You've purchased a YubiKey, maybe
even a second one for backup. And if you're like most people, you immediately went and locked down
your email account, which is awesome. But what else is there? I
get this question a lot. So today you're going to learn how to
use your YubiKey to lock down four of the most common absence services
that you might be using. Let's start with something
as simple as Vanguard. If you are in your Vanguard account, you can click on log in and you're going
to obviously use your username and log in to log to your personal investor
account or whatever account that you have. With Vanguard, it's going to look almost exactly the
same on whichever site that they have. You might have a security question set up. This is a second form of authentication, but not nearly as secure
as using something like a
security key. So once we are logged into our Vanguard dashboard,
you're going to go up to that, right? You're going to see that little icon near
log off and you're going to click onto that. That is your profile and account
settings. And if you scroll down, actually first we're going to click
on security and then scroll down. You're going to find security key. This is where you're going to
be setting up a security key, but if you've never done this before, you're going to need to make sure that
you have set up these security codes. And I haven't done this before, so I'm going through telling me all about
setting up two-factor authentication and I have to accept and
continue with the terms of use. And the way that they're going to give
me these codes is through my phone number. So I'm going to go ahead
and give them my phone number, which is not ideal, but this is the way that they require
me to do it. Now they want me to add a second phone number, which I definitely don't want to be
doing or add something like that. So I'm going to go back to my account
and then I have to go through this whole process again. Go up to the
icon in the upper right, go into security, and then
scroll down to find security key. Alright, it's going to tell you that you're going
to need a FI oh two compatible security key. Anything that you get from YubiKey
is going to be FI oh two compatible. And then we're going to have to scroll
all the way down to the bottom. Oops, sorry. And then click. I agree.
If you don't scroll to the bottom, they won't let you click. I agree. Or they won't let you get through
to the next screen, whatever. So at this point they're going
to make me check my phone. Again, this is just for their own security sake.
I'm sure it's a little annoying to me, but you're going to be getting another
code to your phone that you're going to enter in here in order to verify that
you are in fact the person who should be getting access and adding keys to this
account because obviously they don't want just anybody being able to add this.
So you're going to name your key. I have two keys, I've got the 5
NFC, and then I've got the 5Ci. So I'm going to go ahead
and just do the 5 NFC here. And once I've named it,
I'll click continue. If you have a password manager that
wants to try to save a pass key, don't do that. Or if you
get this kind of QR code, just plug the key in and press the button. Great. Got one security key. And then of course you do want
to add that second security key, and you're going to go through this whole
process again where it's going to tell you about the key that you're going
to be putting in. You've got to agree, scroll all the way to the bottom
and then register the key. And then you want to name it as, again,
since I'm going to be using this 5Ci, I'm going to do my YubiKey
5Ci, click continue. I don't want to save it in my password
manager and then I just plug it in, press the buttons, click allow if I have to and wait for
a moment while it registers. Excellent. We now have both of our security keys, the primary and the backup set
up on your Vanguard account. So this is what it would look like if
we were to go ahead and just log off of the Vanguard account. This is how
the whole sign in process would look. Now if you remember last time we had to
sign in with our username and password and then answer this
random security question. This time when we sign in with
our username and password, we're going to be requested
to plug in our security key. And so I just plug it in,
I insert the key and I tap, and then I can log into
my Vanguard account. Next, let's move on to your
Apple iCloud account. If you use an iPhone or even if you're
using a MacBook, either one or both, you can set up a security key
to lock down your accounts. So first thing we're going to do is we're
going to open up our settings on our account and you're going to go and
click on your name at the top up there. And when you click on that, you're going to see sign in and security.
This is where you're going to do if you were to change your password, if
you were to add an account recovery, any of that, but we want to click
on two factor authentication. You will probably already have
a phone number added there. And now we want to go into
security keys and click set up. And you're going to have to probably put
in your password in order to do this, but beforehand, apple lets you know
that this you need a Fido certified key. Again, that is what a YubiKey is. And Apple also requires that
you have two security keys, a primary and a backup before
you could even do any of this. So once you put in your password
and you have your two keys ready, go ahead and click allow and then
it's going to walk you through. We're going to add the
first key, click continue, and then I'm going to go ahead and put
that key in and tap it so that it is recognized by Apple.
And once I do that, it will be added and it will
go ahead and name that key. It's the Yubikey 5 series with
the NFC and I click continue. And then I'm going to add that second key, and this is where I'm going to do
my 5Ci. So I'll click continue. It will prompt me to insert and activate,
which I'm going to do and touch. And now it has the name Yubikey
5Ci, and I'll continue there. At this point it wants me to
review all of my active devices. I can take and remove some of these
devices that force them to go through the sign-in process again, or I don't have
to do that, which I don't want to. What's cool is that with this, and this is the same with
Vanguard that we just did before, you can add more than two keys if you
want. So if I want to have my wife's key also open up my Apple iCloud account, or if I have more than two YubiKey, I can add all of those to my account
and each one of them will work. Now the more you add, obviously the
more of a risk that you're taking, but it is nice that you can have
more than just one backup on there. And then of course if you wanted to for
some reason you could remove all keys right there. So now
that I'm done with that, I can exit out of two-factor
authentication and make
sure that everything else in my iCloud account is locked down.
