- Today we're talking 2FA keys, and I want to give you a masterclass in how to use the YubiKey. Arguably the most popular
security key on the market today. These small but very powerful little keys can provide strong, easy to use security for your basic online logins. And please, I want you to start thinking of two factor authentication as your baseline security standard. I don't care if you work
in a huge IT company, or if you're a stay at home mom or dad. It doesn't matter if you're
securing your retirement account that has a large sum of money in it, or if you're simply just locking
down your Facebook account. If 2FA is an option, then use it. But I've watched enough YouTube YubiKey tutorials to know that, most people don't realize
the full security potential of these keys. What I'm about to share with you here isn't just a simple setup tutorial, although I will provide you
with step-by-step instructions on how to set up and use your YubiKey. Once we get past the fundamental
usage of these keys though, I wanna show you some advanced features like how to use your 2FA key as a portable authenticator app, or how to lock down your computer
so that nobody can log in unless they have your 2FA key. Welcome to All Things Secured, my name is Josh. And before we dive into how
to set up your 2FA keys, let me share two very
important things with you. First, as I've explained in my
philosophy of security video that you can watch here, when you're setting up
any type of security, creating backup is critical. For me this means that I
have two YubiKeys for myself and two for my wife as well. I keep one key with me at all times, and then I store the other
key safely in another location that I'm not gonna tell you where that is, same with my wife. But I've also set it up
though where my wife's keys, are connected to all of my
accounts and vice versa. So if I lose my 2FA key, I'm not sunk because we both
have each other's backups. Does that make sense? The second thing I wanna share is that I'm using the YubiKey 5 Series for both of these in this tutorial. Now, I highly recommend these, and there are affiliate links in the description below this
video if you're interested. I use the 5CI and the 5 NFC so that I have the
option to connect to USB, USB-C, and Apple lightning. The security key you end up buying really depends on the
kind of devices you have. If your computer only
has USB-C for example, which looks like this, then you'll need to make
sure that you purchase a 2FA key that fits the USB-C socket. Any kind of physical security
key is gonna cost you somewhere between $30 to $80 each. So, it is a bit of an
investment I realize, especially if you're buying a backup key. If money is an issue, you can still use an authenticator app which is absolutely free, and I've created a series of videos explaining how to set those up here. But for the purpose of this video, I'm assuming that you're
buying a physical key. So let's say you just
received your YubiKey, and you've opened the package, don't worry about downloading any apps or configuring the key in any way, the cool thing is that
it's basically ready to use right out of the box. Let's say I want to add 2FA
security to my Gmail account, which is something I think is a good idea for pretty much anybody. You can either navigate
in your Gmail account on the upper right, click on your avatar and find, manage your Google account. Or you can just go and
type myaccount.google.com into your browser. Now, whether you're in Google,
Facebook, Charles Schwab, or any other online account that allows for two factor authentication, you're gonna be looking for your security and login settings. In the case of Google, you can see here on the left that I can click on security as an option. I then scroll down just a bit
to find two step verification. You might have to reenter your password before they let you enter here, but this is where you'll set up your two factor authentication. You can use text messages,
authenticator apps, or even backup codes, but the strongest method
are these security keys. You'll click add security key, and then you'll be asked to
plug the key into your device and press either the sides, or the button. You're given the option to name your key, and the reason I think
it's important to do this, is because if you happen to lose your key, if you haven't correctly named, you can also easily
find and remove that key from one of your authorized
2FA keys when you need to. You'll have to go through this process for each key individually. But that means that, if
you purchase two of them, one as your primary, one as your backup, you'll also have to set
that backup one separately, the keys can't be linked in any way. Once the setup is completed, in addition to logging in with
your username and password, you'll also be prompted
to plug in your 2FA key, which usually means you're
both plugging it in, and either tapping that
button or squeezing the bars depending on which key you're using. Once you do this, you shouldn't
need to click any buttons. Just wait for the key to let you in. Of course, if you're using the NFC version of the YubiKey 5, and you have a newer phone or tablet, you can just tap the key
on the top back portion of the device, instead of plugging it in, and you should see that it works there. And normally this is only required when you're setting up a new device, whether that's your phone, your tablet, or your laptop computer. Once you've allowed a
device as trusted though, you shouldn't end up using
your 2FA key every single day. I say that, but a lot of accounts
require you to verify even authorized devices once
