Hardware Authentication and Security tokens, like the YubiKey, are a great advance in IT Security; they’re accessibility for individuals and low price point makes it easy to secure your IT services, online accounts, and more using a hardware secure-element that is nearly immune to private key leak or theft.
I’ve been using a YubiKey NEO for nearly a month now and I use it daily, on both my MacBook and my mobile (via NFC). It’s smart-card (PIV/CCID) element has three keys on it, a signing key, encryption key, and authentication key which I use for code, email, and git commit signing, as well as secure-shell (SSH) authentication, and more.
The FIDO U2F component also integrates tightly with my digital world, acting as a second (or in some cases third) factor of authentication for all of my online accounts which support it (right now that’s GitHub, Google, and DropBox to name a few). In combination with the OTP modes available, the YubiKey is very powerful bit of kit!
Crush-Proof, Not Dan-Proof
Before I go on, don’t let me put you off – YubiKey’s are awesome! I’m sure alternatives are too, but the YubiKey, and Yubico as whole seriously rocks – read on to find out why).
So there I am, finishing some changes to a large (and unfortunately proprietary) project. I always sign my git commits and outgoing mail, so I plug-in my YubiKey NEO, start the GPG-Agent service, and give my code a quick once-over before committing it.
Sweet! Code looks good, I’ll just grab a drink and then this commit is good to go!
This quickly becomes the story of how I destroyed my YubiKey Neo. I broke the unbreakable.
Nothing is Dan-Proof, something which has been proven time and again.
As I placed my MacBook on the seat of the sofa and began to get up, it slid off the edge, falling only a short distance onto its side. As my luck would have it, that side is the side which I just connected my YubiKey.
Mistakes were made!