[Explained] Yubikey 5.0 - How to use a Yubikey & LastPass to Secure all your online Accounts!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- [Orman] This is the Yubikey Five and the makers of this little device say it can help to protect you and drastically reduce the chances that the bad guys will get into your stuff. In fact, when used with an application called a password manager, it says it can reduce the number of passwords you need to remember and in some cases, eliminate the need for password altogether. Can it really do all that? Let's find out. (air whooshing) Hi, I'm Orman Beckles a.k.a The Hi Tech Nomad and in this video, we're going to look at the brand new Yubikey Five, and I'll show you how to use it and a password manager as a foundation for a simple to use but highly effective way to keep hackers out of your stuff. Now I looked at all of the videos that are up on YouTube regarding the Yubikey. Some of them are as short as 13 seconds long. That's not enough time to show you how to use it. On the other hand, the time it takes to show you is probably about an hour and quite frankly, most of you will not sit still for an hour video. So I'm going to have to break this into parts. This is part one and I will publish the other parts as quickly as possible. To show me that this is the kind of information that you want, please hit the like button, please hit the subscribe button, and please leave comments below. Letting me know that this is the type of video that you wanna see regarding complicated subjects like this. Yubikey has been around since 2007. However, you may have only heard about them because recently, Google published an article saying how they distributed the keys to its 85,000 employees and made it mandatory that they use them, and since then, it has reported zero successful hacking attempts. So Google is actually so impressed that they now make their own security key called Titan, but in my opinion, Yubico is still the best. Now you should have two keys because once we start locking things down, much like your house or car keys, if we lose the keys, we're gonna lock ourselves out. Now I don't want that to frighten you unless of course you're a person that loses all of your car keys on a regular basis. In which case, I would suggest that you get three keys and put one in a safe or give it to a friend that's less accident prone. This key chain one which also has NFC is the one that we're gonna carry with us and use with our phone and use when we're out and about. These nano versions are small and are meant to be left in the computer for extended periods of time. As you can see, they have very low profiles and won't get in the way. So we're gonna start simple and work our way up. So let's go ahead and log in to a Gmail account that I've set up just for this example. So here we are, it is Yubikey video. So I'm gonna go ahead and click on that and then we're gonna put in the password which in this case is password, and I'm telling you that because we're going to show that even if people know what the password is, we're still gonna be able to keep them from getting our stuff. So you can see the password is password. P-A, dollar sign, dollar sign, we're trying to be tricky here, W-O-R-D. So if we did nothing else and we wrote this down on a piece of paper next to our computer and somebody got that, they could go home and they could log in, all right? So we're gonna go into our Google account and we're gonna go into sign in to Google, and what a lot of places try to get you to use is something called two-step authentication or multi-step authentication. Basically, they're gonna ask you to do two things when you log in. Now the problem is is that you don't even want to do one thing to log in, but it's safer if you, you know, we're trying out, it would be nice if we didn't have to put locks on the door but we do. So it's better. The more locks we have, the better, but we wanna make it nice and easy. So of course they talk here about turning on your two-step authentication and all of the good stuff that comes with doing that. So we'll go ahead and go to the next one. We've now turned on two-step authentication. We have to log in again. So we'll log in again. P-A, dollar sign, dollar sign, W-O-R-D and let's go ahead and click next. Now it says "Should we set up your phone "for your two-step authentication?" Let's go ahead and set that up. Now you're gonna have to do this to turn on two-step authentication but this is not a good idea, and while you might think "Hey, that's pretty cool. "It will send a text message to me. "I have my phone. "I'm fairly secure. "Everything's fine and dandy." That's not really the case. This is better than nothing. This is better than having just the bad password. All right, so I got my code as you can see down here in the bottom of my screen. Now you might be wondering how I got this code. That was sent to my phone on the screen. That's covered in another video called Join which is nice, little software that you can use so that you can see your text messages on your computer screen. So check that out if you're interested in seeing that. But the important part here is this. We've now turned on two-step authentication. Now that we've turned on two-step verifications, we have a bunch of different choices. The first choice we're gonna look at is backup codes. These are 10 single use codes that will allow you to get into your account should anything else happen. So for example, if you lose your phone or we lose our security key. I strongly suggest that you make use of this feature. To use it, you're gonna click on show codes. It will show you these