Manufacturer: Yubico | Model: Standard | Origin: Stockholm, Sweden | Website: www.yubico.com | Price: $25 + VAT & P&P

Simplicity Value Documentation
4/5 5/5 5/5
Functionality Performance Overall
5/5 5/5 96%

The Good
Fast, reliable and simple to use. Waterproof, crushproof and no battery to run out.

The Bad
Initial setup may be difficult for novice users, depending on the function. There are only two storage slots at present. If lost or stolen some features cannot be remotely turned off – don’t rely on it solely for authentication.

Conclusion
A cracking RSA style replacement, which is easier, quicker and more affordable to use. No massive server licence to buy or setup. From $25 + VAT per token it is far more affordable than most others and generally works out of the box, without a management console. It is truly a one stop shop since one device could potentially secure Wi-Fi, VPN and be used to login to Windows. Perfect even for the typical home consumer who wants to secure a password store.
Vendor Statement
Yubico's mission is to make strong two-factor authentication easy and affordable for everyone. The company’s flagship product, the YubiKey®, uniquely combines driver-less USB and NFC hardware with open source software. Millions of users in 100 countries rely on YubiKey strong two-factor authentication for securing access to computers, mobile devices, networks and online services. Customers range from individual Internet users to e-governments and Fortune 100 companies. Founded in 2007, Yubico is privately held with offices in California, Sweden and UK.

What Does This Solve?
Passwords for years have been used as primary authentication. End users have to remember dozens of passwords and they are often weak or re-used. Two-Factor authentication adds a second (physical element), which makes password cracking next to impossible.

What Can YubiKey Do?
Generate OTP (one time passwords), challenge response, or store a kickass static password of up to 64 characters. Authentication for: SSO, Windows, full disc encryption, VPN, password stores, websites and more.
Static Password Mode
The following practical demo shows you how to use Static Password Mode. This saves you remembering an impossible to remember password or writing it down. Since it’s stored on hardware it can’t be hacked or key logged easily. Warning: don’t store the entire password on the Yubikey since if you lose it then whoever finds it gets your password. An example would look like: word:3eCuTecacRubreD. First four characters or more are stored in the brain and the rest on the Yubikey. Thus if lost or stolen only 75% of your password is leaked.


Firstly generate a kickass password. 38 characters and using lower case alphabet, upper case alphabet, numbers and special characters.


Scan mode permits you to enter your own password up to 38 characters.


Pick a configuration slot. Paste the password in the Password box and hit Write Configuration. All done.


Now open up a Notepad window and hold down the button for two seconds or so. It will paste the password, followed by Enter, which adds a line since it is not an input field.
One Time Password (OTP) Mode
One Time Passwords have been around for years and the most famous is RSA SecurID. OTP’s are mainly delivered through text message, phone call, mobile software token or hardware (RSA, Yubikey or others). An OTP as the name suggests is only generated once and cannot be re-used. Though they look random there is a pattern, which uses a secret key to match the code. With Yubikey you only need press the button and the code is transmitted straight away. Hardware tokens like Yubikey are probably the most secure since they are independent and cannot be intercepted (think SMS or phone call).


Quick is used when the third party application is using the YubiCloud. YubiCloud is a free-hosted service and you need to upload the key before using it. Advanced is used when the third party has their own validation service. This demo is using Advanced.


Select slot two and click generate three times over. Hit Write Configuration. All done. You will need to make a note of the three fields and the serial number.


Three examples codes: Random, they may look like there is a pattern and each chunk means something.
Password Safe: Two-Factor Authentication
Password Safe is a stand-alone free open source password manager for Windows. Typical a password is required for access and encryption. Passwords can be cracked, guessed or key logged. Yubikey locks it down and requires the Yubikey for login always. Password Safe works using Challenge-Response mode. Windows login can also use this mode. Challenge-Response sends a code to the Yubikey and it presents a response back, connected to a shared secret key.


Before you start you will need to download and install the latest version of YubiKey Password Safe. When you open the programme for the first time it will ask you to create a new safe. Enter your password twice and click the green button. Then you will get a number of seconds, the click the button on the Yubikey. That’s it ridiculously simple and it does the work for you, assuming a slot is spare. Click OK.


Select somewhere safe to store the data file. Back it up also!


When you login, enter the password and click the green button, followed by a press of the Yubikey. That’s it and you can backup the config. in case you lose the Yubikey.