Yubikey Bio - Biometric Hardware Security Keys

Подписаться 435 тыс.

Просмотров 80 тыс.

50% 1

The Yubikey Bio Series of Hardware Security keys are designed to provide an added layer of security protection to FIDO2 authenticated services. The Yubikey Bio supports FIDO2/WebAuthn, and U2F, they work out of the box with Widows, macOS, Chrome OS, Linux, Chrome, and Edge, and the are available in both USB-A and USB-C form factors.
Product links (some are affiliate)
Get Your Yubikeys Here: geni.us/GunRC
USB-C to USB-A adapter: geni.us/tXvIIs
Timecodes
00:00 Intro
01:12 Introducing the Yubikey Bio
04:00 Compatibility Check
06:51 Yubikey Bio Setup and Fingerprint Enrollment
11:05 Setting up the Yubikey Bio with Github
13:18 Microsoft Windows Passwordless Authentication
17:26 Final Thoughts
------------------------
Buy me a beer! ko-fi.com/crosstalk
Or donate some Crypto! crosstalksolutions.com/contact/
Follow me on Twitter: @crosstalksol
Crosstalk Solutions - RECOMMENDED PRODUCTS: crosstalksolutions.com/recomm...
Crosstalk Discord: / discord
Amazon Wish List: a.co/7dRXc67
Crosstalk Solutions offers best practice phone systems and network/wireless infrastructure design/deployment. Visit CrosstalkSolutions.com for details.
Connect with Chris:
Twitter: @CrosstalkSol
LinkedIn: goo.gl/j2Ucgg
RU-vid: goo.gl/g4G58M

Наука

Опубликовано:

22 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 83

@D3nn.s 2 года назад

The bio key is also missing NFC. I wouldn't mind buying a key that is twice as thick as long as it has al the options you talked about. Without NFC a Yubikey isn't great for me because now I use it for everything, I have a USB A yubikey with NFC and can plug it in my computer or laptop and can tap it against my phone 📱.

@ve7jtb 2 года назад

The problem with NFC is power delivery. All the NFC devices with bio that I have seen either need a battery or only work with high power standalone NFC readers. It would be nice but needs better low power chips to do securely.

@dasGieltjE 2 года назад

@@ve7jtb I really, really wouldn't mind it being 2 or even 3x as thick, just insert a 2032 or something and make it a usefull device.

@tyellowquill 2 года назад

@@ve7jtb hello fellow bc ham

@tyellowquill 2 года назад

I also wonder why you can't use qi wireless charging to provide the needed power....

@tastewar 2 года назад

I doubt that the functionality would take up much more physical space, honestly. But to answer the question, I would definitely be more interested in an all-in-one device even if it were twice as thick.

@elmin2323 2 года назад

6:00 thanks so much! ill just stick to my 4 usb c/a yubi keys! hopefully one day they will make a all in 1 key!

@sergey930 2 года назад

not having TOPT is a big NO, would rather have it thicker than necessity to carry 2 keys

@wavemakersdj 2 года назад

Exactly. Two keys vs one thicker, I'll take one thicker every day until they engineer a thinner with both. Not having the bio work with the windows authenticator sucks.

@tomaskolinger 2 года назад

Windows Hello works on any computer with external USB Fingerprint reader even without TPM. Although Fingerprint needs to be certified to work with Windows Hello. But there is no OEM deal. I have self built desktop PC with USB Fingerprint and it works with Windows Hello just fine. For example Kensington makes Windows Hello Fingerprint readers.

@stebberg 2 года назад

Yes! Three times as thick if nfc is included as well

@flyby2300 Год назад

Thank you for this absolutely clear information.

@timflessas8230 Год назад

Grate help to me in Athens Greece, Thanks a lot.!!!!!!

@extrememike 11 месяцев назад

17:18 So basically someone can access your Windows Laptop/Desktop if they knew the login PIN, but could not access your OneDrive since that is protected by your Microsoft account. Thanks for the detailed explanation.

@artomontonen3722 2 года назад

One key is better than two. As an example, combinations of security keys YubiKey 5 NFC + YubiKey Bio or YubiKey 5C NFC + YubiKey 5 C Bio. I have YubiKey 5 NFC and YubiKey 5Ci security keys. Support for a new type of key may not exist and that may be the reason why the combination keys does not exist. I was looking for bio keys when I was buying YubiKey security keys, but the bio key was just a future product. After purchasing the security keys, I bought the USB adapters USB-A -> USB-C and USB-C -> USB-A. I need to carry a YubiKey 5Ci and one USB adapter and the YubiKey 5Ci can be connected to a USB-A port, USB-C port or Apple Lightning port. That was the reason why I had to buy one YubiKey 5Ci security key. YubiKey 5Ci is an expensive security key.

