YUBIKEY REVIEW AND GUIDE: How to keep your Bitcoin and cryptocurrency SAFE

Boxmining

36.6K views 1,176 4 years ago

Description

Yubikey from Yubico will greatly increase the security of your exchange accounts - essentially making it impossible for hackers to withdraw cryptocurrencies UNLESS they have the physical device. In th...

Yubikey from Yubico will greatly increase the security of your exchange accounts - essentially making it impossible for hackers to withdraw cryptocurrencies UNLESS they have the physical device. In this video, I review the Yubikey and its pros and cons, and a guide on how to use the device. https://boxmining.com/yubico-yubikey-review-and-guide/ ●▬▬▬▬▬▬▬Recommendations▬▬▬▬▬▬▬● Recommendation List: https://www.cryptoatlas.io/Boxmining 🌼Buy & Sell Bitcoin: https://join.swissborg.com/r/michaeOQZM 🔎Crypto Prices: https://www.coingecko.com/ 🔒Hardware Wallet: http://boxmining.co/ledger 👍🏻Brave Browser: http://boxmining.co/brave 📲Binance Exchange : http://boxmining.co/binance ●▬▬▬▬▬▬▬▬▬▬Community▬▬▬▬▬▬▬▬▬● Boxmining Official Website: https://www.boxmining.com/ Telegram Discussion Group: https://t.me/boxmining Telegram Announcements: https://t.me/boxminingChannel Facebook Community: https://www.facebook.com/groups/CryptoSpartans/ ●▬▬▬▬▬▬▬▬▬▬▬Social▬▬▬▬▬▬▬▬▬▬▬● Instagram: https://www.instagram.com/boxmining/ Twitter: https://twitter.com/boxmining Facebook: https://www.facebook.com/boxmining Steemit: https://steemit.com/@boxmining ●▬▬▬▬▬▬▬▬▬▬Disclaimer▬▬▬▬▬▬▬▬● I'm not a professional financial adviser and you should always do your own research. I may hold the cryptocurrencies talked about in the video.

AI Analysis

A YubiKey is a small physical security device designed to significantly enhance the security of your online accounts, especially for cryptocurrency exchanges and services like Google. Even if hackers manage to breach your account details, they won't be able to withdraw funds or access sensitive information unless they have the physical YubiKey in their possession, making it a robust defense against common attacks like SIM swap hacks.

Here's a breakdown of YubiKeys and their use:

* What is a YubiKey?
* A YubiKey is a small, physical security key that plugs into your computer's USB port, designed to provide an extra layer of security beyond just passwords and typical two-factor authentication (2FA).
* It’s crucial for protecting high-value accounts like crypto exchanges and even your primary email (e.g., Google), which are often targeted by hackers.
* The core principle is that even if hackers get all your digital credentials, they still need physical access to this device to complete actions like withdrawing cryptocurrency, making it incredibly powerful for security.
* This physical barrier is essential in the crypto world, where sophisticated attacks like SIM swap hacks (where hackers gain control of your phone number) have led to significant losses.

* Setting Up a YubiKey (Using Binance as an example):
* Setting up a YubiKey is surprisingly simple: you just plug it into a standard USB port on your computer.
* On an exchange like Binance, you navigate to the security settings and select YubiKey as your 2FA method.
* The setup process involves allowing the exchange to see your YubiKey model, creating a PIN for the key, and then physically touching the key itself to confirm the setup.
* As a final security measure, you'll usually need to verify the action with a code sent to your email or another Google authentication method, ensuring a very secure lock-in.
* A great feature is the ability to customize when the YubiKey is required. For instance, on Binance, you can set it to be required for withdrawals, API access, login, and password resets.
* Personally, keeping the YubiKey mandatory for withdrawals is highly recommended to prevent hackers from stealing funds. However, I often turn off the YubiKey requirement for general logins for convenience, as carrying the key around for every login isn't always practical. This way, I can log in anywhere, but any significant action like a withdrawal requires the physical key.

