I bought a Yubikey now what?: Entering wrong FIDO2 pin too many times

Рет қаралды 10,477

Күн бұрын

In this video, we explore the consequences of entering an incorrect FIDO2 PIN on a YubiKey multiple times.
Watch as I test the device's security features, showcase the process of locking and unlocking the YubiKey, and provide helpful tips on how to handle and recover from such situations. Don't miss this informative demonstration that highlights the importance of maintaining your YubiKey's security while ensuring easy access to your accounts.
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:36 - First built in security measure - reinsert the key
02:45 - Second built in security measuer - unlock with a code
04:14 - Too many tentative, FIDO2 is locked
05:00 - OATH part is still operational
06:20 - Resetting the pin
08:20 - Readding the key and the importance of recovery methods

Пікірлер: 45

@sevenelven Жыл бұрын

Very underrated video and is the only one out there that talks about real life usage of yubikey! No sponsorship or verbal diarrhea bs, keep it up!

@runoyeru 17 күн бұрын

My friend you saved my.....great video

@baby333 4 ай бұрын

You have the best Yubikey videos ever please keep making them! watching all of them one by one

@Tux.Penguin 5 ай бұрын

This is great information. I also notice one difference: most other youtubers who talk about YubiKeys recommend two keys - a primary and a backup. You are the first I've seen recommend more than one extra key. This is very helpful. The same as with data backups, keeping two extra copies is much safer. Maybe I will never need that third YubiKey, and it certainly cost extra money to buy 3 rather than only 2. But if two bad situations cause me to lose 2 keys before i can buy and setup a new one, at least I will still have that third key and won't be locked out.

@kenlau4649 Ай бұрын

Great content, real life use case.

@David-sk3px Жыл бұрын

Great video! I performed successfully a reset through the app after forgetting about my PIN. Thanks to you!

@Platinum_XYZ Жыл бұрын

thanks for sharing what happens! you've picked a good topic. this is something very important.

@Jon_Oates Жыл бұрын

Thank you. That clears up some confusion I had about the separation of FIDO2 and authenticator seeds on the device. I’m still trying to understand all the different PIN codes needed at the various login stages.

@KodakYarr 3 ай бұрын

The challenge phrase A1B2C3 is not to verify that you are really infront of the computer. It is to make sure that you are actually entering the code you think you are. For example if you have the wrong keyboard layout without realizing.

@codewrecks 2 ай бұрын

Thanks, I really got it wrong in the video.

@danhorsfall6818 Жыл бұрын

Thanks Gian! Very useful helping someone with what looks like a Microsoft PIN issue, as the error doesn't tell you / suggest / hint in the slightest that its the Yubikey pin thats blocked!

@user-bt3be8pk3m Жыл бұрын

Thank You! This was a very useful video as I was unaware of the YubiKey Manager!

@AV8R767 Ай бұрын

This is why you need two keys. You also need the account reset codes for your accounts so you can access.

@codewrecks Ай бұрын

Having the ability to reset the account is always a good thing, but you need to keep those codes really secure. Actually i have 4 keys registered for all of my important accounts, one key is in a safe place in the house. :)

@MegaDeano1963 4 ай бұрын

Very informative thankyou .

@mikemccartneyable Жыл бұрын

I have many YubiKeys and to be honest I think they are more of a headache than a help. The basic keys that are not programmable are fine. However the programmable keys with multiple functions and yet only 2 slots are very risky in terms of locking yourself out of accounts especially if you are new and exploring the device. It's weird that the programmable key has 6 separate functions yet only two slots. Also there is something very flawed about not being able to generate the private keys yourself ... so we just have to trust YubiKey deletes the private keys after they have been burned on the device and don't keep a backdoor listing for NSA? ...yeah right, what's the point of having these if you are required to trust YubiKey ...the entire math of cryptography is bypassed

@tatemo_labs Жыл бұрын

Awesome video! clear.

@private404 Жыл бұрын

great example

@KnightGusion Жыл бұрын

ty bro u are the best

@isanet6640 Жыл бұрын

I have this message. Thanks for your video. I thought i would have to buy a new key.

