U2F Security Keys May Be the World's Best Hope Against Account Takeovers (arstechnica.com) 162
earlytime writes: Large scale account hacks such as the billion user Yahoo breach and targeted phishing hacks of gmail accounts during the U.S. election have made 2016 an infamous year for web security. Along comes U2F/web-security keys to address these issues at a critical time. Ars Technica reports that U2F keys "may be the world's best hope against account takeovers": "The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms. After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication. The architects based their assessment on the ease of using and deploying keys, the security it provided against phishing and other types of password attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication."
The researchers wrote in a recently published report: "We have shipped support for Security Keys in the Chrome browser, have deployed it within Google's internal sign-in system, and have enabled Security Keys as an available second factor in Google's Web services. In this work, we demonstrate that Security Keys lead to both an increased level of security and user satisfaction as well as cheaper support cost."
The researchers wrote in a recently published report: "We have shipped support for Security Keys in the Chrome browser, have deployed it within Google's internal sign-in system, and have enabled Security Keys as an available second factor in Google's Web services. In this work, we demonstrate that Security Keys lead to both an increased level of security and user satisfaction as well as cheaper support cost."
Great! (Score:5, Interesting)
The only concern I have is that in some environments, the USB ports are disabled for security reasons. Also, how long do we have to wait before some exploit is embedded in those USB stick? ;-)
Re: (Score:2)
I don't even want to use USB. I want to be able to NFC with my phone, or my watch. If I have to use USB it should be to plug an NFC device into in order to enable this.
Plugging things in is annoying, just let me do a quick touch action for couple of seconds while it does whatever crypto it needs. Make it wireless powered too so I don't have to charge it.
Re: (Score:2)
Any time you use RF as part of your security, you are hanging your ass out in the wind.
Re: (Score:2)
While on the surface you're correct, if properly implemented, this technology should still be usable with NFC, as it doesn't rely on the security of the NFC link to be secure.
For one, an NFC link can only be exploited through sniffing in the immediate physical vicinity of the accessing device (and statistically-speaking, few attackers are financially capable of being within 10m of their victim). For another, the real security of authentication comes from the crypto chip (think embedded smartcard or TPM-typ
Re: (Score:2)
The only concern I have is that all this is, is a hacked-up smart card. "Next year will be the year of the smart card" is a joke so worn out that's about 15 years older than the same comment about desktop Linux, and yet it looks like someone at Google still thinks that smart cards (under another name) will take off real soon now.
So any time now we'll all be using our PS/2s to acess our Orange-Book secure OSI network using U2F tokens.
Re: (Score:2)
The fact that they're available at this price point, which puts them in the hands of pretty much anyone who owns a computer is pretty spectacular. PKI environments and their implementations were hard even for the DOD.
While I get the sarcasm, never has so many public sites accepted second factor so quickly and publicly.
Honestly though, I always assumed this would be handled by the government at some point, they issue passports and other identity cards, why not PKI certs?
Re: (Score:2)
It's not new. Organisations and governments have resorted to giving them away in an attempt to get people to use them, and they still didn't see any uptake. People don't even want them for nothing.
The government has tried to do this already in the form of the CAC. Military personnel are ordered to use them or face disciplinary action. That's a pretty dire model for smart card deployment.
So, this will fail just like every other attempt to deploy smart cards has failed (outside of things like replacing ex
Re: (Score:2)
Actually, most EU countries have identity cards, these cards are used for everything from your drivers license to international travel (Within the Union) they've all got certs on them, and they're provided by the government. Most people carry them to buy alcohol / enter clubs (Proof of age) or as a proof of ID when buying mobile phones or other high value items to reduce fraud. So in countries like Belgium and the Netherlands where I'd suggest high 90s in regards to % of people carrying them, I wouldn't cal
Re: (Score:2)
Yeah, that's a situation where we're probably arguing over semantics, does overloading an existing device with smart card functionality really count as a successful smart card deployment? The poster child for this is (e-)passports, you have to get a passport to travel, there's no choice, so it falls into the "ordered to use it" category of the CAC. Same with the example I gave, payment cards (credit/ATM cards), when you get a new card it has a chip in it, you can't opt out.
