TheYubiKeyManagersoftwareletsyou
manageyourkey’ssecuritysettings
Facebooklets youuse asecuritykey for
two-factor authentication42 27 Nov-10Dec 2019
youarelogginginfrom,andyouwon’t
beaskedforyourkeyagaininthefuture.
Youshouldonlytickthisboxwhenon
yourhomecomputerorprivatelaptop,
soyouraccountremainsprotected
whensigninginfromelsewhere.
YubiKeydoesn’tneedcharging
(itpullsitspowerfromtheUSBslot
whenpluggedin),sothere’snodanger
ofyoufailingtologinduetoadeadkey,
andthere’snothingtoinstall,either.
Althoughyoudon’tneedanyextra
softwaretouseyourkey,there
areanumberoftoolsthatoffer
enhancements,includingaYubiKey
ManagerforWindows,macOSand
Linux(bit.ly/tubman4 89 ),whichshows
thenameofthekeyanditscurrent
firmwareversion,andletsyouconfigure
FIDO 2 ,OTPandPIVfunctionalityand
adjustsettings(onsupportedkeys).
There’salsoaPersonalisationTool(bit
.ly/yubper4 89 ),andanAuthenticator
(bit.ly/yubauth4 89 )thatgenerateOATH
credentialsviaWindows,MacandLinux
computers.BothworkwithallYubico
devicesbartheblueSecurityKey.
WHICHSERVICESDOESYUBIKEY
WORKWITH?
YubiKeyworkswithallthemajor
servicesyouarelikelytowanttouseit
with–theonesthatyou’dbemost
devastatedaboutifyouraccountwas
hacked–suchasGoogle/Gmail,
FacebookandMicrosoft.Weexplain
howtosetupYubiKeywithGmailinthe
workshopbelow,andtheprocessisthe
sameforothersupportedwebservices.
InthecaseofFacebook,logintothe
socialnetworkasyouwouldnormally,
usingasupportedbrowser(Chromeand
otherChromium-basedbrowserssuch
asVivaldi,BraveandOperaorFirefox),
thengototheSecurityandLogin
Settingspage(bit.ly/fb 489 )andscroll
downto‘Usetwo-factorauthentication’.
ClicktheEditbutton,thenfindthe
SecurityKeyentryandclickSetUp.You
canaddyoursecuritykeythere.
ForMicrosoft,gotoyouraccount
page(bit.ly/msaccount4 89 )andsignin
asnormal.Onthepagethatopens,clickthesafepictureunderSecurityandsign
inasecondtime.Click‘Moresecurity
options’and,under‘WindowsHelloand
securitykeys’,click‘Setupasecurity
key’andfollowtheinstructions.
Youcanbrowsethefullcatalogueof
servicesthatworkwithYubiKeyat
bit.ly/yubcat4 89 .Thepageletsyousort
thelistbysecurityprotocol,category
(browser,computerlogin,cloudstorage
andsoon),YubiKeytypeandcompany.
SomeservicesonlysupportOne-Time
Password(OTP)authentication,
wherebythekeygeneratesan
encryptedpasswordforone-timeuse.
Therearetwovariationsofthis–HOTP
(HMAC-basedOne-TimePassword)
andTOTP(Time-basedOne-Time
Password).Theformerusesacounter,
whilethelatterusesthetime.Thefull
listoftheseOne-TimePassword-only
servicescanbeviewedatbit.ly/
hotp 489 (HOTP)and bit.ly/yubtotp 489
(TOTP),butinclude 1 password,
LastPass,ElectronicArts,EpicGames,
Instagram,Kickstarter,WordPressand
theWindowsHelloapp.OTPisn’tas
secureasFIDOU2F,butit’ssecure
enough(see bit.ly/otp 489 ).
IfyoulogintoWindowsusingalocal
account(asopposedtoaMicrosoft
account),youcanusethenewYubico
LoginforWindowstool(bit.ly/
yublog4 89 ).Downloadthesoftware
(thereare 3 2-and 6 4-bitversions
available)andfollowtheinstructions.
ItworkswithWindows 7 ,8.1and 1 0.If
youlogintoWindowsusingaMicrosoft
account,youcan’tuseastandard
YubiKeytospeeduptheprocess,only1To protectyour Google account,
including Gmail, beginby turning on
2-StepVerification (bit.ly/goo2fa489),
if youhaven’t already.Makesureyou
have your YubiKey to handbut don’t
insert ityet. Goto bit.ly/gkey489.
Towardsthe bottomofthe page,you’ll
see the optionto add asecuritykey.^1
Click this link.2ClickNextand insert your key into
aspareUSB port.Your key will start
to flash andyou maysee whatlooks like
an error message onscreen. Pressthe
button or gold diskon thedevice. The
key should berecognised andyou’llsee
aconfirmation message.^1 You’ll then
be given thechancetonameyour key.^23Click Done,then logintoyour
Google account. Amessage will
appear promptingyoutouse your
securitykeytosign in.^1 If you’reon
your homecomputer,tickthe boxnext
to ‘Don’task again on thiscomputer’(^2) to skip thisstep in future. Plug in
your key and pressthe buttonto
completethe login.
MINIWORKSHOP|UseAYubiKeytoprotectyourGmailaccount
1
1
2
1
2