Thanks for pointing it out: learning 😊
When you touch it to use it , is it because it reads your fingerprint?
Last edited:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Yubico Launches 'YubiKey 5C NFC' With USB-C and NFC Support
- Thread starter MacRumors
- Start date
- Sort by reaction score
When you touch it to use it , is it because it reads your fingerprint?
I believe is senses that someone is there, so you can leave it plugged in, and if you aren't there, it just doesn't sign you up for the Nigerian money shuffle. Not A Bad Thing...
I bought the Yubi 5Ci and it has the 'ears' on the side. There is NO WAY those little ears can read your fingerprint. No Way. It wants to know *someone* is sitting there. A warm blooded *something*, hopefully you...
Last edited:
I am using a family plan, but that does make sense. I did briefly think yesterday that if a Yubikey stopped me from having to enter my password I might forget it... hah!
Undoubtedly, but if the providers of my password manager didn’t think it was safe to also use it for 2FA, then why’d they add the feature?
For now, I’m glad I actually invested in it and went through every single password.
Usualy all these password managers have some sort of "Remember my password" saved on device or in app, but then f cuse you could other problems if you also share that device then as well.
I have my Lastpass iOS password saved, coz i use TouchID to authenticate..
I have my Lastpass iOS password saved, coz i use TouchID to authenticate..
I have two factor enabled for lastpass so they cannot get access just by knowing my lastpass login details. I dont use lastpass 2FA tool either so all my eggs are not in one basket.
This is a related tangent: THAT is the feature that drove my mom crazy with iCloud. It would just randomly popup a request for a password occasionally, and she would freak. She, at many points actually, had a stack of stapled sheets of papers with passwords printed, and crossed out and hand written on them, and had several different printouts with different passwords hand written in. (I had shown her how to see the passwords saved in both FireFox, and KeyChain, but it was too complicated, and by the time I heard about it, she was so far past that)
She was 70+ years old, and had suffered with cancer for nearly 25 years. She couldn't remember a password to save her life in the last 10 years or so of her life. She constantly was in the state of 'Oh, you forgot your password? Respond to this email message and you can change it.' She was constantly every couple of months being locked out of her iCloud account, and totally gave up on her iTunes, and at least one Facebook account.
Such practices are user abusive, and I had words with Apple's executive support about it too. She relied upon her mac and iPhone to stay in touch with people, mainly us, and yet it would turn on her and upend her world. I thought of a password manager, but she once gave someone who texted her from her 'ISP Support Department' her username and password, and her account was stolen. She was so lost. I felt so sorry for her. She sobbed when I explained that no one from anywhere legitimate would ever ask her for her password. 'Why do they do that?' she sobbed? She NEEDED the computer, and iPhone, and they would turn on her. It usually got so bad I had to call Apple Support to get a new password. She ALMOST enabled 2FA on her iCloud account in her desperation to reset her password. Once she was locked out of her iCloud account for over a month. I didn't know what to do to help her. Apple was no help. I could not make her a 'child' account of mine as at the time they didn't exist (do they now?). I even locked down her main non-Apple account that you need for an Apple ID, and she actually got the passwrod changed, and forgotten on that account too, amazing the hell out of me. Her iCould email address wasn't even on that account!
I wish I could have found a better method for her that didn't involve remembering anything, except a key on her key chain, but she kept losing those too occasionally. (I got good at changing lock cores after getting them rekeyed)
Technology is failing our elderly. Technology is failing all of us in certain ways. We can 'land a man on the moon, and not fix this issue'. Damn...
Beyond 2FA, the interesting application of this will be "Passwordless". I'm not gonna convince mom and dad to use anything other than "petname123". Plenty of office knuckleheads will continue leaving their passwords on sticky notes. It's much easier to give them a physical object than to get them to use a password manager and regularly update passwords.
If you could get Authkey + Face ID/Fingerprint, then passwordless security is a no-brainer.
If you could get Authkey + Face ID/Fingerprint, then passwordless security is a no-brainer.
That was the funny thing about 2FA. I worked at a 'big ten' uni, and the department I worked in as a programmer, dealt with student records and financial type stuff. They had SecureID thick credit card token badge things for everyone, the uni bought them by the case. And people used to sticky note their current system generated passwords on the back of their SecureID tokens and leave them on their desks. So, Mr Do-Good that I was, sent out an email to staff telling them to stop posting their passwords on their IDs and to lock them up, as they were something like 80 bucks to replace (even in bulk!)