What I'm looking for is examples
Re: (Score:2)
If you could use a government issued ID to sign into Facebook or Google, and identify yourself for email etc, would you use it?
I just think of my parents, their getting SMS two factor codes from Google, Apple, their bank, and SMS is by no means secure.
If I could also use that to auth SSH etc, then yes, absolutely I'd use it, I'd suggest that MS would even get on board for smart card auth for Windows (Making certain default choices to allow for sign in using that tech).
Re: (Score:3)
TFA seems to imply that U2F only sends a public-key-encrypted challenge -- just the ciphertext -- without leaking the key identity.
I've not read the standard yet though. Do U2F keys come with the keypair preinstalled ("just trust us, we didn't keep a copy, trust us"), or can you generate and load your own keys?
Re:Great! (Score:4, Informative)
Re: (Score:1)
This is incorrect:per https://developers.yubico.com/U2F/Protocol_details/Overview.html
The device comes shipped with a burned-in device-specific private key that generates a key per application.
Re: (Score:2)
Read a bit of the spec. In addition to generating keys in a most likely unauditable manner, it seems it also includes an "attestation certificate" which the server "should" verify as signed by a trusted CA. Whether this cert is device specific is a matter for concern, as well as the fact that while this mechanism does not prevent a server from honoring a DYI-implemented device, it could IRL end up preventing that.
Another matter of concern is the presence of a token-wide counter... which presumably is to a
Re: (Score:1, Informative)
Re: (Score:1)
https://www.yubico.com/2016/05... [yubico.com]
While I appreciate what you say, got a better idea? You have to trust someone somewhere, would you rather pay 10x the amount for a Gemalto solution which does the same thing but none of it is open source?
Re: (Score:2)
The better idea is to build your own compatible key using a firmware you can audit yourself. I did exactly that myself: https://github.com/conorpp/u2f... [github.com]
Re: (Score:2)
How do you get around what Yubikey put as:
"Given these developments, we, as a product company, have taken a clear stand against implementations based on off-the-shelf components and further believe that something like a commercial-grade AVR or ARM controller is unfit to be used in a security product. In most cases, these controllers are easy to attack, from breaking in via a debug/JTAG/TAP port to probing memory contents. Various forms of fault injection and side-channel analysis are possible, sometimes all
Lol, oh really? (Score:5, Insightful)
"the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish."
Do you know how many times we've heard this kind of claim in the past?
I'd love for it to be true this time but I'm not going to hold my breath.
Re: (Score:3)
Indeed, but a lot of the time the claim has been correct until someone took an especially stupid shortcut for the sake of convenience. DVD encryption was one example (https://www.wired.com/1999/11/why-the-dvd-hack-was-a-cinch/)
Re: (Score:1)
"Emulation" is the word of the day. Anything can be faked. "Impossible" is great snake oil, and "just about" (pert near) covers all the liability issues.
Re: (Score:2)
"Emulation" is the word of the day. Anything can be faked.
That's it in a nutshell.
-
"Impossible" is great snake oil
Yep, and when they say it's "almost impossible", that means it's still possible.
Re: (Score:2)
Re: (Score:2)
Like any other 2k / 4k key, possible; computationally unlikely, but, you might get lucky!
Re: (Score:2)
These keys tie the generation of that information to a physical object which cannot be duplicated and cannot be transported around the world any faster than other physical objects. And b
Re: (Score:2)
These keys tie the generation of that information to a physical object which cannot be duplicated
We've heard that before as well, and it seems that sooner or later some clever bastard always manages to spoof it or clone it or whatever.
Like I said, I've love it if the claim that it's "impossible for attackers to guess or phish" were true, but would you bet your home, job, or bank account that this will still be true in a year?
The basic problem is that if you rely on signals that come over a wire, you can never really know who or what is on the other end.
Re: (Score:1)
I'd have gone with:
Your account are all belong to us.
How is this better than "phone app" 2FA (Score:1)
Re: (Score:2)
True, and it's a lot more convenient than a USB device. On the other hand, it's a lot more convenient than a USB device. You can phish TOTP authenticators by convincing someone to send you the QR code.
