Yubikey to secure servers.. has anyone tried it?
-
@timconsidine i recently documented the steps in a little blog post. https://blog.9wd.eu/posts/9wd-tech-external-services/
-
@jdaviescoates during the mess of figuring out how to get to that offer button, I created a new account and signed up for the offer just like you did. I received an email yesterday with the "decline" and telling me how to become eligible. The sad part is that I haven't received the coupon on my eligible account yet.
-
Update: I received my coupon email earlier today.
The email came from (add it to your whitelist):
resources {{a.t.}} info [.d.0.t.] yubico [.d.0.t.] com
Congratulations! You are one step closer to activating phishing-resistant MFA with industry leading Yubico security keys at an exclusive 'good for the Internet' price. Even better news! For a limited time, we're excited to surprise you with an upgrade to our multi-protocol YubiKey 5 Series! You are now eligible to purchase up to 4 individual YubiKey 5 NFC or YubiKey 5C NFC (minimum 2) starting as low as $10 USD. Ready to get started with the YubiKey? Here is your single-use coupon for up to four (4) YubiKey 5 NFC or YubiKey 5C NFC (minimum 2) keys for as low as $10 USD or β¬10 Euros at www.yubico.com But there is moreβ¦. Looking to purchase more YubiKeys? YubiEnterprise Subscription provides flexible purchasing options of YubiKeys, predictable spend, premium support and a lower cost to entry. Cloudflare customers with 500 or more users are eligible to receive an exclusive 50% discount off their first year of YubiEnterprise Subscription.
-
I got my for Yubikeys today.
-
@BrutalBirdie Nice! I got mine yesterday (a day ahead of estimated delivery). I just got around to setting mine up. Vaultwarden (webauthn method) works great. I tried to secure my laptop login (W11 Home on a local account) but it's still logging me in without the Yubikey. The drive isn't encrypted so that might have something to do with it. I read that Bitlocker is only available on the Pro version, not Home. I can use Drive Encryption instead but it's asking to log into a Microsoft account. It's days like these when I curse the devs of my work related software for not supporting Linux!
-
How are you all carrying your Yubikey around?
-
@humptydumpty i'm just carrying mine on my keychain. They are very robust. No problems so far with my 9+ years old key.
-
Here is my workflow with yubikeys (from now on short yk).
I have three.
- 1x Mobile
- 1x Stationary
- 1x Backup
If a webpage offers FIDO support, great! But? Only 1 key? The site must have multi key support. Good examples are Github, Hetzner and may more.
A BAD Example is kraken.com! A Crypto trading platform which only supports ONE KEY!
I had a lengthy discussion with one of the support head members who promised me, multi keys will be available soon. The all known SOON.If not, I use the TOTP feature from the yk.
This way I can always sync mobile and stationary and every quarter of the year I get my backup key from the bank vault and sync it as well.
This way I always a duo setup and 1x spare in case of absolute disaster.
I've been running this setup for quite some time and the vault key can be a bit annoying, but security over comfort.
-
@BrutalBirdie said in Yubikey to secure servers.. has anyone tried it?:
1x Mobile
1x Stationary
1x BackupI love the idea of having a stationary key. A Bio key attached to a USB extension cable hidden under the desk would be ideal for me
-
Is anyone using a Yubikey to secure a Windows 11 local account?
I upgraded to Pro, activated Bitlocker, and only have user/pass option active for signing in (no PIN, Windows Hello, etc.). It still signs me in without inserting a Yubikey. This is maddening!
-
@humptydumpty Windows no, my gaming windows only has password disk encryption but my linux has disk encryption 2fa support.
Sorry can't share anything on windows