@SuperAaronbennett 2 года назад

I would 100% buy the Yubikey if it had all of the features for just a little thicker device

@JAMESLINUXCOFFEE 2 года назад

Hell yes i would buy it as i have been after that type of thing for months

@markbooth3066 2 года назад

The arguments that combining the functionality of a bio key and a 5 series would result in a physically larger key are not convincing. The size of the processor in these devices is a tiny fraction of the overall device size, you only have to look at how much space there is on a 5 series circuit board compared to the size of the surface mount Infineon security controller chip to see that. No, this is about market segmentation. It's about pushing people to buy different products depending on their use cases. This is why it's called the Yubikey Bio Fido, they planned from the start to sell different devices into different markets. My suspicion is that this is locked down to Fido only as they want to sell it in bulk to companies that exclusively use Azure, and once they've locked in some big contracts, they'll release something closer to the 5 series. What I'd like to see though is a Yubikey Bio close to the size of the Yubikey Nano, a device which hardly sticks out of the side of your laptop. You can already get fingerprint readers around this size, but a Yubikey Bio Nano with FIDO2, HOTP and TOTP support would be a great addition to the range.

@Agamerfr0zed 2 года назад

It baffles me how Paypal doesn't support security keys.

@slam5 2 года назад

@@KannexMedia they have it you have to enable it.

@CrosstalkSolutions 2 года назад

PayPal supports TOTP (which can be used with the Yubikey 5 series) - they just don't support FIDO2 (yet).

@psycedelic 2 года назад

you can use the yubikeys as hardware authenticators with the app for either pc or mobile

@MoneyMarcMes 2 года назад

What about using for bank sites as well as cradit card company sites like American Express, Chase etc.

@manolete1516 Год назад

Great review, i like speach about yubi key bio C take your Like!

@little-wytch 2 года назад

I would absolutely prefer to get something with a bit more heft. That's why I'm going to get the 5C without NFC, b/c it looks and feels sturdier. The flatter keys, regardless of crush tests and such, LOOK flimsy and that makes them, to people considering buying, instinctually seem like a bad idea. Honestly, I would like it to be incorporated into a flash drive that you can use to backup important digital documents, like if you have digital versions of insurance stuff, or encryption keys or other things like pgp or session or matrix, etc. or maybe it could just be a microSD slot for a card that you keep all that stuff on. Having covers over the connectors would be a boost to sales too I'm sure. I really think that the only version that needs to be concerned with being small is the nano versions. Making one of these big enough to have all the standards and all the connector options yet still small enough to be a keychain ornament should be fairly easy, relatively speaking.

@smith2074 Год назад

usb to micro usb adapter for smartphone can i use this key on galaxy s20?

@TheSecurityAgency 2 года назад

It would be definitely not thicker because of the one tiny extra chip, the actual job is being done within the firmware. NFC on the other hand needs physical space, and you enlarge the attacking surface, because it's wireless.

@aroncamponovo1262 6 месяцев назад

What happens if the fingerprint reader breaks? Do I loose access to my accounts? Do I have to go back to the backup-key in order to get out of the mess?

@marcoscari7154 2 года назад

All-in-one, definitely!

@buzzcutguy37 Год назад

yes I'd take a thicer key for more versitility and compatability and higher security. Also a very durable key would be great.

@theoneed2051 Год назад

If you're computer/laptop has a fingerprint reader, it may be compatible. I just added 2FA to Github, went back to add a second 2FA and it automatically detected my computer/windows authentication. So I was able to use the fingerprint reader built-in to the laptop.

@Tntdruid 2 года назад

Price is a bit too crazy for me

@miguelhamrol6567 2 года назад

Yes, I would buy it.

@eganzale 2 года назад

Do you know if consumers can use the 5C FIPS series keys? I'm wondering if the regular 5 NFC series differs from the 5 FIPS series other than the added level of security on the FIPS. I ask because I'm wondering if let's say you want to secure your gmail account with the regular 5 series, can you also do it with the 5 FIPS series? Or are most accounts the average user utilizes only compatible with the regular 5 series and not the FIPS series? If I can still use the FIPS series that has government level 3 encryption vs. the regular 5 series, which only has level 1 encryption, than I'd rather just make the investment and pay slightly more for the FIPS version and get added security but I'm not sure if it's ONLY for government use or can regular consumers use it to and for the most part it would still function like the regular 5 series but with the added protection? Thanks for making your content, it's valuable in today's digital world 👍❗

@majid_us 2 года назад

I have a wireless keyboard with a built-in trackball and I sit 15 feet away from my giant screen with my Windows PC located somewhere else. I got a Yubikey with NFC and trying to figure out if I could use the NFC on my cell phone to log-in (instead of using passwords). I would love to use biometric but these things need to be user friendly. I don’t want to get up from my lazy chair and go to the PC to touch the Yubikey (or have a 15-foot long USB cord next to my chair).