Alright, when it comes to Facebook, even if you are not an active user of
Facebook, if you have a Facebook account, I recommend that you
add a 2FA security key. Your Yubikey should lock down that
account because your Facebook account, even if you're not active on it, can be used against you and it's really
not that hard. So let's go ahead and open up our Facebook account. And if you
go to the upper right on the icon here, we're going to look for settings and
privacy and then click on settings. And we're actually going to be
looking at the meta, the meta meta, however they say it, the meta password and security
because Facebook does it on just a meta level. And now you have the option to look at
both Instagram and Facebook accounts. So I'm going to click on
password and security. Here you see we have two
factor authentication and
then I'm going to get an option to choose which account.
We're going to start with Facebook, and I'll explain why we can't
really do it with Instagram, but you have different methods and I'm
going to go ahead and click on security keys because I have Facebook Protect, which is a advanced security program
that I've talked about in the past. I've already had to have a
security key on here, but I'm going to go ahead
and register a new key. I'm going to go ahead and make sure
that I don't save it in my 1Password. I'm going to plug in the key and press
the button in order to register that account or that key. And I'm
done with that and I can, again, just like all these other
accounts, I can add another one. Unfortunately Facebook makes me go
back and click through two-factor authentication, click on my account Josh
Summers here on Facebook, and then add another security key.
But I can do that. I would recommend, by the way, I didn't do this,
you see I don't do this here, but I would definitely recommend naming
the keys so that you know which one. So at the end here, as I
finish doing all of these keys, you're going to notice that
it's just Josh's 2FA security key is all that it names it and that.
Now I don't know which is which or Josh's security key. You can rename those keys if you
wanted to and I recommend you do that. And then you want to look at additional
methods. I use recovery codes. I prefer this over something.
Authenticator app wouldn't be bad. Text message SMS would be something
I would recommend against. So try not to do that. My two are
security key and the recovery codes, and now you've locked down your
Facebook account. We're almost done. And now we're going to
be looking at 1Password. 1Password is probably the most popular
password manager on the market. It's the one that I use and recommend
among a few others that I do like, but this is the one that
I've chosen and that I use. If you use another password manager, chances are they also allow
for 2FA security with a security key and it might look similar, but I'm going to go ahead and just walk
you through 1Password. The thing about 1Password, and I think this
applies to most of them, is if I go into my settings on the app
on my device and I go into security, there's not much that I can do in terms
of changing a password or adding two FA. The most that I've got is just touch ID
to unlock and I can change that or auto lock. If you want to change anything having
to do with your account password or two FA, you need to log in to the web app.
So I'm going to go into 1Password. I'm going to enter in log in, use my password to sign
in to my account here. And once I sign in, you can see here, it's just going to take a moment.
You've got access to all your vaults. I'm going to go over here to the upper
right on my name and click on my profile. There's a lot of information here, including an emergency kit
that I would recommend, but click on more actions and then
you're going to see manage two-factor authentication, and this is where you can set up an
authenticator app or in our case, a security key. So go
ahead and name that key. I'm going to start with
the Yubikey 5Ci here. Don't want to save that in 1Password.
That makes no sense whatsoever. Plug it in, tap it, and now it's
saved. Boom. That was super fast. Add another one, add another
security key. We'll name this one, the Yubikey 5 NFC. Click next, plug it in. Don't save it in 1Password as a pass
key and tap it and you're good to go. You've got that one. Again, you
can add as many as you want here, but one thing to note is when
you add these 2FA security keys, you're going to be required to
log in again on your account. So let's say I were to go in and just
change something on my Facebook test account here in 1Password. I'm going to change and use
a new password and save that. You can see here that offline changes
won't appear until you finish signing in. So you can sign in and this is
where it's going to ask me to do the authentication. So all you need to do
is plug in one of those keys, tap it, and you'll be good to go. And you're going to see this
red cloud with a line through. It is going to disappear in just a
moment. After that sign-in happens. The same thing happens if you
sign in on your mobile device. So if I'm opening 1Password
on my mobile device, I can open it up and then it is going to
ask me to authenticate with my 2FA key. If you've got the NFC key, all you
need to do is tap it on the back. If you have the 5Ci key, you can just plug it straight into
the phone and tap it. Either way, you are authenticating that you are who
you say you are when you're logging into this. One account. And that's going to be required for all
of the different places where you use or have downloaded 1Password before. Congratulations on leveling
up your account security. There are obviously many other accounts
where you can use your YubiKey for 2FA security, and if you want to
know what all of those are, UBI O has a list of what works
with YubiKey on their website. I'm going to link to that in the
description below this video. Or you can just use this link, all
things secure.com/2FA dash list, and that will show you everything
that works, all of the apps, all of the accounts that work with a
YubiKey. Oh, and hold up before you go. One more thing. If you come up against an account that
does not allow for two key security, but it does give you the option
for an Authenticator app, one of the great features of the YubiKey
5 series is that you can store these authenticator app codes on the key itself. I've done an entire video
of how to make use of this. There's the UBI co authenticator app for
your desktop, for mobile, for tablet, and you just tap or plug in your key
to unlock those codes and use them. So if you want that extra security,
but 2FA keys are not offered, that's how you would go about doing that.
I hope this was super useful for you. If you have any questions, please leave them in the comments and
I will do my best to respond to them.
