I wonder about the necessity of a hardware key rather than totp from something like Aegis (what I currently use). If Aegis seeds are all encrypted on the device, what is the upgrade in security going from Aegis to a hardware key, if any?
This blog from Trezor sums it up pretty well. Admittedly the security gained going from Aegis to a hardware token is relativley minor, but the convenience and slight upgrade are worth it in my opinion. blog.trezor.io/why-you-should-never-use-google-authenticator-again-e166d09d4324
U2F will protect you from phishing attacks. It will only enter your key to the domain it is intended for, AIUI. Attacker fake domains won't be able to get it.
I thought about bying a Yubikey but the cost was too high in regard to the few websites I could use it with. But at that price, I might consider it again. Thanks for your video.
Because, if you assembly it yourself you will know it's value and you will be protective of it , there will be a bond between you and the machine. Sounds like Matrix....
I got a 2FA (Nitro)key two years ago, set it up, tested it, seemed fine. But straight away i found i could log into every account on other devices without once being asked for 2FA. I then went back to the original device where all seemed to work, untill i just opened a different browser (on the same device) and again, i was NOT asked for 2FA even once. Is it likly that i have made a basic mistake during set up, or that i have a faulty key? Anyone?
@@Xerazal This was on multiple services at once. I can believe Twitter being at fault, but things like Bitwarden and Tutanota all at the same time? Nah, something else is up. The most likely thing is that I've made a basic mistake, I just still can't figure out what.
@@BaddBadger what I mean is that if you set up the key, then try to login but it never prompts to use the key, it's the service. At that point the service has to request the key. If you can log back into the account and check if the 2fa is set up and the key is listed, then it's not the key there. Trust me, I've had a ton of issues with the solo v2 and got so annoyed with the lack of communication from solokey that I ended up getting yubikeys, which work on everything that supports security keys without issue. But if the service never prompts for a security key after you set it up and the service says it's set up, it's the service. It's possible that it thinks it's set up but it's not? Try removing and adding the keys again.
@@Xerazal Cheers. I kinda wish i gone with Yubikey. But they look a bit fragile to me. I went with Nitro because i was assured they were as ethical a company as you can get in this field. Plus they are German, and i used to live there, so i was showing support. But once i got this key the first thing i found was not to bother with the Linux app because Nitro say that dosnt work. So i was off to a bad start right away. Should have done more reasearch, or just gone for Yubi.
I Love the hardware keys, makes life so much simpler. I keep one on my Keychain with a one of those detachable clips and keep a backup in a safe place. I've had a Yubikey since 2013, so almost 10 years and the dang thing still works and looks like it did when i bought it
Yay! Audio!
Good to hear you !
I wonder about the necessity of a hardware key rather than totp from something like Aegis (what I currently use). If Aegis seeds are all encrypted on the device, what is the upgrade in security going from Aegis to a hardware key, if any?
This blog from Trezor sums it up pretty well. Admittedly the security gained going from Aegis to a hardware token is relativley minor, but the convenience and slight upgrade are worth it in my opinion. blog.trezor.io/why-you-should-never-use-google-authenticator-again-e166d09d4324
U2F will protect you from phishing attacks. It will only enter your key to the domain it is intended for, AIUI. Attacker fake domains won't be able to get it.
I thought about bying a Yubikey but the cost was too high in regard to the few websites I could use it with. But at that price, I might consider it again.
Thanks for your video.
Because, if you assembly it yourself you will know it's value and you will be protective of it , there will be a bond between you and the machine.
Sounds like Matrix....
I got a 2FA (Nitro)key two years ago, set it up, tested it, seemed fine. But straight away i found i could log into every account on other devices without once being asked for 2FA. I then went back to the original device where all seemed to work, untill i just opened a different browser (on the same device) and again, i was NOT asked for 2FA even once. Is it likly that i have made a basic mistake during set up, or that i have a faulty key? Anyone?
If the service is set up for u2f but isn't asking for it, it's the service that's the problem, not the key.
@@Xerazal This was on multiple services at once. I can believe Twitter being at fault, but things like Bitwarden and Tutanota all at the same time? Nah, something else is up. The most likely thing is that I've made a basic mistake, I just still can't figure out what.
@@BaddBadger what I mean is that if you set up the key, then try to login but it never prompts to use the key, it's the service. At that point the service has to request the key. If you can log back into the account and check if the 2fa is set up and the key is listed, then it's not the key there.
Trust me, I've had a ton of issues with the solo v2 and got so annoyed with the lack of communication from solokey that I ended up getting yubikeys, which work on everything that supports security keys without issue. But if the service never prompts for a security key after you set it up and the service says it's set up, it's the service.
It's possible that it thinks it's set up but it's not? Try removing and adding the keys again.
@@Xerazal Cheers. I kinda wish i gone with Yubikey. But they look a bit fragile to me. I went with Nitro because i was assured they were as ethical a company as you can get in this field. Plus they are German, and i used to live there, so i was showing support. But once i got this key the first thing i found was not to bother with the Linux app because Nitro say that dosnt work. So i was off to a bad start right away. Should have done more reasearch, or just gone for Yubi.
I Love the hardware keys, makes life so much simpler. I keep one on my Keychain with a one of those detachable clips and keep a backup in a safe place.
I've had a Yubikey since 2013, so almost 10 years and the dang thing still works and looks like it did when i bought it
Second times the charm lawl.
Alright sound works now
Ayy, you have come back from mime camp!
mna~ very good .
algorithm.
That is really great to show us some security/privacy oriented objects like that key. Thanks you nathan. Ps: i use yubikey ecosystem btw...
🎓👏😓💻🙋🎊
First