Categories
Security

Using a YubiKey for enhanced security

I used to have a YubiKey, but it never fully caught on with me. Now, finally, I want to start using a YubiKey to reduce the risk of phishing attacks and strengthen my overall personal IT security.

A hardware security token never goes alone; always add two. One is for use, and the second is for backup.

Compromised security

The Infineon Crypto Library is vulnerable, and it’s not possible to update it. With the mobile app, it’s possible to check the firmware version, and I’m extremely sad to see that my recently purchased YubiKey is vulnerable to this attack and can’t be fixed.

Yubikey iOS App, showing my YubiKey 5C NFC is vulnerable with Version 5.4.3.

Here is the screenshot from the website.

https://www.yubico.com/support/security-advisories/ysa-2024-03/ (2024-09-10 16:13)

I believe there is a high chance that if I were to buy one from a local electronics store, I would receive another vulnerable YubiKey.

Therefore, I think I will move away from YubiKey and switch to Token2 from Switzerland.

https://www.token2.com/shop/category/u2f-and-fido2-keys (2024-09-10)

✅ Success

Microsoft

Various Microsoft Accounts, worked flawless.
https://mysignins.microsoft.com/security-info

Cloudflare

The Hardware Security Keys can be added seamlessly on Cloudflare.

Infomaniak

It worked too, but they only let you add one key to the account rather than mutliple which is a downside for me. So you need to depend on other factors aswell.

https://www.infomaniak.com/

🟥 Failure

Microsoft

Personal account.

Twitch

Does not offer Security Key support.

WordPress

WordPress as a software has no such feature to use 2FA. I like the work of Workfence. Wordfence does not support Hardware Security Keys for 2FA; only TOTP is natively supported.

Binance

You Can Now Use Hardware Security Keys on Binance 2019-06-28 (2024-01-11 checked)

Despite a blog post announcing support for hardware security tokens, my account does not have this option in January 2024.

https://www.binance.com/en/blog/all/you-can-now-use-hardware-security-keys-on-binance-351376985820852224 (2024-01-11)

It is always advisable not to store funds on a crypto exchange due to obvious risks. If the cryptocurrencies are not secured in your wallet, they are at risk.

Good old times

yubico.com – Legacy products

YubiKey Standard
Years in operation: 2014-2016
Primary Functions: Secure Static Passwords, Yubico OTP, OATH – HOTP (Event)