How To Use A Yubikey With KeePassXC

Подписаться 1,9 тыс.

Просмотров 6 тыс.

50% 1

How To Use A Yubikey With KeePassXC
In this video I am going to show you in full detail how to integrate a Yubikey 5 series with KeePassXC to further enhance the security of your KeePassXC database by adding the facility of having to use a YubiKey along with your usual database master password.
Chapters
00:00 Intro
00:39 Choosing the right Yubikey
02:12 Installing Yubikey Personalisation Tool
03:58 Preparing the Yubikey for use with KeePassXC
10:12 Adding the Yubikey in to KeePassXC database
12:12 Opening KeePassXC database with Yubikey
13:02 Testing database remains locked without Yubikey
13:57 Conclusion & Outro
Join this channel to get access to perks:
/ @mrtimtech2022

Наука

Опубликовано:

10 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 42

@user-sz3xn8el6i 6 месяцев назад

Thank you!

@MrTimTech2022 5 месяцев назад

You're welcome!

@javiercarmona680 18 дней назад

Thank you excellent👍

@MrTimTech2022 18 дней назад

You are very welcome, glad you found it useful !

@victorcotu 4 месяца назад

Why do you backup the challenge and response from the challenge-response tester? Is not that tool just to test that the function works?

@MrTimTech2022 4 месяца назад

You backup the challenge-response in case of any mistake and then you're not able to login. You can also backup the challenge-response so you can copy the details to a 'backup' Yubikey.

@UnBubba 5 месяцев назад

Must the Yubikey remain inserted into the USB slot while using Keepass? Or, does it just need to be inserted at the time of Keepass login (and can be removed once authenticated)?

@MrTimTech2022 5 месяцев назад

As far as I know provided the database is set to remain unlocked and not auto lock for example then there should be no reason why you cannot remove the Yubikey.

@marthagrande6653 2 месяца назад

Maybe MrTim knows that as well: I am wondering if it is safe to keep yubikey plugged in all the time? My thinking: if someone takes over my machine he can probably use an usb slot as well and suddenly this yubikey does not look like added security. Probably I am wrong.

@MrTimTech2022 2 месяца назад

I doubt anyone would attempt to get around that and I think Yubico must have thought about that when creating Yubikeys, to be 100% sure you should have the touch yubikey option set so each time it requests authorisation for something you would have to touch the gold spot on the yubikey, as no remote hacker could touch it without being their physically!

@Agamerfr0zed 5 месяцев назад

You use the same secret to configure another Yubikey? Would the Yubikey Manager works as well to configure the keys?

@MrTimTech2022 5 месяцев назад

I would presume so, however I currently don't have a 2nd Yubikey to test this. Maybe have a look at the FAQ/Help section on the KeePassXC website to see what it advises.

@jordannash4420 5 месяцев назад

Awesome video. Yes it works on both, @Agamerfr0zed. I copied the same "Secret Key" from the USB text file I printed on paper and used the same input challenge from the USB text file and was able to unlock KeepassXC with both Yubikeys.

@MrTimTech2022 5 месяцев назад

@@jordannash4420 Great stuff Jordan and thank you 👍. Glad it worked with copying and pasting the Secret Key to the 2nd Yubikey. I'm working on another video at the moment with PassKeys for Yubikeys 🤔so keep an eye out for that one as it might interest you.

@TM-dagger 3 месяца назад

@@jordannash4420 but does the 'challenge' and 'respond' still work on the 2nd (backup) key.... i doubt it..but i am not sure. Could you verify?

@MrTimTech2022 3 месяца назад

@@TM-dagger Yes it does, you should copy the Secret to the 2nd Yubikey for backup purposes.

@vmobile890 5 месяцев назад

When using computer or phone is there access to all non internet functions without the key ?

@MrTimTech2022 4 месяца назад

You can still use the phone/computer as normal but when loading KeePass it will request the Yubikey. The Yubikey in this video is for the KeePassXC app only

@captainofouterspace 3 месяца назад

Should I worry about typing my master pass into keepassxc in Windows, considering M$ keylogs everything anyway?

@MrTimTech2022 3 месяца назад

I don't think you need to worry, I doubt M$ are interested in logging your KeePassXC access, besides you obviously have a Yubikey too.

@baby333 3 месяца назад

7:08 what's the difference between doing all these, and just using Yubikey Manager and generating an HMAC-SHA1 OTP on Slot 2 which we can backup to put on extra keys? is there any advantages to this over doing that in Yubikey Manager?