@ivandrofly 2 года назад

thank you, good content

@EvilDaveCanada 2 года назад

What would you suggest to add NFC to my PC? I want to use NFC as I'm afraid of breaking the USB connector on the Yubikey as there will always be a bit of flexing of the Yubikey connector (A or C) if the Yubikey is NOT flat on something when touching to 5 series or the BIO series. I don't have TPM without a motherboard upgrade, (Thanks Microsoft!!) BUT, would having a plug-in NFC reader be a security hole if the NFC pad USB communications where to be copied like some of the ATM physical hacks that try to copy both the Bankcard data as well as your PIN. Retired Systems Administrator who firmly believes in Murphy's Law.

@offenblende0078 2 года назад

... please explain the FIPS key also ... Thank you very much!

@DanielDeRudder 6 месяцев назад

Intresting video ! Could it be that using a fingerprint authentication via this version of a Yubikey is making the device itself more vulnerable to mechanical failures? I can clearly see the key wobbling in its USB port the moment you push your finger on it? To me this feels like a weak point or at least something to keep in mind... 🤔

@auroran0 2 года назад

Considering the size of the 5c Nano I don't think an all in one bio version would be much bigger from a regular bio key. That said I'm probably going to be adding bio keys to my existing collection of 4 yubikeys. (2 nanos, 2 5Ci)

@CrosstalkSolutions 2 года назад

Let's hope you're right! I would love a bio-version with the 5 series capabilities.

@ve7jtb 2 года назад

@@CrosstalkSolutions The bio is remarkably small compared to other bio keys, however it would not need to be phisicaly larger to accommodate the additional 5 series features. If you think about it the 5 series supports multiple protocols Fido, PiV smart card, pgp smart card, TOTP, YubiOTP, and static passwords. Some of those have one or more pin codes and some have no authentication at all. Adding biometrics to just Fido is relatively strait forward compared to trying to come up with a good UX where a single set of biometric templates might be used across multiple protocols replacing pins in protocols that normally don't have biometrics. I suspect the delay with supporting the other protocols is UX and protocol updates rather than hardware related. That said as with most companies they are likely to react to customer demand.

@gerlosv 10 месяцев назад

Interesting! I guess one could use it to do secure biometric login on Linux, too, right?

@DanielRios549 Год назад

This process of adding a security key on Github or Microsoft is made with Webauthn, right?

@ikkuranus 2 года назад

I looked at the bio. It's not worth it due to costing more and supporting less than the existing 5 series. Also, if you're self-hosting vault warden it's not fully compatible with webauthn but hopefully that will be fixed soon.

@antoinetteokeefe3749 2 года назад

can you do a review on the onlykey

@Fecos1977 2 года назад

Yes, I'd buy the thicker

@macntech4703 2 года назад

None of the yubikys can do TOTP out of the box, because they have no timer. so you need Yubico Authenticator for Desktop in order to work. but in the end it's correct. ;-)

@estusflask982 Год назад

The Yubikey 5 NFC does support FIDO2. Don't know why you seem to say it doesn't? Are you referring to a Yubikey 5 that came out before the NFC version?

@beauregardslim1914 2 года назад

Clearly there are more versions coming. I wonder if they will be able to do a nano biometric.

@CrosstalkSolutions 2 года назад

To be clear, I don't know if there are more versions coming - that was pure speculation on my part.

@anthonyedwards9240 2 года назад

Yubikey suggests that you have 2 keys 🔑 buy both....albeit an issue if you lose the 5c version which I now have. I am thinking of buying the bio version for accounts like coinbase and financial services 🤔

@CrosstalkSolutions 2 года назад

I wish more banks used FIDO2. Too many of them are just SMS 2FA which is not very secure.

@yannisgk 2 года назад

i have a mac, and probably i'll get the fingerprint reader keyboard!!!

@HiltonT69 2 года назад

Without TOTP, nope. When they make a Bio key that handles this as well, I will upgrade from my current ver 5 key.