codes and then you can go ahead and download them or print them, and obviously, you don't wanna download, print them and leave them on your desk. You literally wanna put these like in a safe somewhere knowing that you can still get in with one of these codes should there be a problem. Now for those of you who are hurrying to scurry down to look at my codes now, you can change new codes by doing this. Once you do that, the codes that were previously on the screen will not work for this account. So obviously when I'm through with this video, I'll hit it again and again and again. So that's the first thing we wanna take a look at. The next one we're gonna take a look at is using the Google prompt which is sort of nice and that's specific to Google and what that will do is when you try to log in, it will use one of the Google apps on your phone that you're already using to say is it okay if you can get in, and that's fairly decent that will allow you to get in and that is fairly secure. The next one is Google authenticator and this is not too bad either. This generates what we call a one-time password or a timed one-time password, and what happens is is it will show a series using six numbers that change every 30 seconds and those are very very difficult if not impossible to replicate. So again, using Google authenticator is fairly decent. Now the problem with that, in most cases, is people do not want to pick up their phone, look up the six numbers and then put the six numbers in or perhaps they don't have their phone. So that brings us to the last one and the last one is the one that we wanna talk about. This is using a security key. So how do we add a Yubikey to our account? Well that's actually fairly easy. All we do is add security key. It will show us the key. It says put it in. It says okay. If you've got it in now, it's gonna glow green for a second. I touch it and that's it. It says it's about to our security in a sense. What key is it? This one happens to be the USB-C key that I have. We're okay if we lose them because we still have our backup codes but for the sake of this discussion, I will add a second key. So I have the other key from around my neck. I've now added my second key and this is the key that I actually wear around my neck with my dog tags. So I now have two keys and I may even add a third or fourth key. Add my wife's key and then I also have a master key that I keep down in the safe. The problem here is this phone number. We already said that this is the weak link. So I'm gonna actually go in and click on remove phone. I do not want them to be able to send a text message. And there you go. Bob's your uncle. We have an account that is pretty well-protected. The only way you're gonna get in is to have my password and either one of these two keys. If you do not have either one of these two keys or this backup code that I'm gonna keep in the safe, you are not getting into this account. So using this method, we have a very very secure account. So much so that I'm not changing my password. Please feel free to try and go and get into this account. Again, the email address is shown on the screen. Go ahead, have at it. You're not gonna get in. Now unfortunately, not every site is currently making use of these security keys, but a lot of them are. For example, let me go ahead and log into Facebook. As you can see, you cannot log into my Facebook account unless you have one of these keys. So for example on Twitter, it's asking me again to log in with my security key. Now unfortunately, not all the websites currently make use of these security keys, and until they do, we're gonna have to find another way of making sure that we have a different password for each website without having to keep all of those passwords in our heads. Luckily, we have LastPass. LastPass is a password manager. It's gonna allow us to create complicated passwords and have them associated to the websites that we use. Now you won't have to type in this password that often but it does suggest that you make this an extremely strong password. As I said before, it's best to use a phrase. Something that you can put in that's easy for you to remember but it's very very long. In my case, I'll say "In olden days a glimpse of stocking." And those are the first words of the Cole Porter song Anything Goes. Again, this is just the demo. I'm trying to show you that by using a phrase, we can have a very long, complex password. And here we are at the LastPass dashboard. Now luckily for us, LastPass works with Yubikey. So the first thing we're gonna do is we're going to tighten our security by locking down our LastPass account with our Yubikey, and we do that by going to account settings, clicking on multi-factor authentication options, and as you can see, we can use the Google authenticator and a couple of other different ones but the one that we wanna do is the Yubico. Yubico Yubikey. So we're gonna go ahead and click on enable to which it's now asking us for our two keys. So we're gonna, at least two keys. As you can see, you can have up to five keys. Because again, this is a family account so more than one family member might be using it. We're gonna go ahead and, so let's go ahead and log back in. I'll put in our password. In olden days a glimpse of stocking. We can't get in. I don't mind if you have this password because you ain't getting in unless you have one of my security keys and in this case, we only have one that I should at least register to. Now we have a secure LastPass. We now have a secure password manager. Now let's see how we use LastPass with other websites. All right, so the next part of this is that