Yubikey setup for Ubuntu/Win 10

Bought 2 Yubikeys (BOGO) on their May the Fourth sale. Any suggestions for setting one up (2nd is spare) for my dual boot box? I plan to plug the key into an external USB hub.

What happens if you lose it? A long time ago I found someone’s keys with a yubi on it and the guy never came back to pick it up. Can you still login with your normal creds?

1 Like

That’s the biggest drawback. There’s also a phone authenticator app. And that’s why I bought a second key.
I’ll have to do more research before I use it.

So I do have a pair of the Yubikeys. I’ve only set up with gmail/google so far. It does not work with my smartphone as I expected.

I can’t recommend it but would say not to buy either. It depends on how aggressive you will be in integrating. Regarding that, here’s a list of what works with Yubikey.

Edit: one key I also keep on my bunch of keys. The other is safe @ home as a backup. If lost, I can disable/de-associate the key and instead start to use the backup key. Then, also associate a new replacement key as backup (so that I have 2 keys again). Also, see Losing Your YubiKey


I have done it on Ubuntu thanks to this video but I have never actually tried it in Windows 10 or otherwise, so I am not really sure how to go about using it on that.

1 Like

Their website might have something for you depending on which one you purchased:

I have never used one myself. The reason being is that I have a horrible habit of misplacing things and I feel like everything I have in terms of security is done better than if I were to otherwise use a hardware MFA token.

1 Like

The FIDO2 functionality should magically work. You’ll end up needing Yubico Authenticator on every platform if you want to use it for OTP. Smart card functionality is a little frustrating and incredibly overcomplicated…I set up an SSH key but it did not integrate as easily as I was led to believe and the OpenPGP support is pretty confusing.

I had an ex steal my identity so it gives me an overwhelming sense of security. It’s a pity so many financial institutions won’t support hardware MFA, let alone sensible password policies.


One thing im thankful for is that you dont need to use it everyday. Only when traveling outside of your usual networks or using a different device/computer then most websites will ask for the extra verification.

But as long as you are @ home/office on your regular devices you will rarely be asked by websites to authenticate with it. :+1:

1 Like