Bitwarden Secured with Yubico Yubikey!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] [Music] hello everyone i'm rick with cybermedics.org and we're here today to discuss bit warden and how to secure your online passwords with this application and the hardware ub key so let's get started first thing i'd like to say is i've never been a fan of password managers i thought they were just another vulnerability to your online account access so i've stayed away from them but i have to tell you things have changed they have really changed this password manager is an open source password manager that's been reviewed by multiple security people and firms to make sure that it's safe it also allows you to secure the vault with the authenticator application from ub key and in addition to that email accounts can now be secured with a hardware key so as i walk through this process you'll see that it's gone from a vulnerability to actually an enhancement of security if you use this online security manager for your password so having said that the first thing you want to do is go in and get started so it's standard account stuff you got to have an email your name a master password confirm that master password and then a hint i want to say that what they do they don't store your passwords they store a hash of your passwords which is a fancy way of saying they run it through a mathematical formula and out comes the other end something that they can authenticate when you type in the password the beauty of that is it's very secure because no one can reverse that hash and actually get your password the bad side of that is if you forget your password your account is gone so you better make sure that when you do this master password hint whatever you type in here for your vault if you want to keep this thing you have to be able to remember the password okay so so once you've done that you actually go in you log into your account and it's going to look like this okay so the next step that i advise is actually go to the chrome extension store type in chrome extensions and go to the chrome web store we're using google chrome browser for this demonstration and you're going to type in bit warden and then you're going to click here and in this case i'm just going to say remove from chrome because i had already installed it so that you can see the process of adding it so we're going to add it to chrome i'm going to say add the extension it's going to do a little check and that's going to tell you it's actually been installed once it's installed click up here and this little pin if you select that you'll see it has popped up now it's visible all right the next thing we want to do is we want to log into this extension because you logged in on the website but you haven't logged in here okay so once we've done that we'll get logged in you'll see there's no accounts that have been set up on your vault okay so let's use gmail as an example to show you how this process would work so we're going to sign in okay so what we want to do over here is call up the extension and say add a login and there's a little bit of work on the front end of this and that you have to put the accounts actually in the vault but once you do that you'll see this is so slick that i think you'll find it's well worth the time so put in use this is our account save the item now that once it's been saved all you have to do is click it and it's going to pre-fill the form and then you click next and it's going to pre-fill your password now you would say that's a little scary right but the thing is is that we're going to lock down this vault so nobody can get into it without a secure one-time passcode and this particular account i've locked down with a hardware ubi key so that makes the account even more secure so you see there we couldn't get into the account even with the with the password and id if we didn't have the hardware key plugged into the side of the device so there you go so the next thing that i want to show you that's why i logged into the website is you can go here and click settings and you can come down here and go to two-step login okay now they got a big warning here if you don't keep your second factor authentication capability active and forget how to use it or forget how to log into it or whatever you will not be able to get into your account so what it does is it creates a view recovery code and what i recommend is you click this view recovery code and then you save it in a secure location it's kind of like a backup code for analogous to backup code for gmail you know for to log into your gmail account so that recovery code would allow you to get back in here if you're you lost your key you couldn't use your authenticator or something to that effect okay so what we want to do is launch the uvco authenticator application all right so we're going to say manage here on the authenticator app you can use any authenticator app you want google makes one microsoft makes one ubi co makes one i just like ubico because i already have the security key so you can use whatever you want okay so now you have this barcode with a cipher on the bottom the key and we can go back into ubico and we can come up here and we can actually say authenticator scan qr code so once you scan the qr code it's going to automatically recognize that this was on the screen and it's going to say add the account and i've got at require touch you can see over here so that you actually have to touch the key to get in so now bit warden has been secured through the authenticator app okay and now you just say enable after you do [Music] after you click double click this there you go now that what that did is that generated your one-time password that you can actually put in here and that syncs the account with the authenticator all right so now those have been synced up together so what i'm going to do is just show you logging out the application the actual extension so we'll log out of it close this down and we'll come in here and we'll log in again and this time you can see it wants a six digit code so that's the code that you're actually going to generate from the ubico authenticator app and all you have to do is double click this touch the key and you'll see this code here and it's actually been copied to the clipboard so all you have to do is right click and paste that code in there and continue and now you can see you're logged into your vault so this account is secured with a physical ub key and now this account is secured through the authenticator app on ubico so in order for someone think about how secure this is now you've got your passwords in here which would be a concern because i've never used one before but now it's like to get in it they have to have the authenticator be cracked in other words they have to be able to get into the key that you actually use for the authenticator app and then if you've if you've secured this particular account with a key they have to have that key to actually get in the account so not only do they have to have your login id they have to have your password they have to have cracked the authenticator app and they have to have your physical key think about all that stuff right that's an extremely difficult account to get into at that point and you've streamlined the process to be able to get into your accounts you saw how easy that was let's just go through this one more times i just want you to see exactly how easy this is to get into these accounts now that we've got it set up okay we've reopened the browser after closing it down and the first thing i did was click on the extension for bit warden and typed in the password and we're going to click login and since we secured it with the authenticator app we're going to go in there and double click that it'll say touch the key now it's copied that verification code for the vault and all you do is paste that in there right click paste or control v and then continue now you're actually logged into your account now if we come down here and just double click this it's going to take us to the account that we want to log into and then we can just come over here click the extension click this and it auto fills your account id is that slick or what and bang there's your password and no see this account i've secured with a hardware key so even if somebody hacked your vault they still cannot get into your account so there's almost zero risk associated with doing this but it makes your life a lot easier getting in and out of your accounts i have never been a fan as i said earlier about these particular password managers but as you can see this can be locked down multiple ways to make it nearly impossible for someone to get access to your accounts so if you have any questions please post them below thank you for watching i hope you will consider subscribing if there's any other content you'd like to see developed we would love to hear from you have a safe and hack-free day [Music] [Applause] hey [Music]

Info

Channel: CyberMedics

Views: 1,235

Rating: undefined out of 5

Keywords: Yahoo mail, yahoo, Yubikey, Gmail, security, how to implement yubikey, how to secure gmail, multi factor authentication, u2f, 2fa, fido, cybermedics, cyber medics, cybermedics.org, how to use yubikey, how to use yubikey with gmail, email account hacked, password hacked, how to check password online, how to use a yubikey, how to use a security key, what is the best security key, how to use 2FA, how to prevent from being hacked, authenticator, yubico authenticator, yubico, password manager

Id: kC72PEHc8qA

Channel Id: undefined

Length: 12min 35sec (755 seconds)

Published: Mon Oct 11 2021