Yubico Cyber security review
Why the review?
This has to be one of the most responsible posts we have felt compelled to write but we are still going to try and ‘Caveman’ it. We cannot let Ugg have anything to do with this review, otherwise we will need to wait a few more days to test it and only after the dongle being given a really good clean.
We never knew these things existed and now that we do, we feel it is our responsibility to spread the word. Where to start, how about a brief history lesson? Many years ago, someone thought it was wise to put locks on our front doors, to stop unwanted visitors helping themselves to the food in our homes.
The more often that things got removed without our consent, new locks, levers and bolts were added. As people became more concerned about undesirable callers, security started to improve. Today no one would leave a building without turning a key, entering a code or padlocking it. Regardless of how it feels, items such as computers, TV’s or jewellery can be replaced, it is only the sentimental part attached to these things that cannot.
But what happens when things are no longer physical but are just as tangible and as easy to steal? What about the things that once stolen, can never be replaced regardless of cost or effort? What if someone was to take your name, your date of birth or even more sensitive and personal details? These things can never be replaced.
Once stolen these details can be used over and over again, forever. Once stolen, each day becomes a worry, will a new debt be made, account created or any of these details used to obtain even more sensitive data? It is not until we experience the pain of this type of theft, that we start to worry about trying to protect ourselves. An old saying comes to mind something about a Horse and a stable door?
We all like to think that we are computer literate and security conscious or that it will never happen to us. However, as we read through emails it is beginning to get harder to recognise genuine emails from the fake. The cyber criminal is looking for the weakest link in the chain. That link is not the hardware or the software or the anti-virus, they are now targeting the operator.
How can anyone protect their personal content and passwords when it is ‘us’ the user that needs saving from ourselves? We click links, download attachments and in doing this we give access to these despicable individuals.
As the world is getting smaller and connecting to it gets easier there is little we can do, unless we stop ourselves from connecting to all internet activity. Just like our homes, we keep adding security, upgrading anti-virus but when that security is all part of the machine and easily accessible to those that want to grab our details what can you do?
I have seen people use detachable hard drives, that they then have to handle separately, plugging them in when they are needed, willing to put up with bulky, cumbersome delicate lumps. Some people upload their entire digital lives into the cloud. Again how sure are we that it is not getting routed through a third party, or the cloud itself is not being hacked. We read about large companies and organisations being attacked almost everyday in the news.
We can spend hours going on courses, learning the latest scam and wasting money and time on trying to stay on step ahead and never actually getting any work done.
Yubi-what? That was our reaction, then we started to explore this new fangled thing. The more we read, the more we liked the idea. We do not want to get things wrong telling you about the ultra-sonic trans-multi functions so we’d best stop making things up and let the experts tell you about how it all works and what it does. Check out their website for all the full details – https://www.yubico.com/.
If you want a quick overview we will do our best to explain. These things are like keys, they are pre-coded and plug into your computer via a USB socket (the one that looks like a ducks bill). When you need to sign into an account you enter your passwords as normal then with the Yubico stick plugged in the USB port, you have to physically touch the gold button and the second line of security is passed and access is granted.
We had to order some of these keys and take a really good look at how they worked and if they were worth a small investment. Ordering could not have been more simple – their on-line shop https://www.yubico.com/store/ is simple and easy. Or check them our on Amazon and read the review – Yubikey 4 – http://amzn.to/2evid6b and the nano – http://amzn.to/2eA7oDs.
We had a Yubikey 4 and a Yubikkey 4 nano sent to us, arriving through the post fairly quickly considering that it was sent from Sweden, we were hoping they might have added some chocolate but we guess there was no room in the envelope. The envelope was quickly opened and we were able to see first hand what these things were about.
Our plan was to have 2 keys, one left in the laptop and the other as a backup, to take away on business and other trips where we can plug it into other computers. Both our keys looked the part and it felt like we had just added something secure to our online content. We had to explore how these things worked and were surprised to find that many companies such as Google, Facebook and Dropbox were already well ahead of us.
These companies have already integrated the use of coded keys and the set up is easier than we ever thought. If we are honest, we knew that these keys would take a little bit of getting used to. It does feel different to all the other times we had logged in but the only time that it really felt odd was the very first time we used our key.
Ease of use.
The keys already came coded, there is nothing more to do than to put them into a USB socket. Our laptop automatically searched and installed the software we needed and we were good to go. We then had to log into an account and align our coded key to that account, sounds difficult but it really isn’t.
This was where we worried about how hard it was to do and for a second we considered feeding it to Ugg. However there was a video that we watched on the Yubico website that put us at ease – https://www.yubico.com/videos/. It walked us through how to set up each account. Our first attempt to code a key was to with our Dropbox account and it took us only a minute to do. Once our key was logged with the account credentials, that was it, nothing more to do than plug it in and out when it was needed and pushing the gold ‘y’ or the gold tab on the end of the nano.
We tested logging into our Dropbox account over and again. Logged in and out of it loads of times with no problems. Pushing the gold buttons each time was needed to verify the security dongle. Both keys were tested and we were impressed. We even pretended to have lost the keys and it allowed us to resort to the logging in by using the code sent to our mobile phone. We went on to try it out on other laptops and it worked a treat, allowing us to log into our account with the key.
We thought about the use and realised that if the laptop did have a virus or was being monitored they would only know our typed password and not have the physical key. We also pondered the fact that we had to touch the security key to make it work, so those that try to bypass its function would need to be in the room to touch it and without us knowing.
The more we played with it and the more we tested, the more we were certain that if we wanted to feel more secure about our online security this was the way to do it.
These keys are really easy to use and we realised that it was all in our heads, as to why we thought these things would be difficult to use.
Being safe on line is the only way to keep personal details away from fraudsters. Making sure that emails are from the bank, keeping up to date with latest scams, not clicking on ‘click-bait’ not sharing viruses and keeping all passwords safe… There is a lot to do to stay safe and without help it is only a matter of time that we are going to get caught out at some point.
Since we have started to use these Yubico security keys, we have felt more confident on line, our accounts and details are a lot safer and less vulnerable. We genuinely love these things and do not understand why anyone would chance going on line without a Yubikey.
The scope of these physical security keys is massive, all banks should issue them for secure logging into accounts and moving money around on line. Every laptop should be sold with one and the key should be seen like a car key, no key no access and no surfing.
Yubico is certainly on to something very big with these keys. They have a great product and a brilliant security feature that is only going to upset Prince Aleen from South Africa, who has a ton of gold he wants to share with us, providing we reply to his email with our bank details…