I use TOTP authenticators. If I had something really important to protect I might make all the users get the USB sticks.
Re: (Score:2)
A universe where the only port you might have is a USB OTG receptacle, such as micro-AB or C, or a Lightning port. A U2F key with a USB A plug won't fit into those without an adapter.
Or a universe where all of your PC's external USB ports have been epoxied shut. Some shops use this to deter exfiltration of confidential data.
Re: (Score:2)
Where is this dysfunctional universe? I would like to avoid it.
You'd probably want to avoid finance, the military, or intelligence.
Re: (Score:2, Insightful)
Because it does not require me to have a "smartphone". That's how it is better.
Re:How is this better than "phone app" 2FA (Score:4, Interesting)
I use the native 2FA feature for Gmail that leverages an app on any smartphone and it works great. No USB port required. https://www.google.com/landing... [google.com]
You question how dedicated security hardware is "better" than one of the most hacked platforms on the planet?
Give me a fucking break. This is the #1 reason I do not want my corporate users using hackedphones as the other half of 2FA.
Re: (Score:1)
This is why I laugh (so I don't cry) at my company's rush to replace the convenient RSA keychain dongles with the smartphone-based RSA app.
I know it probably saves RSA Inc. a ton of cash, convincing everyone to use an app rather than those key devices... we subsidize their platform with our own personally-purchased devices.
I liked having a dedicated RSA key for VPN access. I knew it was simple and reliable; it fit in my pocket, couldn't be hosed by installing the latest Angry Birds App or sitting on the dev
Re:How is this better than "phone app" 2FA (Score:4, Informative)
First, the app name is Google Authenticator. Second, it works with more that Gmail, I have my DNS provider, my GitHub and GitLab accounts, my Google accounts, my corporate accounts, etc all inside that application. It works on more that one site because they all support TOTP [wikipedia.org], an open algorithm, that is what the app, and many other alternatives like FreeOTP [google.com].
About what is better is the USB device that an application? The keys are stored on the device, and good devices are designed so keys are unreadable outside of it, only the generated code. Applications are vulnerable to malware on the device running it. The device ideally is less vulnerable of malware, it will be able to intercept current generated codes, but not extract the keys and generate codes themselves (unless the firmware is too buggy that it exposes the keys to the host device)
Re: (Score:1)
You do have a point that Google Authenticator can be used by multiple sources (and I do have a few different sites running off my GA)
I still prefer to keep a USB key on my keychain rather than making sure my phone hasn't run out of batteries at all times. But I will concede that's my personal preference. I lose my phone and it's a pain in the tail to restore Google Authenticator...I know it's not impossible and I know there are options for that. Again, my personal preference it to keep a spare USB key not o
Re:How is this better than "phone app" 2FA (Score:4, Interesting)
I screenshot all qrcodes generated by websites that support 2FA, encrypt then with OpenPGP, and store on a safe backup. I can change devices anytime I want without problems, I just reinstall the keys on the application scanning the qrcodes again.
Re: (Score:3)
You can also usually get the raw hex key if you click on a link that says "manually enter key" or "trouble scanning". You can then write that down and store it in a safe place.
Re: (Score:2)
Mandatory? (Score:2)
We have good 2FA now and hardly anybody uses it.
Google Authenticator is free, SMS 2FA isn't wire-secure, but it prevents almost all account takeovers, and "nobody" uses them because they're not mandatory.
But now we'll have a hardware dongle that will either fit in a computer or a phone, but not both (probably) and nobody will use those too? We got stronger crypto but we didn't need stronger crypto; what problem is this solving?
Re: (Score:2)
At one time, I had used my cell for SMS 2FA. Within a couple of days of giving my cell number out for 2FA, I started to get spam text messages and calls.
.
I've since switch my cell number and no longer use SMS 2FA.
The problem with using SMS 2FA is that too many advertisers and other trackers want your cell number for tracking and spamming purposes, and there is no way to assure the cell number will not spread beyond the intended 2FA purpose.
Re: (Score:1)
That is why I won't use Yahoo anymore because they insist on storing a mobile phone number with your account.