we need to load the LastPass extension. So we're gonna go in and we're gonna say LastPass extension. As you can see, it's a free extension available in the Google Chrome Playstore. All we do is click on that and then click on add to Chrome. It says "Can I add the extension?" We say yes. And we'll end up with a little icon here on the end that says LastPass. Here we're gonna go ahead and put in our account information and as you can see, I can't even install this extension without my security key. So I'll go ahead and activate my security key. And we're all set. Now let's go and sign up for a service and see how we're going to use LastPass. So now let's go ahead and see how we use LastPass. There's something very curious here that I wanna point out to you and it speaks to security and how your information is constantly being scanned reviews and in some cases, used against you. So I've come to the Yahoo site and I've come to use this as an example to show you how to use LastPass, and we're gonna click on that in a minute, but I want you to notice what's happening here. The two ads that I'm getting sent, the one up there a minute ago was for Yubikey and the one over here is for LastPass. So that means they've been monitoring what words we're using and where we're going and then they're feeding us ads based upon that. Now in this case, these are two ads that don't make any difference because we already have LastPass and we're talking about the Yubikey, but I want you to see just how your data is constantly under attack and that's why we have to take these steps. So we're gonna go ahead and click on sign in and we're gonna go to sign up to which it asks what is our first name, our last name, our password, a phone number, a date of birth and gender. Now what I want you to see here is that under password, we now have next to it a little icon and this is being generated by LastPass, and what we do is we click on that and it's going to show us this LastPass generator. This is gonna help us generate really strong passwords specific for each site, and we have a bunch of different options. At the very least, we can change the number of characters. I used to try to go for the maximum amount of characters just because I don't have to remember it anyways and it looks kind of cool. So we're gonna say 20 characters. I can actually come down here to options and I can do things like make sure it adds in dollar signs or things of that nature. Now this is good because some websites will require that you do use a special character and some websites will say you can't use it if it's a special character. They also have this little pronounceable which I don't know if you can call that pronounceable but apparently it says that that word is a pronounceable word. We're just gonna go back to all characters. I usually just, for the heck of it, click on copy password. That will put it into the buffer. Into the copy-paste and then I can just say paste. Now I've gone through all of those steps and again, I had to put in a phone number. Wasn't really happy with that because again, this just, it helps to link things. So if they steal all the information from here and all the information from there, they now have some way of correlating the two accounts. You'll also see again now that we have an advertisement for LastPass down here in the corner. So we're logged in. Now how does LastPass help us to log in the next time? To do that, let's go ahead and log out. Let's go ahead and log back in. As you can see, it's prompting me to enter my information and normally, I would type it in, but now, since we're using LastPass, we have this little box off to the side. This little box off to the side is important because it's telling us that LastPass recognizes this website and has at least one log in for this website. If I click on that box, it will show me the log-ins that are available. Now you may have websites with multiple log-ins. For example, maybe you and your partner have a Yahoo account. In my case, we only have one so I'm gonna go down and I'm going to click on it. It's now entered my username. I'm gonna go ahead and click next. It's now asking me for my password. Don't worry, I don't have to type in that long 20 character password. All I have to do is come over to LastPass and again, select the correct entry. I then click sign in and Bob's your uncle, we are logged in. So I'm going to stop here for part one. I'm already editing part two and it will be put up shortly. Please hit the like button, please hit the subscribe button so that I know that you guys like videos like this that are in detail. We're breaking a lot of, from what I saw, you guys really like these kinds of videos, so just let me know. Put a message in the comment. Tell me it was too long. Tell me it was too short. Okay, give me some direction. This is how we learn. We're gonna be working together. So until the next time, this is The Hi Tech Nomad, signing out. (upbeat music)
Info
Channel: TheHiTechNomad
Views: 221,649
Rating: undefined out of 5
Keywords: yubikey 5 review, yubikey 5, yubikey review, yubikey lastpass, yubikey 5 series, yubikey 2fa, yubikey 4, yubikey 4 nano, yubikey 4 review, password manager, yubikey neo, yubikey 5 nano, yubikey setup, yubico key review, yubikey 5 nfc, gmail security key, security key, security key usb, two factor authentication, usb security key, yubico key, yubikey neo review, usb security, yubikey security key, fido u2f, 2fa key, yubico security key, security keys, yubikey
Id: MHTIVR1mY7k
Channel Id: undefined
Length: 19min 13sec (1153 seconds)
Published: Wed Oct 17 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.