Is this safe against cookie stealing (session hijacking)? If I logged in using an Yubikey, will the hacker be able to be logged in as me if they steal my cookie? I have been hacked using cookie stealing recently and I am trying to protect myself, but I can't find a way to protect me from this.
The YubiKey as any other MFA device or method is just for authentication purposes. Once you are logged in on a web application and you are given a cookie for your session, if someone manage to hijack it, they would be authenticated as if it were you. Even though it might not be a good example, just to make you understand what I have said, let us say you go to visit a company, there you will be asked questions and provide identity card (all this is your authentication), once they have checked it is you, you are given an internal identity card with a number they use internally (this is the equivalent to your session). If you happen to leave your identity card anywhere and someone "steals" it, they can access the places you could have visited with that identification. This thief will not need to provide their real identity or be asked any questions, since they have that identity card, they are supposed to have done so before entering the company. Does it make sense?
If your session is being stolen, the computer you used / use is infected somehow. The only way to stop that is get rid of that malware. 2FA will never stop this since the session is stolen after you have authenticated.
I have two of this stick which I got from different company for authentication. Now they gone. Is there anyway I can format them and use it for my own personal things? Thanks
These things are terrible, got to watch 10 video's on how to set these things up. Then good luck with then setting up the websites or apps you want to use this on. Very challenging. I can't get these things to work. Yubikey, make these things plug and play. Things should just work, shouldn't have to download installers then try to force them to work on websites after.
DO NOT BUY THIS PRODUCT, unless you know EXACTLY how to use and install it! They offer NO SUPPORT whatsoever. Also, once you spend 50 or 60 bucks on this product, they highly recommend that you spend another 50 or 60 bucks on a spare. They further insinuate that not buying a spare will result in being locked out of your accounts. This is called bait and switch! This is a very unscrupulous company. Recommend not doing business with them! Also, all of the videos that you see on TH-cam about these YubiKeys include affiliate links to the company. They are probably all produced by Yubico, Inc. Don't trust this company!
It’s not rocket science dude and encryption companies don’t have to hold your hand because you’re too incompetent to understand why you need a backup because you locked your self out of every service you use. They are a fantastic product and work flawlessly, just have to be 2% smarter then what you’re working with bud.
They don't _insinuate_ that not buying a spare will result in being locked out. Don't twist things. It's called a backup method. Any good security uses it. If you understood anything about security keys you would understand they provide the best security for your accounts, so by nature, a security key as a backup would be the best backup method. It's not just a sales tactic. Yubikeys are the security keys made by Yubico... hence the name Yubikey. So of course they have links to them. That must mean that iPhones are made by Apple and F-150s are made by Ford. Stop cooking your brain cells on whatever it is you're doing and go educate yourself about some basic things. Honestly 2% smarter is being generous.
Is this safe against cookie stealing (session hijacking)?
If I logged in using an Yubikey, will the hacker be able to be logged in as me if they steal my cookie?
I have been hacked using cookie stealing recently and I am trying to protect myself, but I can't find a way to protect me from this.
The YubiKey as any other MFA device or method is just for authentication purposes. Once you are logged in on a web application and you are given a cookie for your session, if someone manage to hijack it, they would be authenticated as if it were you.
Even though it might not be a good example, just to make you understand what I have said, let us say you go to visit a company, there you will be asked questions and provide identity card (all this is your authentication), once they have checked it is you, you are given an internal identity card with a number they use internally (this is the equivalent to your session). If you happen to leave your identity card anywhere and someone "steals" it, they can access the places you could have visited with that identification.
This thief will not need to provide their real identity or be asked any questions, since they have that identity card, they are supposed to have done so before entering the company.
Does it make sense?
If your session is being stolen, the computer you used / use is infected somehow. The only way to stop that is get rid of that malware. 2FA will never stop this since the session is stolen after you have authenticated.
@@A42yearoldARAB This is simply not true. AiTM attacks do not require malware on the victim machine.
I have two of this stick which I got from different company for authentication.
Now they gone.
Is there anyway I can format them and use it for my own personal things?
Thanks
I imagine you just buy a new one for personal use, but I don't really know for sure.
Great tool, but what I hate more is bat support, and yubi support is NOT replying to my ticket for some reason.
Great product
These things are terrible, got to watch 10 video's on how to set these things up. Then good luck with then setting up the websites or apps you want to use this on. Very challenging. I can't get these things to work. Yubikey, make these things plug and play. Things should just work, shouldn't have to download installers then try to force them to work on websites after.
Sounds like a skill issue.
It works very easily, you just need sites to support it.
Romaine Meadows
Nice way to sell hardware and to force work from home users to reach office for all users before 30th May 2024. M. S.
DO NOT BUY THIS PRODUCT, unless you know EXACTLY how to use and install it! They offer NO SUPPORT whatsoever. Also, once you spend 50 or 60 bucks on this product, they highly recommend that you spend another 50 or 60 bucks on a spare. They further insinuate that not buying a spare will result in being locked out of your accounts. This is called bait and switch! This is a very unscrupulous company. Recommend not doing business with them! Also, all of the videos that you see on TH-cam about these YubiKeys include affiliate links to the company. They are probably all produced by Yubico, Inc. Don't trust this company!
It’s not rocket science dude and encryption companies don’t have to hold your hand because you’re too incompetent to understand why you need a backup because you locked your self out of every service you use. They are a fantastic product and work flawlessly, just have to be 2% smarter then what you’re working with bud.
They don't _insinuate_ that not buying a spare will result in being locked out. Don't twist things. It's called a backup method. Any good security uses it. If you understood anything about security keys you would understand they provide the best security for your accounts, so by nature, a security key as a backup would be the best backup method. It's not just a sales tactic.
Yubikeys are the security keys made by Yubico... hence the name Yubikey. So of course they have links to them. That must mean that iPhones are made by Apple and F-150s are made by Ford. Stop cooking your brain cells on whatever it is you're doing and go educate yourself about some basic things.
Honestly 2% smarter is being generous.
this comment glows
DO you know how to exactly use it? I have the authenticator app then I just found out that I have to download something for windows 11 LOL
Switch this product with keys for your house - If you do not feel stupid now, you are a lost cause...
the voice...yikes!
What about it?
It's great