So most started putting them either under their keyboards, or in their unlocked drawers. (Being 'a guy', mine was always in a shirt pocket, and it was with me from the moment I got dressed, to the moment I got home and took the shirt off. I was a good minion)
Then one day...
I was out on vacation. It was the first Monday of my vacation actually, and I was deep into enjoying the helll out the Caribbean, and had my phone off the entire week. Can you guess what someone did?
Yeah, someone gathered all of the Secure IDs they could find, swapped the post-it notes, and redistributed the Secure IDs to their original places of concealment. Monday was chaotic to say the least, and having sent out the email just a month or so prior, and not being there to defend myself, I was blamed for the chaos. I got to the mainland, late that Friday to panicked voicemails about people locked out of 'the network'. Then people locked out of their mainframe accounts, but not the network after all. Then the security department wondering if they should give out new SecureID tokens (why ask me?), and then saying that they disabled ALL of the IDs and issued new ones, and mine *should* be the only one to still work. (Pointing the finger at me)
My boss left a voice mail, actually several, wondering why I did it. Laughing hysterically because they wasted HOURS of production time getting the IDs replaced, and blew through thousands of dollars in the process. Mysteriously mine, and another programmer there that had it out for me were the only two IDs that worked besides my bosses. AH HAH!!!
So I got back Monday to sneers and jeers and really dirty looks. My secretary was laughing her ass off. 'You should have seen it!!! It was BEAUTIFUL!!!' I actually thought that she could have done it, but she, oddly, didn;t have a key for the door to 'the pit' where the majority of the employees worked. It was all handled by the time I got back, but there was till a bit of suspicion that I did it, even though I left shortly after work that previous Friday afternoon. My boss almost had me show him the airplane ticket. He knew who did it. She was 'connected' to 'management'. Untouchable.
But it was perfect! People started taking security more seriously.
And here ends the related tangent.
I have to say, it would have been an epic thing for me to do, but I wasn't about to be that mean. That other programmer? Oh hell yeah...
OMG! It took me too many minutes to find a picture of those accursed things!!!
Here it is (and pox on the inventor of them. I had one die in the middle of a stressful day. I so wanted to throw it at a brick wall, but they needed to return it to the vendor for some obscure reason. Bugger, it would have felt so good!):
I will never understand this level of laziness. After all that, the employees probably blamed IT. I swear, it a computer required a blood sample to access, users would just leave a fresh vial on their desks "for the convenience".
It is possible through iCloud now. My mother is a ‘child’ so I can manage things if need be. I then also set up 1Password and explained how that works. Things are pretty good, for now.
You need a backup. In most applications where you can configure a security key, you will be able to set up "multiple factors". So in addition to a security key, you can set up something like Google Authenticator as another factor. When you log in, the apps prompt you to "insert security key", but will have another button for "try another way" that lets you use your other factors.
YubiKey also suggests just having 2 security keys, one you keep somewhere safe, as a backup. It's not truly a backup, as the second key had different security keys on it, and for every app you setup, you need to provision BOTH you primary and backup keys.
These keys (YubiKey, Google's version) implement a "Secure Enclave" using hardware. What that means is, the chip inside the key will generate a public/private key pair, and the private key is stored in hardware in such a way that it physically cannot be accessed. The private key can never leave the device.
When an application needs to check authentication, it sends some data to the key to be signed. The chip on the key won't sign the data with the private key unless you physically touch the device (to provide "proof" that you have physical access to the key). The result is returned to the application, verified with your public key, and voila, you're in.
Also, the device actually has multiple keys on it, and they can be rotated. So different authentication schemes can use different keys.
I've got one, but usually just default to using 2FA via One-Time-Password, as I often have left my keys somewhere no near my machine, or don't want to fiddle with plugging the key in every time I need to authenticate somewhere.
[automerge]1599735450[/automerge]
[automerge]1599735481[/automerge]
Bless you. I faced her frustration so many times. Her sobbing 'WHY DO THEY DO THAT? I HATE THIS %&*^&$ COMPUTER! I WANT TO THROW IT OUT A WINDOW!!!'
And Apple was unsurprisingly I suppose, not very helpful. And they would call me to 'catch up' from time to time. Rubbing salt in the wounds. Maybe my comments helped. I never heard of any improvements. And she died two years ago now. Hard to believe...
