YubiKey Set-Up And Use: Two Factor Authentication Using Hardware (YubiKey) To Secure Google, Bitwarden, LastPass
Overview
Your YubiKey is the size of a thumb (flash) drive and plugs into the same place (USB port) on your laptop.
Pressing or tapping button is done with a light touch especially when plugged into a port.
https://www.yubico.com/why-yubico/how-the-yubikey-works/
YubiKey is a hardware device that makes two-factor authentication as simple as possible.
It doesn’t require a smartphone. But it can be used with a smartphone.
Instead of a code being texted to you, or generated by an app on your phone, you press a button on your YubiKey (plugged into your laptop). That's it. Each YubiKey has a unique code built on to it, which is used to generate codes that help confirm your identity.
When logging in to Google (or any other YubiKey secured application) simply insert the key into the USB port of your laptop and gently press the golden button on the YubiKey when prompted by the secured app.
YubiKeys can be used with an Android or iPhone along with a laptop. Access is granted by tapping the key on the phone as long as a YubiKey with NFC (near field communications) is used. Works similar to paying at a cash register by tapping your phone (Tap To Pay).
Yubico strongly recommends having a spare key. No spare is needed for REMC1 accounts. . Ignore spare key instructions.
If you lose your YubiKey or it ceases to work contact Support and we’ll take care of it.
Please note: REMC1 cannot support personal uses of your REMC1 YubiKey.
If you want to secure personal accounts such as finances or social media, you are making a wise choice, but use your smartphone for free software 2FA options or buy your own hardware key and a backup key.
Here is a link to the hundreds of YubiKey supported products, services, and applications.
https://www.yubico.com/works-with-yubikey/catalog/?sort=popular
Securing Google Accounts With Hardware 2FA using YubiKey
Traditional login is no longer secure in today’s world – malware and other attacks steal passwords and hack accounts every day. The YubiKey is a hardware security key that provides strong one-touch authentication, and works seamlessly with Google Accounts. Fortify your login by turning on Google 2-Step Verification and registering the YubiKey with your Google Account.
Secure
By requiring the physical key to log in, you protect your account from remote and unauthorized access.
Easy to Use
Get strong authentication with just a touch. Just log in to your Google Account, and tap the YubiKey’s gold contact when prompted.
Simple YubiKey Setup For Your Laptop
Click below link to enter Google Account Security for your own REMC1 Google Account.
https://myaccount.google.com/security
Scroll down to How you sign in to Google
Click on Security Keys
You will be prompted to login with your Google password.
Click on Add Security Key
Select Physical and click Next
Select OK
Select OK
Insert your YubiKey into the USB port of your laptop
[ need actual Yubikey to demonstrate the finals pieces plus logging in ]
A quick (1:18) video from Yubico (ignore spare key section)
https://www.youtube.com/watch?v=PeF0Y8pT7UQ
Securing Bitwarden With Hardware 2FA using FIDO2 WebAuthn with YubiKey
FIDO2 WebAuthn Overview – Why it's our way to use YubiKey with Bitwarden
The YubiKey option is OTP. Choose FIDO2 WebAuthn option and use it with your YubiKey.
2FA is evolving. Using email, SMS, or even OTP (one time password) for 2FA can be phished and/or hacked via a man-in-the-middle attack.
FIDO2 WebAuthn to the rescue.
part of FIDO2
WebAuthn
Setting Up FIDO2 WebAuthn with YubiKey for Bitwarden
There are several 2FA methods that work with Bitwarden: (we use FIDO2 WebAuthn when use YubiKey)
Multiple enabled methods are supported.
To setup and use FIDO2 WebAuthn on your Yubikey for Bitwarden use this link.
Securing LastPass With Hardware 2FA using YubiKey
YubiKey with LastPass Overview
with LastPass
Setup and Configure YubiKey with LastPass (Presently only uses OTP)
Use YubiKey to log in to LastPass