Best 2FA security key 2021

Discussion in 'hardware' started by Rasheed187, May 13, 2021.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Seriously guys, so nobody is using any security keys? I'm planning to buy one, but I wonder if the Yubikeys are the best solution.
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    in the amount of time u spent ranting here for help, u could have checked it yourself...

    I have sooooo much stuff to do, but in just barely 10 minutes I quickly figured out that:

    There are a few ways sites can authenticate you with Hardware 2FA (security protocols):
    FIDO2/WebAuthn, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response

    There might be more, but those seem to be the main ones.

    So, go to a site and click Learn More

    upload_2021-5-16_18-5-25.png

    Then u will see what security protocols that site supports


    upload_2021-5-16_18-16-48.png

    So then find which site u want to use and buy corresponding key that supports it (obviously, the more it supports the better). Gl.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for the help, and of course you can find most info on the web, but I like to hear about people's own experiences, this is sometimes more useful than standard info. But from what I understood, it's all about the protocols that security keys support? So if a key supports FIDO U2F, then it will work with all websites that support this, I guess.

    I do think it's weird that they make it hard to find which websites are supported, I couldn't easily find this info on the Yubico site and I didn't find anything on the Google Titan and Thetis website, while this is the most important selling point, this is crazy!
     
  5. Magic_The

    Magic_The Registered Member

    Joined:
    Jun 24, 2015
    Posts:
    40
    Get a yubikey.
     
  6. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Provide more explanation.

    https://www.dongleauth.info/
    https://www.dongleauth.info/dongles/

    I am honestly surprised. Google is usually top-notch quality in everything they make (other than privacy ofc). But this? Google titan doesn't support OTP.

    https://blog.teamstack.com/all-about-2fa-what-is-otp-totp-and-hotp/
    https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/
    https://blog.strongkey.com/blog/guide-to-fido-protocols-u2f-uaf-webauthn-fido2
    https://wearedevs.com/two-factor-authentication/
    https://alicebobandeve.org/blog/standards/2019/11/05/fido2-u2f-oath-yubico-otp-yubikeys/
    https://fidoalliance.org/members/
    https://blog.strongkey.com/blog/guide-to-fido-protocols-u2f-uaf-webauthn-fido2

    FIDO2 > UAF >= U2F > Yubikey OTP > TOTP > HOTP in terms of security

    Each method has its own pros and cons, but if u have to pick, Yubikey OTP is much better than any other OTP, and FIDO2 is UAF and U2F combined basically. And U2F is better than Yubikey OTP, I think.

    https://www.reddit.com/r/Bitwarden/comments/hhbza7/yubico_vs_fido_u2f_what_is_the_difference/


    https://www.youtube.com/watch?v=0R23JRR671I
    https://www.youtube.com/watch?v=NEDeL3Q4WvI
    https://www.youtube.com/watch?v=aMo4ZlWznao
     
    Last edited: May 16, 2021
  7. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    533
    Location:
    Australia
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I guess this is probably the smartest thing to do since they at least provide information on which websites these keys will work.

    Thanks I totally forgot about this site. It's a bit shocking to see how many services still don't support security keys! And too bad that you can't sort on which websites do support Yubikeys.
     
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    if you buy a yubikey that supports all protocols, technically all the sites that support hardware 2FA will support at least one protocol that yubikey supports. And then you just follow the order of security.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes I guess this makes sense. Somebody should make a website where you can easily see which website supports which security key.
     
  11. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    It's not very hard you just have to scrape the html easy to do with a script :p

    Hell, you could even manually copy the entire relevant html of the webpage, apply a regex and boom. Very very easy to do.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.