* Strengths of Using a YubiKey:
* YubiKeys offer a massive leap in security, moving beyond vulnerable SMS-based 2FA, which is widely considered the weakest form of two-factor authentication and easily compromised by SIM swaps.
* It effectively prevents many common hacking methods, including those that rely on compromising phone accounts or emails.
* For anyone holding a considerable amount of cryptocurrency on exchanges, a YubiKey provides an invaluable layer of protection, making it the "best in class" security solution currently available.
* Many platforms, including Google and exchanges like FTX, are now supporting YubiKey, making it a viable and robust security option for a wider range of services.

* Limitations and Personal Frustrations:
Inconvenience: While highly secure, the YubiKey introduces an element of inconvenience. If you enable it for withdrawals, you must* have the physical key present. This can be a pain if you use multiple devices or locations, leading me to purchase two keys to mitigate this. It's particularly inconvenient for mobile power users or those who frequently travel and need to send crypto.
No protection against exchange hacks: It's vital to remember that a YubiKey secures your account* from external attacks; it doesn't protect you if the exchange itself gets hacked.
* Confusing Models and Price: The YubiKey lineup is extensive, with models ranging from $20 to $70, making it hard to choose. It’s not always the case that more expensive means better.
Lack of Mobile App Support: This is a major frustration. Despite some expensive models (like the YubiKey 5Ci) offering USB-C and iPhone (Lightning) connectivity, many popular crypto exchange apps (including the Binance Android app) do not* natively support YubiKey authentication. This renders the mobile-compatible features of these pricier keys useless for their intended purpose in crypto. This lack of app integration defeats the whole point of buying a mobile-friendly key.

* Recommendations on Which YubiKey to Buy:
* For most users, especially those performing crypto withdrawals from a desktop, the cheaper $20 YubiKey that uses a standard USB-A connection is the most practical and recommended choice. It's robust and gets the job done.
* Avoid the more expensive YubiKey 5Ci ($70) if your primary use case is securing crypto exchanges on mobile, as current app support is very poor, making its mobile features redundant for this purpose.
* Don't be swayed by extra features like NFC if you don't specifically need them. Focus on the core functionality and connection type that best suits your computer setup.
* If you frequently operate from different locations (e.g., home and office), consider buying two of the cheaper models instead of one expensive, feature-rich key.
* If you own a MacBook, you might opt for a USB-C compatible YubiKey, but always verify app support for your specific use case first.

* Actionable Takeaways:
* If you keep any significant amount of cryptocurrency on an exchange, implementing a YubiKey for withdrawals is a highly recommended security measure.
* Absolutely avoid using SMS-based 2FA; it is the most vulnerable option.
* Be prepared to balance enhanced security with a slight increase in inconvenience, especially if you frequently perform transactions or use multiple devices.
* Always check if your specific crypto exchange supports YubiKey before making a purchase.
* When choosing a YubiKey model, prioritize functionality that genuinely aligns with your usage over expensive, unutilized features.

Transcript

So this ugly looking device is a YubiKey. And it's designed to push your account security to the next level. So yes, this is your exchange account. If you don't want hackers attacking your exchange, you might want to give this little device a consideration. And it also applies to not just your exchange accounts, but also to your Google accounts. So protecting your email, et cetera. And this is extremely important in crypto because there are a lot more hackers out there and a lot more instances ...