Re:Mandatory? Privacy killer! (Score:2, Interesting)
Not only that it KILLS anonymity, a basic human right for those who choose it and do no wrong with it.
First you have to BUY these things which is traceable.
Then they want you to use the *same* thing for all your accounts.
What a fucking joke!
Ever hear of The Federalist Papers, Bitcoin, or any other anonymous work of high import, influence, and so on?
All not possible without per instance anonymity and privacy.
Re: (Score:2)
SMS 2FA on Twitter doesn't work with a landline and is expensive with pay-as-you-go mobile, and Twitter refuses to support TOTP or U2F.
Re: (Score:2)
twitter supports TOTP now for like one week LOL
you can setup it via web
How do I set that up? In Security and privacy [twitter.com], "Verify login requests" was grayed out because "You need to add a phone [twitter.com] to your Twitter account to enable this feature." And the "add a phone" page still doesn't appear to offer TOTP/Google Authenticator or voice call support. Do I specifically need the Twitter app, not another TOTP client?
Or is it something that Twitter is rolling out to only a subset of its users as an A/B test?
Re: (Score:2)
SMS is insecure. There's a good reason NIST doesn't recommend it - you assume the number is associated with a phone, when that is not necessarily the case. It's also REALLY easy to MITM. In fact, in most mobile operating systems, when you see it on the screen, it's already passed through many layers of software and third party apps that could easily have
The eternal question: (Score:2)
does it run on Linux??
Re:The eternal question: (Score:4, Informative)
Linux? Yes!
I use these on Linux, MACOS and Windows for all my Github and Google accounts.
https://www.yubico.com/github-... [yubico.com]
See the FIDO U2F Security Key.
In other news... (Score:1)
Water is wet and rocks are hard.
If you still don't realize that secure 2FA is better than a password alone, I don't think a published article about the topic is going to change your mind. Unfortunately.
Of course portable hardware based 2FA is more secure than nearly any alternative.
Re: (Score:3, Informative)
A "second factor" presented as bits along the same wire as the bits of your password is not a second factor. They're both something you know. The only difference is you can lose the dongle and be fucked. You're still vulnerable to being phished or MITM'd or logging in via a pwned box or whatever else. The only thing time-based 2-factor approaches protect against is your own stupidity (reusing passwords or using bad passwords) and getting phished by a passive attacker who won't be using your credentials
Re:In other news... (Score:5, Informative)
You're still vulnerable to being phished or MITM'd or logging in via a pwned box
You can't be phished because the phishing site won't have the private key of the original website to validate to the key-dongle you are making a request to it from the original website that was stored when setting up the authentication originally.
You can't be MITM'd as as vulnerability any different than SSL traffic. The keys won't match to decrypt the traffic, which were exchanged originally when setting up the authentication.
Of course the encrypted data stream can be logged from a MITM position, just like SSL traffic now, but the idea is the attacker doesn't have either key to decrypt it to plain text and shouldn't have a quantum computer to brute force it in any reasonable time.
Logging in via a pwned box would only be able to intercept that session.
So yes, that can be quite damaging in some cases, but doesn't grant the attacker continued access. Remember, you need to push a button on the hardware dongle to reply to an authentication request and this request is only valid for the one session.
For situations like say banking, yes one session is enough to have your account drained.
But I fail to see how this is any WORSE off than not using the hardware key, while it is clearly still BETTER than not using a hardware key because it solves 2 of the 3 situations you describe.
You are falling for the typical error in assuming a replacement security function must somehow be 100% effective else it is worthless.
In reality, it only needs to be more effective than what you were previously doing to have some value, and you are ignoring that fact.
If it was only 1% better then you may be valid in claiming the time investment of switching may not be worth it.
But with the examples you listed it is clearly more than 66% better (2 of your 3 conditions are solved problems, and of the 3rd condition it is at least slightly mitigated even if not fully or even mostly)
Re:In other news... (Score:4, Informative)
Re: (Score:2)
SecureID is something you have. Your passcode is something you know. This seems like a simpler version for the masses. Good idea.