@MrTimTech2022 2 месяца назад

I do use Yubikey Manager to generate the HMAC code. I am temporarily copying it to a Notepad document so that the same code can be put in a backup YubiKey. If you don't have the same code in both the original and backup YubiKey then you will not be able to access KeePassXC. Does that make sense.

@baby333 2 месяца назад

@@MrTimTech2022 Yep! I was curious though why you were doing it with Yubikey Personalization Tool instead of Manager? I seen others do it with CLI too, im guess its all the same results in the end just different techniques right? :)

@MrTimTech2022 2 месяца назад

@@baby333 You should end up with the same results. I used the Personalization Tool as when I recorded the video I can't recall Yubico Authenticator version having that option built in, it's only the latest version 6.4.0 having this option built in. I would just follow my instructions using the Personalization Tool, at least then you're following me along and you know it works ok, others should work but as I haven't tested I can't 100% be sure.

@baby333 2 месяца назад

@@MrTimTech2022 Thanks

@frostyglace 3 месяца назад

Is there a way to set up a timer? Like when I used the YubiKey I don't have to use it for the next 10 Minutes or so?

@MrTimTech2022 3 месяца назад

To be honest I'm not sure, maybe check the KeePassXC knowledge base/FAQ's and see if it mentions that somewhere.

@frostyglace 3 месяца назад

@@MrTimTech2022 Couldn't find anything. I just removed the function that I have to click on the Yubikey. So it works when the Yubikey is just plugged in.

@MrTimTech2022 2 месяца назад

@@frostyglace Ok, yes I guess that makes sense.

@cyrilpinto418 3 месяца назад

Newbie here; how do I make a backup to a 2nd yubikey. 2nd question: is it possible to use one yubikey to back up 2 databases. Reason being that I wish to use the same yubikey go back my personal database and for my partner.

@MrTimTech2022 3 месяца назад

You have to copy and paste the shared secret to the 2nd Yubikey (backup one) and then test both to make sure you can access KeePass with them. Provided you have 2 slots free on the Yubikey then you can add 2 databases to 1 Yubikey. Keep a look out as I may well do a video on using 1 Yubikey for 2 separate KeePass databases and also how to backup those to a 2nd Yubikey. Hopefully this will help

@cyrilpinto418 3 месяца назад

@@MrTimTech2022 thanks for that; looking forward to the video

@rasmont9363 5 месяцев назад

Hello, I'm using Yubikey for most applications as a F2A including Yubico Authenticator. I would like to secure my files inside of a KeePass database with yubikey. However, I'm not sure if configuring Yubikey this way will remove my existing F2As stored inside of the Yubico Authenticator. I also want to use it with two YubiKeys as I have my F2as on backup yubikey as well.

@MrTimTech2022 5 месяцев назад

Hi RasmonT - Thanks for the comment. Yes you can still use 2FA on the same Yubikey in addition to using the same Yubikey to secure your KeePassXC database. If you also want to use your backup Yubikey then you would need to copy the 'Secret' which is generated and paste this in to your backup Yubikey so you can use both. There's some comments here on my channel mentioning that others have done this! Hope this helps ?

@rasmont9363 5 месяцев назад

Thank you. My main concern is, if I configure the challenge on configuration 1 will it remove my f2as or not? Just to understand what's the difference between configuration 1 and 2 on single Yubikey. Regards.@@MrTimTech2022

@MrTimTech2022 5 месяцев назад

@@rasmont9363 You can certainly still use 2FA in addition to securing your KeePass database with the Yubikey, just make sure that it says that the 'Slot' is empty when programming it for KeePass. This page tells you the storage limits for Yuibkey 5 series keys - support.yubico.com/hc/en-us/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with Here's a bit from the Yubikey forum - Hope this helps

@TM-dagger 3 месяца назад

@@MrTimTech2022 could you verify that the Challenge and Responds will still work when the secret is copied to a spare key? Cause I doubt it will. (The copied secret key to a spare Yubikey does work btw)

@user-fb3pp8uo4l 3 месяца назад

hello sir do I DO THE SAME FOR ALL MY DATA BASES

@MrTimTech2022 3 месяца назад

I would suggest you have 1 'Master' database and have different folders in that database for different sections - for example 1 folder for websites - 1 for network devices etc. all in the 1 database, therefore you just need 1 Yubikey and not multiple ones for multiple databases. However if you do insist on having multiple databases then you would have to use different Yubikeys for open each individual database file. Unless you have 1 programming slot free on a Yubikey then you could use 1 Yubikey to open 2 databases. Hope that makes sense.