What is Yubikey ?
The YubiKey is a hardware authentication device manufactured by Yubico that supports one-time passwords, public key encryption and authentication, and the Universal 2nd Factor (U2F) protocol developed by the FIDO Alliance (FIDO U2F). It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows for storing static passwords for use at sites that do not support one-time passwords.Facebook uses YubiKey for employee credentials, and Google supports it for both employees and users.Some password managers support YubiKey.
The Yubikey implements the HMAC-based One-time Password Algorithm (HOTP) and the Time-based One-time Password Algorithm(TOTP), and identifies itself as a keyboard that delivers the one-time password over the USB HID protocol. The YubiKey NEO and YubiKey 4 include protocols such as OpenPGP card using 2048-bit RSA and elliptical curve cryptography (ECC) p256 and p384, Near Field Communication (NFC), and FIDO U2F. The YubiKey allows users to sign, encrypt and decrypt messages without exposing the private keys to the outside world. The 4th generation YubiKey launched on November 16, 2015. It has support for OpenPGP with 4096-bit RSA keys, and PKCS#11 support for PIV smart cards, a feature that allows for code signing of Docker images.
Founded in 2007 by CEO Stina Ehrensvärd, Yubico is a private company with offices in Palo Alto, Seattle, and Stockholm.[10] Yubico CTO, Jakob Ehrensvärd, is the lead author of the original strong authentication specification that became known as Universal 2nd Factor (U2F).
Best Buy Links Yubikeys:
1. http://amzn.to/2fNMt0H
2. http://amzn.to/2fNUwKV
3. http://amzn.to/2fGyIwV
4.http://amzn.to/2g6n0fE
How to use Yubikey with Google?
Congratulations, you have a U2F YubiKey! So how do you set it up to protect your Google accounts? Follow these easy instructions and you’ll be protected with the simplicity of YubiKey two-factor authentication in no time!
If you do not have a U2F YubiKey, you can still use your YubiKey Standard or YubiKey Edge to protect your Gmail account. See our instructions here to learn how to use authenticator codes to protect your account.
Requirements
- Latest version of Google Chrome browser (or at least version 38)
- A U2F Security Key, YubiKey 4, YubiKey 4 Nano, YubiKey 4C, YubiKey NEO, or other Yubico U2F-enabled YubiKey
- A Google Account (such as Gmail, Google Docs, YouTube, Google Plus, Blogger, Adwords)
Note: If your Google account is a managed account — such as with G Suite, Google Cloud, or Google for Education — your administrator must have enabled two-step verification before you can use your YubiKey. If the option to select 2-Step Verification is not available (as described in the steps below), ask your administrator to enable this security option.
Setting Up Your Google Account
- Turn on 2-step verification. If you already have set up 2-Step Verification, continue with the next step.
- Add a Security Key for 2-step verification. (We recommend that you add two YubiKeys, or Security Keys. They can be used interchangeably, or one can be your primary device, and one can be a backup device.
- Be sure to save backup codes (you will use these if you are ever logging in without your YubiKey). To do this, scroll down after you have added your YubiKey(s) and, under Backup codes, click Show Codes. Click Download or Print, and save the codes in a safe location.
- You can also set up Google Authenticator to generate verification codes if you don’t have your YubiKey. The Authenticator app can receive codes even if you are not connected to the internet.
Your YubiKey is now registered to your account as your default Two-Step Verification device! The screen now displays all devices that are registered to your account, so you can easily add another Security Key, or remove registered keys. (If you accidentally lose a YubiKey, come here and remove that YubiKey from your account. No one could log on to your account, though, because they would still need to know your username and password.)
- You can also set up Google Authenticator to generate verification codes if you don’t have your YubiKey. The Authenticator app can receive codes even if you are not connected to the internet.
Logging in to Your Google Account
Logging in to your Google account with your YubiKey is refreshingly simple.
- The next time you need to login to your Google account, insert your YubiKey.
- Enter your user name and password, and click Sign in.
- When the YubiKey begins to blink, tap it.
- If you want to trust this computer for a short period of time, so you do not have to insert your YubiKey each time you log in, check the box to Remember this computer for 30 days.
- If you do not have your YubiKey with you, click Use a verification code instead.
- If you want to trust this computer for a short period of time, so you do not have to insert your YubiKey each time you log in, check the box to Remember this computer for 30 days.
- If you do not have your YubiKey with you, click Use a verification code instead.
No U2F-Enabled YubiKeys?
Here is a one-time password solution for Gmail that works with YubiKeys that do not currently support U2F. It relies on a free application called the Yubico Authenticator (that works on the Windows, Mac, or Linux operating systems) to generate time-based authentication codes.
Running Microsoft Internet Explorer or Mozilla Firefox?
Mozilla is currently building support for U2F and Microsoft is working within the FIDO Alliance to bring support to Windows 10. But for now, you can use Yubico Authenticator, described above, for YubiKey two-factor authentication if your browser isn’t Google Chrome.
No comments:
Post a Comment