Just what I want, a browser with USB device access (Score:2)
The problem is that this isn't "true" two factor authentication. This is just an (extra) client-side key embedded in a USB stick, you can do the same (much more universally) with SSL keys which is better than a password but in no way is it either foolproof nor 2 factor authentication, both of the items are passwords, you're just saving a really complicated password in a keychain.
A good TFA requires something two out of something you have, something you know and something you are. Something you have should b
Re: (Score:1)
A challenge against a private key on an external hardware device doesn't count as a second factor to you? (Something you have)
First factor being something you know (a password).
Are you thinking it just spits out the same answer everytime?
This is better than the typical deployment of ssl keys since you can copy those off disk.
It's more like using a smart card but this is also better in that it's a different keypair per site without needing a central authority that could track you by noting where it processes
Re: (Score:2)
What sort of man in the middle attacks do you envision the machine you're using will be able to perform between the dongle?
During the initial key exchange, when the U2F device sends its public key to the server, a man in the middle could substitute the public key generated by his own U2F device.
During registration only, not logging in (Score:2)
It is important to note that could happen, if the MITM defeats the SSL/TLS session, only while the user initially REGISTERS for the service. The public key is not sent each time the user logs in.
Re: (Score:2)
Please allow me to clarify:
When the user registers while connected through MITM, the MITM impersonates the server to the user and the user to the server, providing the MITM's public key to the server instead of the user's. Then each time the user logs in while connected through the same MITM, the MITM contines to use its own keypair instead of the user's to respond to the server's challenge.
If that doesn't make sense, then could you summarize what information is sent?
Sounds good to me (Score:2)
That sounds good to me. What that means, of course, is that the attack wouldn't work for a site you already have an account with (barring combining it with probably two other attacks, plus the MITM, for a total of four simultaneous successful attacks).
Re: (Score:2)
Someone behind an authoritarian nation-state's MITM would probably have created the account while in the same country.
Re: (Score:2)
"something you are" if you can remove it with a knife, it isn't something you are. Also, once your biometric fingerprint (of any sort) is compromised, it's difficult to get the CA to issue you a new one.
Re: (Score:3)
That's still something you know. You know the code. You aren't proving that you have the phone number - SMS is incredibly insecure, numbers can be rerouted to other devices, someone else could have your phone, etc.
Re: (Score:2)
SMS is an attempt at "what you have", with lots of caveats.
Better than nothing - everyone has a phone. Not many people will buy dongles or tokens.
Re: Just what I want, a browser with USB device ac (Score:1)
It takes one phone call to your mobile provider and a little bit of a sob story to have your cell phone number rerouted. You don't even have to be a high profile target. These days, crooks who prey on tourists and hotel guests have the expertise to launch this type of attack. Ask me how I know :-(
Re: (Score:2)
You're simply wrong. It's just bits on the same wire. The fact that a typical user doesn't know the code without the dongle just means it's prone to failure.
It's no different than having your child type in 12 extra characters that you don't know at the end of the password you do know. You're passing off the knowing to someone or something else doesn't make it more secure, it makes it less so than if you had simply used a unique, random password.
U.S. SMS recipients are billed (Score:2)
Almost everyone has a cell phone with free text messaging
Then I guess I'm not among "almost everyone", nor are other pay-as-you-go users in the United States market, which is Slashdot's home country. It's traditional for U.S. carriers to bill half the SMS toll to the sender and half to the recipient, and many SMS 2FA providers (such as those used by Twitter and Steam) can't make voice calls to landlines. To upgrade from pay-per-minute to unlimited would cost hundreds of dollars per year.
I wish Apple would use something like this (Score:1)
Apple is pushing two-factor authentication right now, with an implementation that sends a numeric code to any of its devices that are registered to you other than the one on which you are authenticating. If you have two iPhones, an iPad and an Apple computer and change your Apple ID main password, two-factor auth takes you through several rounds of authenticating the change on each possible permuted pair of all of your devices. You will spend most of a day just entering two-factor authentication codes on on
Only as safe as dumb people... (Score:2)
Re: (Score:2)
"Hi, I'm from your company's tech support team (...) I'll be needing that key...."