So this ugly looking device is a YubiKey. And it's designed to push your account security to the next level. So yes, this is your exchange account. If you don't want hackers attacking your exchange, you might want to give this little device a consideration. And it also applies to not just your exchange accounts, but also to your Google accounts. So protecting your email, et cetera. And this is extremely important in crypto because there are a lot more hackers out there and a lot more instances where cryptocurrency gets stolen. At its very core, if you activate one of these on your accounts, it means that hackers, even if hackers breach everything, they'll need to have access to your physical device. So they'll actually need to have this physical key in their hand, on their computer, in order to withdraw any cryptocurrencies or any money or reach anything. So that's a lot of power right there because we definitely read reports in the past where hackers have gotten very creative. They use SIM swap hacks to attack various people and stolen quite some cryptocurrency. So it's worth looking at. But at the other side, the flip side too, and this is why you want to stay until the end of the video, we'll talk about some limitations of this device too. I've been using YubiKeys for roughly a year now using different models. And there's a reason I picked this up. So this is like I picked up two of these. There are some strengths and limitations I do want to talk about. There's some like real serious pet peeves about these devices, which I really don't like. So I'll talk about them towards the end of the video as well. So overall, these videos are guides on how to protect your accounts in cryptocurrencies. I cover like ledger, hardware, devices, etc. So if you guys want to check out further, more information about that, check out the list up here to find out how to increase account security on everything so no one can take stuff. All right, starting off with installing the device. This device might look super ugly and super weird, but it's actually super simple. It just plugs directly into your USB like a normal USB key. So there you go. That's plugged in. So assuming you have these normal USB ports, it just plugs straight in. For my own computer, it's actually off screen. That's what I have to show you with that little black pop over there. So it's all right. Now I'll show you how to set it up on an exchange account. You can go to your account and click on the security set section, and you can have the 2FA. You can see the recommended is a YubiKey, and I'm going to click it to set up. So this is the pop-up that shows up. It says security key set up. Okay, and you can click OK to start. Now let Binance see the model and make your security key. Yes, for sure. And then you can also create a pin for the security key. So now after creating a pin, I'm going to have to actually physically touch the key. So this is where you can see me awkwardly reach over to touch it. So I have to physically touch it with my phone and confirm it. Now, and that's pretty much it. So after touching the key physically, I can put it as a YubiKeyBlueUgly1. And as a final step, I have to do a verification code. So both for email and Google to lock it in. Yes, this is very secure, and it's the way it should be. All right, now that's done. Depending on the website, you can also set when you use the key. So for example, by default on Binance, for withdraws, API, login, and reset password, they all require the use of the YubiKey. Now, for me personally, I find withdraws super useful. I don't want any hackers stealing my cryptocurrency. So I always leave this on. For login, this is when, because sometimes I log in outside, I don't always want to have my YubiKey around. So I usually turn this off. So let me just turn this off. Boom, done. So in this situation, with the login off, this means that I can log in without the key. But anytime I want to withdraw any funds or reset the password, I absolutely require to use a key. And that's it. So I've successfully added the YubiKey to my Binance account, and it adds an extra layer of security. And this will prevent hacks like the ones that we read quite a lot. So Coinbase account hacked. Hacker takes the 2FA because it's SMS-based 2FA, and someone unfortunately compromised their phone account. That's how this hack happened. And another one, yet again, same thing, SIM card swaps, and these various creative methods of hackers taking over your phone, your Gmail, everything. This is 100% preventable by a YubiKey. On top of this, you can also add YubiKey verification to your email as well. So this is an example of the Google security page, where you can activate a two-factor authentication. I definitely don't recommend SMS. So this can add that to your email accounts or other exchange accounts like FTX. They recently added YubiKey support. So anyways, at the end of the day, don't use SMS. That seems to be like the worst one. And then adding the YubiKey is the best in class at this current point. Now on to strengths and limitations, because this device, while it might be useful for me, it might not be useful for everyone else. So yet again, this is, I'm listing a few points that you might want to consider why and why not to have this device. First of all, if you use exchanges, I would definitely say, and you leave a considerable amount of money on exchanges, this is definitely powerful because it gives you that extra degree of security. The way I set it up is that during trading times, just like this, when I need to deploy capital, I