every couple months or so, just for security, so I keep my security key
with me at all times anyway. So that's the basic
setup to use a 2FA key. It may take you a few minutes
to add the security feature to your online accounts, but I promise you that
once it's all configured, it takes very little effort to maintain. And it adds a lot of security. But what if a specific website or service doesn't support 2FA keys? And believe me, there are
plenty of them out there. For example, I invest using
a service called Wealthfront, and unfortunately at this point, they only support two factor
authentication via SMS text, and authenticator app. Now, let's put aside SMS texts because it's the least secure option, and I'd rather not use it in
unless absolutely necessary. For authenticator apps, you have the choice of
setting up a free app like Authy or Google Authenticator, or you could use your YubiKey. Now there are different
pros and cons here. Google authenticator, now that they've added
app log-in protection works really well, but you're 2FA key is tied
to each individual device where you install Google Authenticator. Because of the risk of losing that device, you need to either keep a backup code or set up the codes on multiple
devices at the same time. Authy on the other hand, allows for multi-device support so that you can sync
between different devices, and this means that
you're putting your keys in the cloud though, which
some people find a bit risky, and I can understand that. By using something like YubiKey, your 2FA key, is the device itself. And while that can be a tad inconvenience, since now I have to plug
something into my computer or device in order to retrieve a 2FA code, it does take away a lot of that risk that comes with the two other apps. So how does that work? Well first, you need to download the YubiKey authenticator app either for desktop or mobile, in order to access or add new logins for the 2FA authenticator, similar to what you'd get
with the Google Authenticator. You need to plug in the
YubiKey into your computer or mobile device. You can see here that once the key is inserted into my computer, the codes just automatically show up. The codes are stored on this little device I carry around with me,
not on the computer, and it can be plugged
into any device I want, although the app is required
in order to read the codes. So let me show you how this would work. Let's say I want to set up 2FA codes for my Facebook account. I log into my Facebook settings, and find and navigate to
the security and login tab. From here, you can scroll down to find two factor authentication. Now, I've already set
up authenticator app, so I'm just going to click manage and then add new app right here, the result is this QR
code and a manual code that can be used to set
up the authenticator app. Now in the YubiKey authenticator app, I just click this plus sign, and I can either copy and
paste the manual code, or let the app scan the QR code. There's a way that it can,
you know, read the screen. You can force to require touch, which means that I have to
touch the button on my YubiKey in order to access the codes, Or if you leave this box unchecked, it simply just shows the 2FA codes the moment that you plug in
the YubiKey into your device. Click add, and then confirm
the code with Facebook so that they can verify
that you did it correctly. Now, when I try to log into
Facebook on a new device, it asks me for two factor
authentication code. With my YubiKey plugged into my computer, the YubiKey authenticator
app shows me the code, I copy the code, paste it into the box,
and then I click continue. I can now tell Facebook whether or not to trust this new browser, which is basically another way of saying, would you like us to request a 2FA code every time you log in
on this browser or not? Now again, I only use this
authenticator app option if the 2FA key is not available, and on Facebook, it is available. So I do use it. It's also worth reiterating, the YubiKey authenticator gets programmed on a per key basis, which means that if you want
to have a backup of these codes on another one of your keys, you'll have to go through
the separate process of setting them up for
each key individually. It's not automatic, and
honestly it is a bit tedious. I've got one more advanced
use case for you here that you might find interesting. Now for most of us we
either use our password or a fingerprint in order
to unlock our laptop or desktop computers, and don't get me wrong, I mean, there's nothing wrong
with this kind of security, it's what I use for my work computer. However, if for some reason you want to really lock down that computer, perhaps there's a particular computer that you use for all
of your cryptocurrency, or it stores other
extremely sensitive data, you can actually make your YubiKey, a requirement to log in, to that computer. Now I warn you to proceed
with caution here. The last thing you want to do
is to get yourself locked out of your own computer, and that's entirely possible
if you're not careful. The first thing you need to do is download the YubiKey manager app and then follow the instructions
that YubiKey provides, which is very different, depending on if you use a
Windows or a Mac computer. In either case, setting
this up is really beyond the scope of this video, I just wanted to let you
know that it's possible, and I'll link to their help page that describes the process in the description below this video. You're now set up with your new 2FA security
key, congratulations. Let me know if you have
any questions below, and if you liked the video, make sure to click that like button.