I have the feeling that these are just like stronger locks. You basically push the burglar towards your neighbors.
A New Hope (Score:2)
Yeah, right (Score:2)
We'll see how this one turns out once it's had some proper review.
Just developing something in public and doing RFCs won't attract as much efforts as possibly knocking down something published, a feather in the cap for defeating Google's propeller beanies. Whereas the first is just, "was a helper", which matters for just about zilch in any CV.
Seriously, security dongles. That's the old new? (Score:2)
We run general purpose computers. Can't we trust our own operating systems enough to think they might store a couple bits of secretish data? If not, what good is any encryption since the attackers get every session key anyway? (not to mention the keylogger with the raw password and the memory debugger that sees every block encrypted and decrypted)
The only thing a dongle provides is certainty that another computer can't impersonate a fully compromised device without the dongle. Of course, dongle-failure
Re: (Score:2)
Put your money where your mouth is (Score:2)
After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication.
OK Google, then offer to ship these dongles out to your users at no cost. I'm not going to buy yet another little thing that's going to break, or get lost, or get stolen; I'll use it if it's free, though. I like PayPal's approach, they mailed out free SecurID dongles to anyone with a business account who asked for one. Mine still works fine on the original battery 10 years later.
Re: (Score:2)
Re:Put your money where your mouth is (Score:4, Insightful)
You are aware that RSA sold all of the SecureID keys to the NSA so that token is useless, right?
It's useless for hiding your activity from the feds, but it's fine for banking or anything else that's going to be reported to the feds anyway.
You can stop there (Score:3)
When plugged into a standard USB port
Aaaand I stopped reading as I can say with confidence 99% of people will never use it.
Just one of many problems - where do I put this on my iPad exactly? Or any mobile phone of any kind?
Re: (Score:2)
Remember Apple's new slogan:
"There's a dongle for that."
Re: (Score:2)
Yubikey Neo has NFC. I use mine with my phone all the time.
I use a Yubikey, but there is one problem (Score:2)
I don't keep my keys in my pocket, so I always have to go get my keys out of my bag when I want to log into my gmail, etc. I don't want the thing hanging around my neck, and not sure I want it on my wrist. How do you keep the darned thing handy at all times? I think I need a NFC yubikey type thing implanted in my hand.
Strong bindings between factors AND data channel (Score:2)
Well I've got to hand it to them at least this isn't just another tired old token passing scheme running over TLS. There appears to be something "ChannelID"? I don't really understand the specifics that seems to bind something from USB card with the underlying TLS session.
Still I have three comments.
1. If your going to do this why not deploy client certs and have your card store private keys for each site and just push all responsibility for interface (special standard for pkcs12 download, user attention..
Re: (Score:2)
Re: (Score:2)
The problem with client certificates is that you have to install them on a device before using the device.
The browser can grab them from anywhere it can anytime it wants. It can also pass-thru cert validation to physical trinkets that look like USB sticks or credit cards the same as smart cards have been doing for ages.
So you can only login from a device you completely trust. This is just another form of something you know.
It's not a second factor.
No it is clearly something you have. Using trusted system is an implied baseline requirement. It isn't ever optional. This business of logging on from devices you don't trust = GIGO.
With U2F you can, in a pinch, login from say a computer in the library and
This limitation does not exist with my suggestion to just use client certs. There is no reason to assume brows
Re: (Score:2)
Re: (Score:2)
Congratulations, you've just described U2F!
What I described is a smart card .. something that has been widely used for over a decade.
The difference in not reinventing the wheel with U2F is you don't need to modify servers to support experimental channel binding extensions. This can be deployed without modifying existing servers.
"Google is very much a not-invented-here, build it ourselves culture."
-Eric Schmidt
Re: (Score:2)
Lost (Score:2)
So what happens when you lose one of these things? Do you have to wait a week for a new one to arrive in the mail to access any of your accounts?
Re:Lost (Score:5, Informative)
The sites give you 10 temporary one-time keys to use, designed to be printed out and stored in a lock box. These are used for emergency access when the physical device is unavailable.
Re: (Score:2)
So its all the downsides of 2-factor authentication, without being 2 factor authentication.
