Page tree
Skip to end of metadata
Go to start of metadata

Here's what I do to try to keep my Information and network secure:

  • I use KeePass as my Password manager.  (not in Google Chrome or IExplorer)
    • All my passwords are DIFFERENT for each sites and each account.
    • All my passwords are more than 100 bits and I DON'T know them.  Here's a typical example of passwords generated by KeePass: 'xoQA`e8t>{qeV{-RCR-n'
  • I use a USB Only (from OnlyKey) to login into my Workstations with an VERY long password.  This key acts like a "USB keyboard" that types my password for me.
  • Lock my workstation when I leave the keyboard. EVEN AT HOME NOW!  I have a self locking after 20 minutes of inactivity, but as you know, some applications prevent self locking.
  • All my Linux machines only have SSH enabled with a login with an RSA key only.  NO passwords are allowed over SSH.
  • I don't trust the camera manufacturers, all my cameras are on a different physical ethernet segment with only the monitoring server that has access to the internet.
  • My NAS requires user:pasword to access the shares.
  • My Wifi has a very long password and I do broadcast my SSID!  Security through obscurity is insecure.
  • All devices I have that I can connect with an ethernet cable instead of WiFi, I use the cable.  That includes TVs, game consoles, VoIP phones, cameras.  Chromecast only support Wifi...
  • Use SSL certificate where I can on my web services { Esxi, OwnCloud, Plex, FreeNAS } I found a free SSL provider for personal use, needs to be updated every 3 months. 
  • Use Let's Encrypt for free SSL certificates.  StartCom has been revoked from all major browsers!!! 
  • Let's Encrypt will now allow 'Star' *.domain.com .  Right now I need to specify each computer name on the certificate.  Which is a pain when I add a new service ...


Vulnerabilities:

  • Trojan horse: I can't control what my family install as far as apps on their devices.  We are vulnerable if a piece of software takes control of a user account.  The NAS requires authentication, but if you control a registered account ... you have access to all the files.
  • I don't expire my long passwords in Keepass.  I change them only once every few years.  (But yes I immediately changed my LinkedIn password when they were hacked in 2012+)

I Love my OnlyKey, way better than Yubiko products !

  • PIN on physical key
  • Up to 24 user defined fixed text passwords (compared to a max of 2 with Yubikey)
  • Status LED (Unlocked, failed PIN, ...)
  • registers as HID only on USB bus !!!!  (i.e. it is only a USB keyboard as far as the computer is concerned)
  • Same price as Yubikey, but better


I've STOPPED using Yubikey, especially their latest NEO, it sucks.

  • Uses different java applets that gets loaded when you use the key and makes it slow.
  • install a bunch of Yubico drivers on windows (NOT just a HID)

   Yubikey 4  

Yubikey NEO -  April 2018

I'm disappointed with my NEO compared to my Yubikey 4, especially that it was an extra 10$.  The NFC only does U2F.  I tought that I could do more with the NFC & my Samsung phone, but I don't use it at all as it's of no use to me bsince I could already do U2F with the Google App.  I think I should have bought the OnlyKey: https://onlykey.io/

I'll probably buy it and test it out... But it's another 46 USD pissed in the wind because I don't need it really, I'd buy it for the fun of experimenting with it.  You can even flash new firmaware to it !!! And the firmware it OPEN !!! Hackable !!!, could be really fun.


I have MULTIPLE keyboard issues with this NEO Yubiko key.  the <SHIFT> key is virtually stuck until I press the left shift key.  Sometimes it's the <CTRL> ...  It's really annoying and repeatable on my computers when I use the STATIC PASSWORD.  When I use Hello to unlock my computer then that's OK.


I've NOT been able to extract value out of the NFC with my phone.  All it does is provide a URL with the U2F that keeps on changing.  I'd buy the Yubikey 4 again, NOT the NEO.


Yubico Support experience:  2/5 

from:Martin Politick 
to:Yubico Support <support@yubico.com>
date:Fri, Apr 27, 2018 at 10:14 AM
subject:Re: [#33717] SHIFT key "virtually stuck" until I hit the left SHIFT key on my physical keyboard.
mailed-by:gmail.com


Hi Aaron,

>> are you referring to the CCID mode on your YubiKey? This is required and described here
No, I was NOT asking how to enable CCID, I was telling you that I HAVE enabled CCID already and that was different from my Yubikey 4.  
As described in your product documentation, this feature is disabled by default and I enabled it ...

I'm an optimist, so I was still hoping that you might help me so I was giving you more information on the differences and observations on the different behaviors.
But I've decided that I'm giving up, I feel that if you don't take the time to read and understand what's written, there is very little value in me taking the time to write and document it.

I understand that your job performance is probably evaluated under unrealistic and skewed KPIs and that case resolution volume is probably more important that then quality of service delivered.  So I won't take more of your time.

