Yubikey – Encryption – OTP – 2FH – Challenge-Response – Better Security – FIDO Certified

Recently, in order to take the security story further I purchased a Yubikey from http://www.yubico.com.

My decision was prompted to use better security for all places that I use keys.

1. Laptop – Login to Device (Challenge-Response)
2. Access to hosting provider (VULTR)
3. SSH access to systems (VPS, AWS)
4. Move away from Google Authenticator (2FH)
5. Laptop access to websites via password manager – LastPass

The Yubikey I decided on was the Yubikey Neo due to the fact that it had NFC capabilities for mobile device. Now this presents a problem for tablets like the Samsung S2 Tab that doesn’t include NFC. Furthermore, Apple and its implementation of NFC haven’t opened their NFC access.

1. Laptop – Login to Device (Challenge-Response)
This is by far the most difficult and risky to setup. Highly recommend a backup of your laptop before you implement.

2. Access to hosting provider (VULTR)
Vultr, IMHO, appears to be a good progressive web hosting provider that has resources in many markets and provides VPS services at a fair cost. They accept BTC too if you are interested in keeping with your modern payment strategies. They also have an option to require Yubikey for administrative console access. See below.
Vultr - Yubikey Access

3. SSH access to systems (VPS, AWS) via GPG.
Make sure you have the Yubikey inserted.
Make sure you have PATH statement in place.
Initialize the YubiKey
echo “enable-ssh-support” >> ~/.gnupg/gpg-agent.conf
export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh

4. Move away from Google Authenticator (2FH)
Hardware key for Google.

5. Laptop access to websites via password manager – LastPass

Here’s an example of the LastPass request on laptop when trying to unlock vault. Yubikey and LastPass


Also published on Medium.