@AtlanticPicture 2 года назад

I'd rather have a key that can handle all and wouldn't care if it's a bit larger, although this looks already too big for what it is. Would also prefer a better construction, than a fragile looking bendy plastic one that puts way too much tension on the port (10:14). One that looks like the low profile Kensington VeriMark fp reader. That said I doubt the company's reason to not make one, was the size and not the additional product to sell.

@ysteinstrm4561 2 года назад

Yes I would buy it if it supported both.

@marcrisale 2 года назад

I can't add mine Google Titan to outlook, think it's cuz google have fido and not fido2

@ve7jtb 2 года назад

The Google Titan keys only support the older U2F protocol and won't work at some Fido2 sites like Microsoft that are using the password less mode.

@marcrisale 2 года назад

@@ve7jtb I know but didn't knew it a year ago.

@artomontonen3722 2 года назад

The Safari and Edge browser doesn't always work with keys, so you have to have another browser that works with the security keys and that is a problem. That thing sucks badly.

@ve7jtb 2 года назад

@@artomontonen3722 Edge works OK on windows 10 and 11. Safari mostly works now, and I expect improvements soon based on the Safari technology preview. Firefox on OSX is probably the farthest behind, but they have started working on Webauthn again recently.

@ericmccullar2274 2 года назад

Great idea. Needs to be optical. Tap tap tap gonna break the usb port. Probably pretty quick. Def gonna consider if for an idea for crypto wallets. Size is perfect. Thanks for sharing.

@varek609 Год назад

As i understand you have not used to make phisical activities with your hands. Propose to add at least one small finger. :) It could help if you did anything fat without gloves. :D

@mindsunwound 2 года назад

I'm waiting for a key that does both USB-A and USB-C

@CrosstalkSolutions 2 года назад

You can use a USB-C to USB-A adapter like I show in this video.

@mindsunwound 2 года назад

@@CrosstalkSolutions true, but then that is another thing I have to carry about with me. If they can make USB-C and one obsolete connector (lightning), they can do USB-C and another obsolete connector (USB-A). The whole point is to carry one thing around.

@crazycorg1 2 года назад

Dude same, to solve this I just slapped a piece of velcro on it and attached a adapter to it

@rjdp3 2 года назад

Next TOTP edition

@AlesRozmarin 2 года назад

I would buy twice as thick in a sec and if they would add NFC too would be perfect

@craigw4644 2 года назад

Eighty plus bucks, na, I'll keep my Yubi 5s

@cybersechs1368 Год назад

5:00 Lastpass is total JUNK!! Closed source and notorious for 'breaches'... once a year at least. Real shame the BIO doesn't have NFC... it's a must have for smart phones

@jamesedwards3923 2 года назад

All my Yubico FIDO keys. Even the original blue one. Have PIN codes I have to enter. So biometrics is not the only method. It is is not true that somebody can simply "touch and go." You have to download the software an setup this function. So the user would either have to be ignorant or lazy. Even some of the off brand FIDO keys that I own. Require a PIN or an actual password.

@jamesedwards3923 Год назад

@@TorchCTI Correct.

@MrWombass 2 года назад

Would I buy YES

@cloudbase7799 2 года назад

An all-in-one key...? Hmmm...oh, I know...a smartphone with Google Authenticator, Authy, etc. Sorry, I'd rather put the $80 towards a new phone. How is a standalone/physical key better?

@cloudbase7799 Год назад

@@TorchCTI Oh please with the LastPass breach hype. LastPass customers with strong/unique master passwords and 2fa on their LastPass accounts had little to worry about. Sure, change your master password and preferably all passwords stored in LastPass, but unless a customer was using a weak or duplicate master password, the risk of a brute-forced master password is minimal, even offline.

@AriPalo 2 года назад

Yeah, without TOPT it's useless for me (and the org I work with).

@nicholasfield4272 2 года назад

I'll buy you a beer, but Only if it's with bitcoin.

@burakbas9636 2 года назад

Lastpass is where all passwords are stolen frorm Lastpass is sht

@MikeHunt-rw4gf 2 года назад

Algorithm.

@ymratobor Год назад

DO NOT BUY THIS PRODUCT, unless you know EXACTLY how to use and install it! They offer NO SUPPORT whatsoever. Also, once you spend 50 or 60 bucks on this product, they highly recommend that you spend another 50 or 60 bucks on a spare, unless you want to be locked out of your accounts. This is called bait and switch! This is a very unscrupulous company. Recommend not doing business with them!