Anyone out there have a YubiKey? If so, how do you like it? http://en.wikipedia.org/wiki/Yubikey http://www.yubico.com/home/index/ I am thinking about getting one of the T-FA devices and am looking for input.
I remember reading about the YubiKey some time ago and had forgotten about it. Thanks for the post! If we try it, we don't have a lot to lose at $25. It doesn't seem to have a lot of sites for use, but the TrueCrypt capability could be worth the price on its own. Love the OTP. Here's a good article from Tech Republic: http://blogs.techrepublic.com.com/security/?p=899 Thanks again!
I admit I am too lazy to go search how you can use a YubbiKey with Truecrypt... will you tell me about it? Also, if you are going to use it mainly for TrueCrpyt, I advice the use of a token such the Aladdin eToken. It might be not unbreakable (although I don't know of any attack able to extract keys from it without knowing the password), but surely qutie secure.
There are plenty of good videos on YouTube on how to use the YubiKey as well as their site at yubico.com. I am not pushing the product... but am grappling with needing a physical device beyond what I use. That could just end up being a pain. I guess it's a balance. My TC passphrase is: Length: 36 Strength: Strong - This password is typically good enough to safely guard sensitive information like financial records. Entropy: 111.6 bits Charset Size: 93 characters so I end up asking myself... how much more is needed?
Your password is not crackable, but it might get stolen, unless you use it only in an environment totally secure under the physical point of view (I am not considering using it on a compromised machine, although it might be considered as well). The use of a physical device protects you against a different vector of attacks. When starting to use a token, is not when you are supposed to make your password less secure.