Yubikeys (Score:5, Informative)
https://www.yubico.com/ [yubico.com] - Yubico, the makers of Yubikeys, is the primary company and primary devices that Google, Facebook, Github, Dropbox, and others use. Reading the various comments here on Slashdot, I just want to quickly clear a few things up. Some think this is just a theoretical API. No, it is fully implemented, and the hardware has been on the market. I've been using my Yubikey for over a year now. The thing is fucking amazing. The key supports several different modes, so let's go through a few of them really quick to clear up concerns from above.
The type of authentication mentioned in TFA works by plugging in the USB key. After that, the browser makes a request to the key. The key then has an LED that starts blinking to indicate said request. The key does *NOT* process the request until the button on the key is pressed. The encryption key stored on the physical key also can NOT be read off of it at all, the device handles processing of the initial request. (yes, admittedly, this is slower than a normal CPU, it takes 1-2 seconds to process)
There are other modes, too. There is a mode which works exactly like Google Authenticator, where you can register 2-factor codes with it. The generated time based codes can then be read back either by USB or by NFC on a phone/tablet. This has the added advantage of the fact the seed for the time code is not retrievable from the device. The only thing the device will transmit out is the calculated time-based code. This has an advantage over Google Authenticator, where a compromised phone could easily leak the seed values and generate new time based codes. This calculation instead happens on the key, and only the final result is returned instead.
This device also works with PuTTY for SSH authentication. This is by *FAR* my most favorite feature. TortouseGit on windows also uses PuTTY for authentication, so this includes source code. You can pull out the public key from the device, and use the device to authenticate yourself anywhere that supprts SSH. I personally use this to authenticate into a cluster of servers that I manage.
This device includes a static password, too. Not everything supports these newer modes. There are a couple services that I use which dont. A randomized password up to 32 characters can be stored on the device, and with a single press of the button will emulate a keyboard and type it in. This is much MUCH easier than trying to type in long complex passwords which use tons of extended characters. But again, this caps at only 2 passwords (the device has 2 "slots" total, and other things such as the method mentioned in the article takes up 1 of those slots as well)
But pretty much every concern I've seen in the comments on this page are all directly addressedon the Yubico web site. These guys have thought of pretty much thought of every possible scenario imaginable. This isn't just some weekend project. This is a serious security product help designed and implemented by some of the largest tech firms in the world who have a serious stake at securing their own networks. The price for the keys are really not bad, so yeah, I'd personally recommend them.
Re: (Score:2)
As per the GP, I've also used a Yubikey for years. Mine is the original one that doesn't support 2UF, but I've been using it for many things - including some of my own applications in OTP mode.
OpenVPN - Username + OTP.
SSH - Private Key + OTP from unknown sources (else just key).
Admin account on my hosting platform: email + password + OTP (written in perl).
Lastpass - Username + Password + OTP.
In the many years since I've had this key (remember, this is one of the first they made), I've had their validation s
Re: (Score:2)
SecureCRT also supports PKI based SSH authentication, it's without fail the best terminal emulator around. (Win / Mac / Linux)
I really do feel odd posting this to Slashdot (I feel like I'm going to get crucified for a slashvertisement), but I've used their stuff for years and they're worth a mention.
Github 20% Off (Score:2)
Don't forget to log in with your Github.com account for 20% off!
I just ordered 2, these sound useful.
Re: (Score:2)
As mentioned it has slots for two different keys you can program in. Why are you using a pw manager without support for two factor (I prefer using passwordsafe myself)?
world's best hope??? (Score:2)
That would be John Connor.
John Connor is leader of the Worldwide Resistance and last hope of humankind.
Wait! (Score:2)
Re: (Score:2)
Presumably the U2F key is more hardened against key extraction attacks than, say, someone with physical access to your machine and your user account's .ssh folder.
Re: (Score:2)
It works with Bluetooth and NFC [amazon.co.uk], as well.
Re: (Score:3)
The keys have a physical button on them an an LED. the LED starts flashing when the browser makes a request, and to authenticate, the user MUST press the button for the embedded circuit to process the encryption request.
Re: (Score:2)