Do you use 2 factor authentication?
What do you prefer hardware tokens? Static passwords, one time passwords, or apps, cell phones?
General discussion
I only use burner accounts
YubiKey for my SSH connections, but sadly other services I use rarely support it, so I have to resort to apps like the Google Authenticator, email or SMS text messages.
Two factor those services I care about that support it. If not I probably don't care much about it and just use a strong password from keepass anyway.
I should get a yubikey though, would be kind of nice having something like that.
>>52137827
I would use it for more services if they'd let me buy a little RSA token or some such, where it shows you a number that you punch in. Seems that everyone doing 2FA these days wants to tie it to a mobile phone. Which I want no part of. Phones are awful things, and are easily lost or stolen. Smartphones are a security and privacy nightmare.
And of course the real reason they want to do it this way - so they have your phone number. I try very hard to not give any service my phone number if I can possibly get away with it, because I don't want them calling or texting me with their "special offers".
>>52138087
I don't understand why so many people I see use a cell phone as their 2nd factor. I recently got a yubikey to start seeing how easy it would be to add to my everyday practice.
>>52138172
>>52138027
Which Yubikey do you use or should I get? I'm gonna put one on my list of things to eventually get.
>>52137836
>filtered
>>52138207
I'm using the Neo. It has the most features, plus NFC for your phone.
>>52138239
Cool, thanks.
>>52138172
>I don't understand why so many people I see use a cell phone as their 2nd factor
They always have it with them, they keep everything else on it, and they're naive enough to think they'll never be without access to it for any significant period.
>>52138207
I got the yubikey4 for my first one for testing (doesn't have NFC) , they had a deal on the u2f (blue one) If you are a github member (got it for $18). So I am looking at using those now, but just got them.
>>52138263
Alrighty. I think I'll wait to get the Neo one then, since it can use NFC with my phone, that'd be handy.
>>52138278
Another Neo owner here, KeePass2Android supports it.
>>52138365
Yep, then that's definitely for me. I already use Keepass2Android.
>>52138278
I actually should have one of the neo on its way here today I believe.
I got the yubikey4 because if the stronger key, and the u2f because of the deal. I guess now I can really see what will work best.
So far I have had a little problem with getting the udev rules set up correctly on xubuntu 14.04. On ubuntu seems to work without any problems (the yubikey personalization tool and udev rules)
for work. RSA softtoken on my iPhone 6. easier than the hard token as i can call/use Find my iPhone to locate it.
One thing I am trying to figure out with using a hardware usb key is best way to carry it with me.
This is my current solution.
>>52138172
How do you propose I log in to a site on my phone/tablet with a yubikey?
Authy is like the only usable form of 2FA.
>>52138697
Using it with a phone is with NFC. I do not have one yet, but soon. I am wanting to see if it is convenient enough to use day in and day out.
>>52138408
Well damn, I use ubuntu too, this should be great then.
>>52138647
They should make some kind of mechanism to slide it into the enclosure so the pins would be protected.
>>52138891
Thought about this as an option too. Would look like one of those fitbit
>>52138252
And if you lose your keychain with your yubikey?
Thats when u need it
>>52139876
There is usually a backup of some kind. I wonder if it is possible to have two that are identical to have a personal backup in a safe?
>>52138207
If you want to use it for SSH without installing shady PAM-modules on every server you want to log into, you need the one that acts as a GPG smartcard, i.e. Neo. Then follow this guide: http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html (but write the GPG keys to the Yubikey instead of your hard drive; look up other guides for how to do this).
>>52140616
Thanks, gonna bookmark this for when I end up getting one.
>>52140640
No problem. Here is a how-to for smartcard usage (aimed at traditional PGP smartcards, but it's identical for Yubikeys once you've enabled the smartcard/CCID functionality with Yubico's "ykpersonalize" tool): https://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
All you really need from the first link is how to set authentication capabilities for a subkey and how to tell SSH what keygrip to use. Someone out there might have combined all this into a single how-to by now, but I'm too lazy to go look.
