Question Before I purchase a Yubikey I have a few questions about it if anyone may know.

Neostarwcc

Distinguished
Sep 12, 2013
104
2
18,585
0
Okay so, I was getting sick of my internet accounts getting hacked for the umpteenth time in a row. Since 1991 or so (Or whenever the internet came out I was a child when it did so I don't 100% remember the year) my internet accounts have probably been hacked well over several hundred times. About a year ago my Spotify account was hacked and I got my account back the same day, but the sneaky little bastard made me pay for a family plan and got free spotify premium for over a year before my wife went through our credit card statment and wondered why Spotify was charging us $15 instead of $10. Yes, I'm stupid and I don't really pay attention to whats being charged on my credit cards I just pay the balance because usually there's always $300+ worth of charges a month on my credit cards. Giving a hacker over $400 worth of service (He had several damn accounts linked to the family plan and not just one He probably sold the extra accounts and other people got free Spotify for a little over a year it enraged me)

Before you ask, no my computer isn't infected with malware anymore so the hackers didn't steal the passwords from my computers . I stopped being infected with malware after I stopped downloading stuff off of bittorrent, P2P ...etc. (They were legal downloads but for some reason even legal downloading from these clients infects you with a ton of malware) and got a lifetime subscription to zemana anti malware for my wife and I. Since then we've been malware free.

So after the spotify incident I said screw it I'm sick of hackers getting into my accounts and potentially getting free money out of me so I purchased a yearly subscription to a password manager and made 30+ Character passwords as each site would allow for my accounts. Since then, I haven't been hacked once on ANY of my 50+ online accounts (I have accounts for pretty much everything). It was a massive improvement from before because other times I was hacked probably every 3-4 months or so on average from anything to my Paypal account to my facebook to... anything really. It was ridiculous.

I was considering buying a yubikey 5 for extra security since apparently 2FA is the new way to secure accounts these days and the Yubikey isn't that expensive and I can even secure my windows 10 with it. It's very desirable to me. My questions are do you need more than one key to secure multiple computers/devices? I got my wife interested in security too. She doesn't use a password manager and refuses to but I've convinced her to remember 20+ character passwords to help secure her online accounts because she has a lot of them too. So do I have to buy my wife a yubikey as well or do they work across multiple devices?

My other question is do most online websites support YubiKey now or do only a few of them? Would YubiKey be right for me or should I get a fingerprint scanner or something of the ilk? What would be the most secure? I'm pretty new to what's available today in terms of security so any advice would help. Thanks!
 
Jul 26, 2020
6
0
10
0
Personally, if you're experiencing account issues, you should be putting 2FA on all those sites if you can and make sure you are changing your driver every two months or something. A password manage is a good; however, you cannot always stop everything form being hacked.

The Yubikey 5 is a good accessory, however you need to take into fact the human factor of it, what if you lost that key for example. You would need to go through all your accounts and remove the authentication. Also the YubiKey 5 NFC, works on your computers and mobile devices so that would be the best useful in my opinion from what I can see. I hope this helps.
 

Neostarwcc

Distinguished
Sep 12, 2013
104
2
18,585
0
Thanks for the help! I mean I suppose you could stick the key on a keychain or something but then what is your keychain gets stolen? Obviously no security is foolproof.

You brought up a good point though. Some of my accounts are also backed up by needing a code from my cellphone or tablet is that any secure? What are the odds that a hacker is going to be able to get through that? I also have biometrics setup on my cellphone and tablet that need my wife or i's fingerprint to have access to them. The only problem is they also want you to setup a password which we have in the safe (my wife knows them by heart but it's annoying to occasionally try to access our devices, need a password and have to go into the safe or ask my wife to open it for me. Sorry small rant coming ahead but, Aside from needing DNA to get in (I can see the future of cybersecurity :p) what's more secure than a fingerprint? Our fingerprints are one of a kind arent they? If not what are the odds someone trying to access your device is going to have a similar fingerpringt than me? I dont understand why I also need to store a password in my safe or wife to get into my devices.

My master password and computer password are both pretty secure and I know them by heart and dont have written down anywhere. That's probably the best security right? I just couldnt possibly remember 50+ 30+ character passwords. I'm not a computer, hence password manager.

If I need 2FA across all my online accounts and yubikey is more secure than cellphone/tablet I'm all for it. Maybe to not lose it I could stick it in our safe also. Just more of a pain and might be me being paranoid.
 
Jul 26, 2020
6
0
10
0
Some of my accounts are also backed up by needing a code from my cellphone or tablet is that any secure?
This is secure in some instances, it can be bypassed in some cases too. However, it shouldn't be something you should entirely worry about so much anyhow; it works enough for majority of people at the moment. It would be pretty hard for someone to go through the effort of doing it to get into your accounts, unless you have access to something "High Level" which the malicious user would spend time to do it.

what's more secure than a fingerprint?
The only thing that I can believably think for this case that is more secure is iris biometrics. However, fingerprint is enough for accounts or devices.

I just couldnt possibly remember 50+ 30+ character passwords. I'm not a computer, hence password manager.
It is recommended to use a well-protected and secured password manager, I use one myself; it is just recommended to constantly updating your passwords and keep going from there. Recommend reading and looking up about YubiKey I'm not fully confident on them.

I'd just recommend constantly using the password manager, updating your passwords, use 2FA and see how it goes. You're bound to get some issues from database leaks etc.
 

Neostarwcc

Distinguished
Sep 12, 2013
104
2
18,585
0
High level like a PayPal account where they can use my credit cards at will? Or does high level mean something else? If had people use my credit cards before but people usually just steal them from my wife's purse. Like in October she went to Ohio to see her family and her cousin get married and another one of her cousins took her credit card out of her purse and wrote down the information on it and charged on it ><.

Well DNA could be the future of security. Just lick your finger and move it across the censor. Each of us has our own unique DNA profile. But you're right iris would be secure too. You see that on tv all the time.

I only didnt mention what password manager for security reasons but i use Dashlane. I heard about yubikey because you can apparently add it to Dashlane for extra security. I also heard of 1password who is cheaper than Dashlane and seems to have better customer support. I'm considering going with them because they're cheaper and you can pay monthly instead of yearly. I'd just have to wait for my year with Dashlane to expire. It expires in Feburary.
 

ASK THE COMMUNITY

TRENDING THREADS