Yubikey

Who uses one? I see they have 3 available now. I've got a Nexus S with NFC. I just can't see why I would need one (I want a new gadget ). I currently have all my pass phrases memorized, and they are all 64 characters. I was thinking of doing 32 in memory, and doing 32 random static in the Yubikey, but if an attacker happened to get the Yubikey, I just gave away half of the key. The only thing that I can see it being useful for is for faster entry on the phone...but I rarely browse on the phone. What do you use yours for? If a person can remember 64 characters, is a Yubikey of any benefit?

PD

 

I use mine for LastPass multifactor authentication, the other use I can think of is truecrypt static key.

 

I use mine in the exact case as you suggested. I don't use it with TC though. I use mine with LUKS and Keepassx where I know ~69 char. password and the yubikey type in 32 char. I use the Scan Code option to use a password I generate myself securely. My total length is close to 100 Chars for one password. TC I just memorize the password as the limit is 64 anyways.

It does give you pseudo-two factor authentication and there is no way a 30 char. password can be cracker, so even if you lost your yubikey you are safe. 16 char. passwords aren't crackable in a reasonable amount of time.

EDIT: If you are using linux you can use it with PAM to login. The is software that does this with windows and mac as well. I believe it's called Rhos or Rohos?

 

Thanks guys.

PD