Yubikey setup for Ubuntu/Win 10

chascates · May 9, 2022, 2:25am

Bought 2 Yubikeys (BOGO) on their May the Fourth sale. Any suggestions for setting one up (2nd is spare) for my dual boot box? I plan to plug the key into an external USB hub.
Thanks.

Ben · May 9, 2022, 6:09am

What happens if you lose it? A long time ago I found someone’s keys with a yubi on it and the guy never came back to pick it up. Can you still login with your normal creds?

chascates · May 9, 2022, 3:43pm

That’s the biggest drawback. There’s also a phone authenticator app. And that’s why I bought a second key.
I’ll have to do more research before I use it.

hydn · May 9, 2022, 4:39pm

So I do have a pair of the Yubikeys. I’ve only set up with gmail/google so far. It does not work with my smartphone as I expected.

I can’t recommend it but would say not to buy either. It depends on how aggressive you will be in integrating. Regarding that, here’s a list of what works with Yubikey.

Edit: one key I also keep on my bunch of keys. The other is safe @ home as a backup. If lost, I can disable/de-associate the key and instead start to use the backup key. Then, also associate a new replacement key as backup (so that I have 2 keys again). Also, see Losing Your YubiKey

Cache · May 9, 2022, 11:09pm

I have done it on Ubuntu thanks to this video but I have never actually tried it in Windows 10 or otherwise, so I am not really sure how to go about using it on that.

TechGuyBryan · May 10, 2022, 10:47pm

Their website might have something for you depending on which one you purchased:

I have never used one myself. The reason being is that I have a horrible habit of misplacing things and I feel like everything I have in terms of security is done better than if I were to otherwise use a hardware MFA token.

ssimontis · May 11, 2022, 5:08am

The FIDO2 functionality should magically work. You’ll end up needing Yubico Authenticator on every platform if you want to use it for OTP. Smart card functionality is a little frustrating and incredibly overcomplicated…I set up an SSH key but it did not integrate as easily as I was led to believe and the OpenPGP support is pretty confusing.

I had an ex steal my identity so it gives me an overwhelming sense of security. It’s a pity so many financial institutions won’t support hardware MFA, let alone sensible password policies.

hydn · May 13, 2022, 9:58am

One thing im thankful for is that you dont need to use it everyday. Only when traveling outside of your usual networks or using a different device/computer then most websites will ask for the extra verification.

But as long as you are @ home/office on your regular devices you will rarely be asked by websites to authenticate with it.