have funds on exchanges. This is the way it works. Other times, and obviously I still have huddle and use these to keep cryptocurrencies long time. And I'll tell you exactly why. But if funds are on exchanges, I'll definitely say having this is valuable. But you do have to check if your exchange supports YubiKey. I know that not all exchanges support it. So make sure you check up your exchange, if that supports it or not. All right, next up, I'm going to hit you guys with a limitation. So every time I make my withdrawal, I set it so I need a YubiKey. And this is very powerful. So it prevents hackers from stealing my coins. But at the same time, it does offer some inconvenience. In fact, quite a lot of inconvenience. So if you use multiple devices, so this is actually why I got two of these, because I use devices in multiple locations, in the studio here, and also at home, then I don't want to carry these around every single day. So you do fall down the rabbit hole of, oh my God, like I need to use some funds now. I need the key. Where is the key? So this does add an inconvenience to withdraw. So you have to kind of weigh that out between whether you want the extra security or you want to have convenience. This is especially true if you're a mobile power user. I know some people go, you know, traveling and they need to send crypto around and they need to have access. And yeah, carrying this on top of everything doesn't always make sense. So just leaving that out there. Next, I'm going to hit you with another limitation, which is that this does not prevent exchange hacks. So whilst you can secure your account very well on your side, sometimes the exchange itself drops the ball and stuff happens. All right, coming to the last bit, the most annoying part is which YubiKey should you get? There are so many different models on the website and the price ranges from 20 bucks all the way up to 70. So luckily for me here, I had personal experience with the $20 one and the $70 one. And I would honestly say that this is better. This actually offers a better experience. So it's definitely not a case where the more expensive, the better it is. And I'll tell you a few reasons of why I chose to pick and win. So first and foremost, it depends on which type of connection you have on your computers. So initially I thought, oh, type C will be good, especially for MacBooks because the new MacBooks just plug the type C straight into it. And also for phones and mobile. I'll get to the mobile part because unfortunately, a lot of exchanges don't support mobile for YubiKey. So I'll talk, touch about that later, but just consider the connection and the ports on your computer. Normally when I need to withdraw cryptocurrencies is usually at home. I usually don't do it outside. It doesn't make much sense for me. So having a key that connects criminally to my computer, taking up a type A slot actually makes a lot of sense. So just normally these slots out there, if it takes one, I don't really mind. And that's why this one turns out to be quite good for me. Now, considering mobile. So the one that I got first was this one. This is the expensive YubiKey 5Ci. I'm not sure how they even name these, but this little one has both support for iPhone and for USB Type-C, which means it supports Android and for MacBooks and also PCs. I mean, if you have a newer PC build, you also have this as well. But I do want to point out that a lot of apps do not natively support YubiKey. So this actually includes a Binance app as well. I didn't know that. But even if you can't physically connect it into your computer, I mean, your phone, like you can connect it into your phone, it doesn't mean the app supports it, which defeats the whole purpose of having a first place. So you can obviously see by the tone of my voice, I'm a little bit angry that there wasn't any support for this. So as of now, on the Android app, it doesn't have support for the YubiKey. I know different apps are different, so Google would support it, but, you know, unfortunately, the exchanges that I use do not. So this is a useless feature. It can't really connect to any of my mobile devices. And yet again, I also realized that I don't really need to use it when I'm out. And of course, the next consideration is price. Honestly, 20 bucks is a great price. I think that's what someone should pay for something like this. I mean, 70 is really pushing to the edge. So typically speaking, if you're new, just buy the one with the least features. I mean, do you really need NFC? I don't need NFC. I just bought the cheapest, easiest one. That's why I bought two of these. So I can have one at home and one in the office. It makes sense for me, right? So I would say for all extents and purposes, if you have a regular USB connection on your computer, this will be good. If you have a MacBook, then fine. You know, if you can already afford a MacBook, then just take something with the USB Type-C connection. So either this one, this one, or this one, it's like, it depends on which size you want. Yet again, like how big you want it. But at the end of the day, for me, because I use it at home, I don't mind a cheap big one. If you guys have any additional questions, leave them down below. Security considerations, concerns, et cetera. Leave a comment down below. We also have a website review on that. So check it out. The full review for right up on this. And with that, guys, thank you guys so much for watching. If it helped you, make sure you like, subscribe, and share it to your friends as well. And with that, see you next time.