Secure your Google account etc from hijacking with YubiKey
Nov 23, 2019 9:39:25 GMT
RiP, IMDb likes this
Post by mslo79 on Nov 23, 2019 9:39:25 GMT
You can order from Amazon to but that's the official site in the website link above and you can get them a bit cheaper on there I suspect given it's $36+tax but with a coupon code I got mine down to $30.xx total cost as I just got the basic/standard ones (which require a device with a standard USB port to use! (they have devices that work with smart phones etc but they cost more. my advice is avoid smart phone use doing anything important online in general)) which is all one needs to secure their Google account from potential account takeovers.
NOTE: it's a good idea to have at least two YubiKey's minimum. one for general use and another for a backup in case you lose your primary one you won't be potentially locked out of your account and then with the backup you can login to Google and then remove the key you lost and then buy another and add that one etc. I am sure you get the gist of what I am saying in that you want to keep at least two YubiKey's active on your google account in general as this will help ensure you don't potentially get locked out of your account and will save you a lot of potential headache of getting your account back should you lose the YubiKey and only have one tied to your Google account.
taken from the YubiKey website (which is the site I linked to initially above) with the quote below...
With the YubiKey, user login is bound to the origin, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real. This greatly mitigates against the increasing volume and sophistication of phishing attacks and stops account takeovers.
so basically if you somehow get fooled into entering your username/password (to your Google account or Facebook etc) into a illegitimate login screen etc (i.e. what they call 'Phishing'), even though the shady person will have your username/password info they can't hijack your Google account (i.e. they can't take control over your Google account and other stuff that supports YubiKey) since they can't login without your YubiKey and since for many people their Google account is tied to stuff of higher sensitivity (like banking etc) you don't want someone taking over your Google account. or in the reverse... even if someone stole your Yubikey it will be useless for that person (at least useless in terms of getting into your account) without your username/password login info.
so the way I tend to see the whole Yubikey thing is this... If your Google account (email etc) is tied to anything you don't want other shady people taking control of, it's a small fee ($30 (or less than $40) ; use coupon code "YK19-EDU20" (it appears it expires at this end of this year)) to greatly secure your Google account from account take overs as YubiKey is not some semi half-@$$ed 'two factor authentication' like is typically used (with smart phone through a message) but currently can't be bypassed and it's been around quite a few years now. so it gives peace of mind that your Google account will stay your account for a small fee.
sure, they got two factor authentication with messages sent to your smart phone (and some other methods), but those are not immune to being bypassed like YubiKey currently is as, at least from what I have read, people using Yubikey (or the like) have never had a account hijacked yet as apparently Google has their employee's using them (at least the same technology, even if it's a different device, but they function the same) so they can't get Phished (even if they do fall for the Phishing and give out there account login/password info, in the end, their account can't be hijacked/taken control of by a shady person).
NOTE: apparently YubiKey works with Chrome and Firefox browsers (possibly some others but Chrome/Firefox tend to be the most popular browsers in general) since they have u2f support which is required to work with a YubiKey (and others like it using the same technology).
p.s. since we are on this topic, another thing that should be mentioned that everyone should be using regardless of whether they use the YubiKey stuff or not...
is that everyone should be using a password manager (which are generally free) so that you can generate long/random/unique passwords for EACH SITE you use as this makes you more secure in the sense that if someone managed to get a hold of one of your passwords on one site you ain't got to worry about it being used against you for other sites you got access to. because one mistake many people make is they pretty much use the same password for all of the sites they use which is a bad idea as if one site is compromised and a hacker gets a hold of your password they could potentially access other accounts online you have that use the same password (which accounts of higher sensitivity this could be a big problem) but a password manager eliminates this threat. another advantage of using a password manager is that it can generate long random passwords so there is basically no chance someone will guess your password as these are guaranteed to be much more secure than some half-assed password many people use when logging into random website.
but with a password manager... what it basically does is make a encrypted file on your computer that stores all of the login/password data to all sites you use and all you have to do is remember the programs master password (which you setup yourself) to access the encrypted file (database) the password manager creates and through a simple right-click and selecting copy/paste you can enter the info there into the website and login like usual. NOTE: to state the obvious... make sure you make backup copies of your password database file (and store in a secure location should you ever need it) as this way if for example your computer dies out of no where you won't lose your password database file and then can copy that file back to a working computer and continue to use it like usual as it's going to be a huge pain in the butt if you lose that file, so make backup copies!