Passwords made physical.
If you, like all of us, essentially live your lives on the net, you'll know that your many passwords are very important. However, it seems that everyday there is news of big internet companies having their customers' passwords and data stolen, so how do you protect your accounts regardless of what happens online? Easy, you turn your passwords into a physical key that no hackers can ever reach. We check out the Yubico Yubikey 4 & Nano.
What are these things? Well, the Yubico Yubikey 4 & Nano are two very small USB keys (with the Nano being only the size of a USB connector head) which can be carried around to plug into your laptop whenever you sign into a particular service. The website into which you are attempting to get access will recognise your Yibikey and, after you simply tap it, will allow you to sign in. So basically this is like carrying around a physical key for unlocking your life on the web.
There are a lot of technical details involved with the operation and running of the Yubico Yubikey 4 & Nano, so we're going to keep it as simple as possible. First of all, the Yubico Yubikey 4 and the Yubico Yubikey Nano are essentially the exact same product, but the Nano is designed to remain in the USB port permanently. It can be used on your main laptop or computer, so there is no need to physically plug it in each and every time you log into a service. You merely have to gently touch the exposed capacitive section that sticks out from the port.
The bigger Yubikey 4 has been designed with keychains in mind, so you have all that encryption power wherever you go. If you're using a different computer, possibly even in an unsecure, shared place, you can therefore whack it in to the port when you need to sign in to your emails, Google account, or even your standard password managment application. Again, you simply have to touch the capacitive button on the unit itself. This in't a fingerprint scanner or anything like a biometric reader – just something to prove that you're a real human using the device.
To test them both, the first thing we set them up with was our Google account – the place where The Test Pit is hosted. As the software used by Yubico was created in conjunction with Google, adding a Yubikey to your account is super easy – in fact it gives you the option of adding a physical key in the two-stage authentication part of your Google account, with a representation of a Yubikey used to demonstrate. So, now whenever we login in to the account, we either have to tap the Yubikey Nano that is plugged in to the main computer, or insert the Yubikey 4 and tap the button. Wham... we're in.
Why is this a great idea? Well, passwords (and passphrases) are never going to be completely foolproof because they exist in the digital realm where ne'er-do-wells can pinch them to access your accounts and do naughty things. With the Yubico Yubikey 4 & Nano, even if your password is hacked, the hackers will never be able to use it to get your data, as your accounts will still require the physical authentication from the Yubikey.
And if you lose it/them? Fortunately all your Yubikey pairings with different online services can be reset, but it is still something to consider. The Nano should be fine as long as it is fully plugged into the USB port (and therefore act like a backup option, anyway), whereas the Yubikey 4 dangling on your keychain could pose an issue. Still, we really can't think of any other place to store it while travelling around, and if you're really concerned, you should invest in something like a Chipolo to track your keys in case they go missing.
We never thought we'd have to say this phrase, but... “in this day and age” it seems as if relying on the tech companies to protect your passwords for you is a mistake. Physical, personal devices like the Yubico Yubikey 4 & Nano seem to be way the way to go, at least for now.
Yubikey 4 $40
Yubikey 4 Nano $50