I bought a Yubikey now What: Use FIDO2 with a Microsoft Account
Ғылым және технология
In this third part of the serie, I show how to setup the youbikey as FIDO2 device to your Microsoft Account. As you will see the effect is that you can now login into your account simply with your key.
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:45 - Adding key to your Microsoft Account
03:58 - Logging into your account with the Yubikey
06:42 - Use command line utility to manage the key
09:00 - Pay attention to your PIN
11:23 - Conclusion
Пікірлер: 19
closed source transmission of hidden purchase date and product numbers communicated to certain U.S sites the device is used on.
thanks for this series. question: if the service support FIDO2, why you still setup OTP? is not better remove OTP and just leave FIDO2?
@codewrecks
Жыл бұрын
Some services does not support FIDO2, and others does not let you using only keys...
Hello! I understand everything and it seems fabulous to me, but in terms of security, nowadays it is not exactly the same? Since we can choose to log in with passwordless (more secure), but we still have the option of email and password. So for now, is it just for comfort?
@codewrecks
Жыл бұрын
Email and password are not enough, you need second factor with authenticator app. With the key you need only the key.
@F16_viper_pilot
Жыл бұрын
@@codewrecks think the point is that you should be able to disable all other means of login, so that you can only use the token for access. I agree that one should be able to setup the login so that only the token can be used. I’m not looking for extra login options; I’m looking to force security to a higher level.
@codewrecks
10 ай бұрын
You can always setup your microsoft authenticator app and then delete the seed from the app. But I agree, it would be really nice having a method to remove all other two factors and rely only on physical keys.
I'm extremely disappointed. I bought the yubikey just thinking about forcing access through it, but that is not possible so instead of increasing security I just see it as an extra form of access.
@codewrecks
Жыл бұрын
This is the link to configure ms account in passwordless mode support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43
can you get rid of authenticator app and add Yubikey as 2fa instead?
@codewrecks
6 ай бұрын
You can use yubikey as single factor, type pin, touch and you are logged in. You keep authenticator as a backup of you have only one key and you lose it. That is the configuration I'm using
Whats the point of a security key if its an option to login. If a hacker has the password he can still get in even with a key just using the password.
@codewrecks
Жыл бұрын
No, after username and password, you need to have Second Factor of authentication that can be Authenticator APP, SMS, or code sent to another verified email. Thanks to FIDO2 you can access only with the key knowing the PIN.
@F16_viper_pilot
Жыл бұрын
@@codewrecksI think you’re missing the point. People are not looking for an additional way to log in. They want the token mechanism to be the only way to log in. They don’t want the password/authentication app login capability to be available at all.
@wackzingo
9 ай бұрын
@@F16_viper_pilot that's extremely risky because if you lose the key you lose your account. Having said that you should be able to add multiple keys and remove the email/password and authenticator as security options after you have the keys setup.
@F16_viper_pilot
9 ай бұрын
@@wackzingo I wasn’t suggesting to not have a backup token. I keep multiple backup tokens.
Thank but I think this option isn't available any more 1:59
@codewrecks
10 ай бұрын
It is still present, but probably you need first to configure microsoft authenticator or a standard TOTP authenticator before you are able to add your first security key.
'promosm' 😳