Thx,
Martin Politick.




On Fri, Apr 27, 2018 at 9:38 AM, Yubico Support <support@yubico.com> wrote:
Hi Politick,
That would be a 'feature' of the NEO and how it has to handle presenting credentials. Since it's based on Java code, it has to disconnect the PIV applet before it can present any others. So when you are triggering for one of the other applets, it has to 'unplug' the PIV applet before 'plugging in' the other one. Hence the disconnect & Connect sounds. 
As for the CCID for Windows Hello, are you referring to the CCID mode on your YubiKey? This is required and described here (https://support.yubico.com/support/solutions/articles/15000006472#enableCCID). If you are talking about something else, could you please explain more as I cannot find any other option tied in with Windows Hello.

Best Regards,
Aaron
Yubico Support
On Thu, Apr 26 at 5:22 PM , Politick  wrote:
Hello Aaron,
I'm not frustrated, just explaining my point of view.  
I just want resolution; for your product to work as it did before.
Maybe another source of the difference in the behavior is that I've enabled CCID for Windows Hello.
Now that I have my headphones ON, I hear windows play the hardware disconnect & connect sound (in that order) each time I do the long press to get the key to type-in the static password configured in slot 2.
Maybe this has something to do with it ??? Then again maybe not.
Kind Regards,
Martin Politick.
On Thu, Apr 26, 2018 at 3:46 PM, Yubico Support <support@yubico.com> wrote:
Hi Politick,
I understand the frustration you are having and why you would believe our QA team could test the device. The problem is that we are NOT able to duplicate your issue, thus we need you to do troubleshooting in your environment to try to determine what is causing the non-standard behavior.
The <SHIFT>1, <SHIFT>2, etc characters are 2 key characters, sometimes, especially if the YubiKey is entering characters quickly and the special character is at the end, can potentially cause the computer to not have the SHIFT key released as the YubiKey does not 'release' the shift. This is a known possibility, but is rare and so only testable in environments it occurs in.
I agree, the NEO should be working without issue, it's not so much the password that I am concerned about here. I am thinking in the direction that the Yubikey is not sending a 'shift' release command. This might also be part of why the CTRL key is being affected on your laptop.
Best Regards,
Aaron
Yubico Support
On Thu, Apr 26 at 1:55 PM , Politick  wrote:
Hello Aaron,
>> You might try placing the enter back in to see if that resolves the shift/CTRL issue
Sure I might, but at our company, we have "Quality Assurance" people to test what our customers are claiming
and we like it when they are very descriptive, that's why I was so overly descriptive.  
With that I was hoping that your QA may want to investigate if that's a possible cause, but it just might not.
I did not expect that you'd ask me (the paying customer) to test your product.  Yes I could, but I don't have the time at the moment.

>> Also, if you have special characters !@#$%^&*() then that may be part of the issue.
Those are not special characters, they are the expected result to <SHIFT>1,   <SHIFT>2,  <SHIFT>3,  <SHIFT>4,  ...  <SHIFT>9 and <SHIFT>0 
I was trying to support my claim that it was behaving like the <SHIFT> key was "stuck", unlike the behavior you'd get if the <CAPSLOCK> would be pressed.

>> You may consider programming a test static password without them to see if that still duplicates the issue.
I'm just expecting that my more expensive 50 USD Neo key would be just as safe as my older Yubikey 4 that I paid 40USD for.
Actually that's the only reason that I use your product, it's so I can use a very long and difficult password to crack.
If I can only put simple passwords in your product, then I might as well as keep them in my head and not use your product because it adds no benefit at that point.
>> If we can get more information on your NEO such as the version and whatnot that might help with troubleshooting to make sure we're using a similar version of NEO with troubleshooting if it comes to that.
Firmware Version:  3.5.0
S/N: 7322239


>>  If you can get us a screenshot of the right side of the Personalization Tool with your NEO plugged in that should give us the necessary information. 
As requested, here's the screen capture.



On Thu, Apr 26, 2018 at 12:32 PM, Yubico Support <support@yubico.com> wrote:
Hi Politick,
Thank you for contacting Yubico Support. You might try placing the enter back in to see if that resolves the shift/CTRL issue. It would be a bit unusual for that to happen but we have known stranger things to happen. Also, if you have special characters !@#$%^&*() then that may be part of the issue. You may consider programming a test static password without them to see if that still duplicates the issue.
If we can get more information on your NEO such as the version and whatnot that might help with troubleshooting to make sure we're using a similar version of NEO with troubleshooting if it comes to that. If you can get us a screenshot of the right side of the Personalization Tool with your NEO plugged in that should give us the necessary information. 

Best Regards,
Aaron
Yubico Support


-- 
    Martin Politick
  • No labels
Write a comment…