose mine). I have two standard Yubikeys but I am thinking I will buy the Yubikey bio.
Would you know if the Yubikey Bio works with Binance? Cheers.
Hi Josh,
I’m considering buying an YubiKey 5Ci, since I suppose, owning only two iPads Pro (one 2020 and one M1) and an iPhone 12. So I have no desktop or laptop.
I use 1Password for all my passwords and 2FA codes.
Considering this and that my use is mostly personal, and at €70 each key (buying 2), would you still recommend the investment. After looking at the services compatible, I would probably using the YubiKey withe no more than 5-6.
Thanks and keep up the nice videos.
Love my new Yubico 5 NFC
Great! It's still my favorite 2FA key as well.
I had zero luck getting two brands of fingerprint keys to work AT ALL. Ymmv.
What about the blue regular series ? Would be for coinbase. My phone does not support NFC so i was looking at the cheaper blue series. It is just as secure ? I think it would be. It supports what coinbase want's
Yes, the blue "Security Key" series is just as secure, but it lacks the ability to create one-time passcodes (OTP) to replace an authenticator app for those online accounts that don't accept 2FA keys. If all you need is something for Coinbase, though, you should be good with the Security Key.
Great video - very well explained. Where can I find out what applications work with the Yubikey 5NFC
I have a link to the website “what works with Yubikey” in the video description.
Do I need to set up YubiKey Manager to configure FIDO2, OTP, and PIV functionality? Thanks.
Why can't they make a bio with NFC? But the NFC activates only when the finger print has been activated?
Thanks!
Wow…thanks so much for the support, Fred! 🙌🙌
Can I configure a LUKS volume to be opened if I provide both a passphrase and the BIO or 5 NFC?
Excellect video...Well presented!
Glad you liked it, Ivan!
Love this info
NFC is wonderful but not all phones have it. Many Samsung and Sony devices come with it built in. Some Motorola devices too.
regarding setting up the backup key: how many backups can you have? For example, could I have a backup I keep at home, and a third key I keep off site?
It seems to depend on the service. Google, for example, has allowed me to have 5 different keys associated with my online account. There may be a limit, but I’m not sure what it is.
depending on the service you can have many keys. (Lastpass for example lets you add 5 but you have to pay for premium AND NOTE Bio doesn't work with Lastpass but 5 series does.
Thanks guys! Appreciate the info!
I have 2 keys provided by employer. I wanted to do some checks what I can do. Very disappointed with the support. The tests are flaky. In some areas it works, but fails with OTP.
BIO is not sold on a website. Such a disappointment. Hey Yubico, add some sort of clear documentation to troubleshot a concrete error instead odf sending to your QA section where you can lost. Why it reports invalid OTP and what is required to do to fix?
If this is supplied by your employer, then it’s the responsibility of your employer to help you troubleshoot.
And yes, the Bio is sold on their website.
i have 2 YUBIKEYS 5 series the NFC and the YUBIKEY 5Ci
Very helpful video - thank you. Do you know how this adds security to my smartphone on my google account? On the google account I cannot log out but only remove the account from the smartphone. So - if I'm always logged on, therefore 2FA authenticated - is not that even worse? Cause if the phone is stolen its stolen with the 2FA on.
I'm not sure I understand completely. Your phone should be locked and you can always log the phone out of your Google account remotely if it is stolen/lost.
@@AllThingsSecured Hi, sorry if I cannot express my concern in a more clear way. Yes the phone is locked but I'm confident the usual street thiefs can find a way to crack that. Regarding log out the Smartphone from the Google Account remotely via a PC log-on. I tried that. And - suprise...I'm still logged on on the smartphone. Google is like HIV. You can't get rid of it.
does this negate needing a password manager?
You should still use strong passwords. A password manager will help with this.
I agree with CyberMedics. This doesn't replace your first line of defense (i.e. a good password), it simply add another layer of protection for those accounts that are more sensitive than others.
Thanks
Welcome
So the Bio won't work with Android?
For your back up Yubikey, you registered it as another key or you registered it as a spare key (same key information as the original one)?
The keys are unique, so there is no such distinction between “another key” and a “spare key”.
@@AllThingsSecured Ok, thanks.
Thank you.
My pleasure!
What can i do if i lost my security key?
How do I use it on android?
I have the Yubikey 5 NFC.
definately Yubico pricing more because i paid yubico 5 NFC 50+15$ with shipping. after if arrived in India UPS asked 39$ for import fee. this is super pricing with total of 103$. even they put in air cargo/kg it was 15$ but they put useless courier service, now I got forced to pay 39$ because of them.
I wish the Bio one would have NFC
Yup. I was so excited for the bio to come out. And then it did.... Now I have no plans to ever buy it. Lol
Yea, I know what you mean, Greg.
@@AllThingsSecured Any theories why in God's name they wouldn't just keep the yubikey 5 formula with widespread acceptance - and throw the bio on that? A "yubikey 5 bio" if you will.
I think they’re working with enterprise customers like Microsoft and that’s who they’re trying to appease, not the average consumer.
Which Yubikey is best for the current family of Apple devices ( IPad Pro w/USB-c, IPhone 12Max)
I recommend Yubikey 5C NFC.
Such a useful video
Glad it was helpful!
I want one with a PIN.
How about OnlyKey?
Can I restrict number of apps I can use with Yubikey for enterprise?
Thanks for this great video. I'm trying to understand why some services work with the 5 series but not the Bio. Is it just because they use TOTPs instead of FIDO2/U2F? My understanding of FIDO is that the biometric stuff is entirely local, and once that layer of authn is completed, the flow is the same as it would be with a Yubikey 5.
Correct. It’s not about the biometrics, it’s about which security protocols the key supports.
@@AllThingsSecured Thank you, appreciate you taking the time to respond.
now what if you lose your key and your fingers?
The 5 NFC also is procteted by a pin ... not impressed so far by the bio.
If they could restore my 2FA codes by using any bio security key I would be totally sold (I mean, it would be like saving all my vital 2FA codes on my fingertips).
Yea, I understand. I feel like the Yubikey 5 NFC is the best option for that scenario right now. It doesn't offer any biometric lock, but it's still a key you can keep with you.
If you use OTP codes (rather than FIDO2), the secret key can be programmed into multiple authenticator for time-based solutions. Basically, if you are getting a 6 or 8 digit code that changes every 30 or 60 seconds, you can scan the same barcode to multiple tokens.
If fingerprint is stored on the device then why there's a generic windows prompt for scanning the fingerprint? Seems like it's Windows which does fingerprint check all the time.
No, it’s not Windows.
I love the bio I use ro take fingerprints for the FBI have a wayy better gov gig but your prints will last a while unless you a hard worker in the field so guys/ladies folks use it it’s not a bad option of course have a back up just in case