@codewrecks Жыл бұрын

If you entered wrong pin too many times you can simply reset the key as showed in the video, no need to buy a new key.

@isanet6640 Жыл бұрын

@@codewrecks Thanks a lot👍😉

@guyjackson2362 Жыл бұрын

Thanks for the great videos regarding Yubikey. I had a question regarding FIDO2. Does it come with a default password (PIN?), if not can the key still be used without one?

@codewrecks Жыл бұрын

Yes it has a default pin, usually if you do not change default one, the first software that configures the first FIDO2 identity usually suggest you to change the default.

@Gengingen 4 ай бұрын

Ideally when you set passkey you should delete all other ways of login because that is a “shared-secret” security hole that you are trying to avoid using passkeys. Else what is the point of using passkeys if you are opening a weaker access method anyway? Using multiple passkeys should help.

@codewrecks 4 ай бұрын

That is the reason why you need at least two keys so you can remove passwords and be sure you will not be locked out

@marcrisale 8 ай бұрын

Hi, I have a question, does the option to log in just with the security key also works with the cheap one for arround 25 bucks or you need to buy the one with OTP arround 50 bucks? Thanks iin advance!

@codewrecks 8 ай бұрын

It should work according to the documentation. I always took the most expensive one because I use a lot yubico authenticator app too www.yubico.com/it/product/security-key-series/security-key-nfc-by-yubico-black/

@Damariobros 6 ай бұрын

Question, can you demonstrate recovering a Microsoft Account with a Recovery Key? I'm curious to know some of the situations where you are asked for it, and what happens when you enter it.

@codewrecks 6 ай бұрын

Actually the easier way is to configure Microsoft authenticator in case your keys are all lost.

@Damariobros 6 ай бұрын

@@codewrecks I have about 4 or 5 different authentication methods, including both the MIcrosoft Authenticator AND Authy, SMS, email, etc., plus the Authenticators are installed and synced between multiple devices. I am completely set and won't get locked out. I'm just asking out of curiosity because nobody ever demonstrates using the Recovery Key, it's literally not a thing you can find on the internet.

@codewrecks 6 ай бұрын

@@Damariobros If you means recovery codes, they are codes that can be used only once instead of the 2FA, so you can enter on your account and setup another 2FA (in the situation you lost all of your 2FA other methods).

@Damariobros 6 ай бұрын

@@codewrecks I know what recovery codes are and I store them properly. I know that they simply log you in in place of 2FA. But big tech has different recovery processes than most websites and I'm curious to know what that process is for Microsoft, when you have previously generated your 25 character Recovery Key. Does it just simply log you in or do they make you do something after using it? And, do they only let you enter it logging in, or are there other times you can enter it, maybe such as when trying to access your security settings and they ask you to verify yourself?

@Kenleaty 4 ай бұрын

Is 2 keys OK, or is 3. What is best number of keys to have? Thanks.

@codewrecks 4 ай бұрын

IMHO: 2 is minimum number that I'd like to have. 3 is better, but you can easily live with 2.

@garydunken7934 4 ай бұрын

You entered 4 incorrect pins twice, so a total of 8 time. Not 3 incorrect pins each time.

@codewrecks 4 ай бұрын

My bad, it is indeed 8 tentatives, with a different warning approaching 8

@kimcrismon9882 10 ай бұрын

I think these are garbage. Both of the keys I received say failure to connect. I can not even set them up in the Yubikey manager.

@codewrecks 10 ай бұрын

Send back for replacement if they are defective. It is really strange to have 2 of them not working, have you tried on different machines/phones?

@kimcrismon9882 10 ай бұрын

@codewrecks Yes, 2 different computers. One a desktop and the other is a laptop. The nano came apart taking it out of the port. It was the 3rd key. The refunded that one.

@GianMariaRicci 10 ай бұрын

@@kimcrismon9882 so sorry to hear that, I have 5 keys and have friends uses them and never had problem. 😔

@codewrecks 10 ай бұрын

@@kimcrismon9882 So sorry to hear that, it seems that you somewhat found a faulted batch :(.

@kimcrismon9882 10 ай бұрын

@@codewrecks There customer service has been very good! Your video is very good. It is the only one I could find that explains all of this. Thank you for your content.