this post was submitted on 16 Oct 2023
149 points (94.6% liked)

Ask Lemmy

26718 readers
1669 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics.


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] morphballganon 8 points 1 year ago (2 children)
[–] hiramfromthechi 19 points 1 year ago* (last edited 1 year ago) (2 children)

It's a hardware authentication key. Kinda like a USB flash drive.

You know how some services offer multifactor authentication (MFA), also referred to as two factor authentication (2FA)?

There are typically two types offered: time-based one-time passwords (TOTPs) where you have 30-60 seconds to type in a 6-digit code, and SMS-based where they text you a 4-6 digit code (that also expires within a set time frame).

With a Yubikey, you gotta plug in the Yubikey into your computer or phone. Or, there are some models that use near field communication (NFC) and you just need to bring it near the device you're tryna authenticate.

So rather than typing in those codes you get either from SMS or your authenticator app, you use the Yubikey as your authentication method.

[–] [email protected] 4 points 1 year ago (3 children)

Oh nice ! Thanks for the explanation. Is this type of authentication supported by many apps and services ? Can it completely replace an authenticator app on a phone ?

[–] Chobbes 6 points 1 year ago

Not everything supports FIDO U2F (the kind of 2fa that Yubikeys support), unfortunately. That said a lot of your important accounts might. Google supports it, GitHub supports it, Apple supports it. It’s a much stronger form of 2FA, so it’s nice if you can have it.

Depending on the yubikey you get it may also be able to do PGP so you can keep your keys locked up on it and off your computer so they’re safer. You can use this to encrypt / decrypt things, but also to cryptographically sign emails and git commits. You can also use it for SSH authentication.

[–] [email protected] 4 points 1 year ago (1 children)

For services that support fido2 keys, Yes 100% it replaces TOTP apps. Most services do not support fido2 keys. Just services that are very security conscience. Google, Microsoft, GitHub, cloudflare, AWS, azure, anything with a high technical risk surface will support fido2 keys.

[–] [email protected] 3 points 1 year ago

And amazingly, minimal to none online banking support

[–] [email protected] 3 points 1 year ago

I need a YubiKey to get 2FA code