I hope you can keep her involved. In spite of all the drama, her having access to the world was very important I firmly believe, and Apple just failed to assist me, an IT guru, to help her deal with it. I felt so powerless and frustrated too.
EDIT: Oh, she also lived over 2 hours away, so that added to it. In her last nearly 8 months on this planet, she was with us, so it made it somewhat easier, but she would turn hard core hacker when theings weren't going right. She 'hated to bother me', so she hacked her non-Apple email account again. I really can't blame her. I'd probably do the same thing. I just hope things can get easier and less drama rich for families dealing with ageing parents and their desire to be involved, and connected. It IS REALLY IMPORTANT that our parents don't feel isolated, and that the process of staying connected doesn't turn into a security problem, or result in them pulling back. She was doing that before she moved in with us. She 'disappeared' to her friends for weeks, and turned out her ISP had been hacked, and locked her out. *sigh* I had to trek there to fix it.
Be supportive, but you probably know that. My poor mom. She tried.
Last edited:
It was while working there that I stopped reading Dilbert. It was as if it was written about my life! Far too real...
One that sticks out is the strip where the shorter smarmy character is told that his office, that has a window, has to have the window covered up because he 'doesn't rate a window'.
IT HAPPENED TO ME!!!
The programmers were housed in an off campus leased building, and we were being 'relocated' back to the main building on campus. I needed an office, and the only one available was one that had a window. It overlooked the parking lot, great view, but it had 'a window'. I was installed int he office, and a few weeks later, the campus 'furniture people' show up at my door with a cubicle wall. I was surprised to see them. The office was far too small for a cubicle for room for another person, but they said it was to 'cover the window'. They looked like they wanted to laugh. I think one of them mumbled something about 'this is the guy that they put in an office with a window that doesn't deserve a window.
I was so surprised. The pettiness was so stunning. They could have moved me, but the funny thing is everyone that 'rated a window' had one. How hysterical does it have to be. And I saw the freaking parking lot. Such a great view. The whole thing was so surreal. I gave up Dilbert. It wasn't funny anymore.
Another cute story from that time in my career: It was 'bring your spawn to work day'. This assistant to the assistant of the assistant to the assistant shows up at my door, beaming, and introducing her son. 'He wants to be a programmer, and wanted to meet you. Can you tell him how you learned to type, and what it's like to be a programmer?' Sure. What kind of programming do you want to do? 'I want to be a ***GAME PROGRAMMER***'
So does every hyperactive kid!So I start. I never learned to touch type. As a programmer, I'm not writing a novel. It involves a lot of trying things, and editing, and trying it again. Sure, some times I can write a program straight out in one spasm, but there are always editing that needs to be done. I wish I could just have the programs flow out of my fingers. My typing class was me sitting next to the most beautiful girl in school, and she would be typing 2,000 words a minute, and I'd be using three fingers on each hand, and struggling to get through it all. I joked that I had progressed to four fingers on each hand, but couldn't get those pinky fingers to do a damn thing. The kid laughed and was overjoyed at what I said. The mom glared at me! If I could have burst into flames, I would have at that moment. I offered to have him sit and watch me work, but she stuck her arm around him as she continued to glare at me, and practically shove her spawn out of my office. She went to 'that programmer' that was a problem, and she lied about touch typing, but she was a 'by the book' programmer. Her programs always took weeks to get done, and in a department that often needed answers in a moments notice, management was getting more and more frustrated by her intransigence and lack of any speed. I heard she was finally transferred to a different department, one without any 'protections', and was finally fired, or quit, no one remembers. Sad... But that part of my career was pretty informative. Mean people suck, and Scott Adams must have worked at that school prior to me being hired.
But anyway, back to 2FA. The wife works at a place that 'tried' 2FA, and people complained about it, and they dropped it. They have major HIPPA hoops they have to jump through, so 2FA would seem to be mandatory, but apparently not. *shrug*
...which needs to be resolved on Apple’s side. I’m still hoping that happens w/ iPadOS 14, but I haven't heard anything from the betas (yet).
So these keys are disposable? You use them for one software only and they are no longer of use for anything else?
Your last paragraph details the problem with using keys for authentication. Lazy people won't use them, not saying you are lazy, but you know 'users' I assume. 'It's too hard to have to carry the key with me everywhere!' 'It doesn't fit on MY key chain!' 'It clashes with my nail color!'
It should say 'until a warm body touches the contacts'. It has no way to know *who* is touching the contact(s).