Posts from personal security

Yubikey Authenticator

I got a new Pixel 7 last week and have started the tedious process of moving over to a new phone.

One of the more painful chores in moving from one phone to another is moving the Google Authenticator app and all of the two factor codes to the new phone.

My partner Nick told me about Yubikey Authenticator and I converted to it while moving phones since I was going to have to get all new codes anyway.

If you use a Yubikey for anything else, switching to Yubikey Authenticator is a breeze.

You download the Yubikey Authenticator app onto your phone, insert your Yubikey and start scanning QR codes (just like Google Authenticator).

Then any time you need a code, you simply insert your Yubikey into your phone and your codes appear in the app.

You can also put the Yubikey Authenticator app on a laptop or a desktop and get the codes that way which is a great backup solution in case you misplace or lose your phone.

And, when it is time to switch phones, you simply put the Yubikey Authenticator app on your new phone and insert the Yubikey and your codes are there.

Even with all of this goodness, I still keep physical copies of my backup codes in a safe. I am also considering setting up a second Yubikey for the two factor codes I use the most just in case I lose my main one.

When it comes to two factor codes, I think you have to have a plan B and a plan C.

If you use a Yubikey already, consider using the Yubikey Authenticator for your two factor codes.

#life lessons#personal security

Your Data Is My Data

This piece in Recode explains that Cambridge Analytica built an app that 270,000 people used to amass profiles on 50 million people.

That’s not very surprising because we are talking about networks here.

This is a network graph that my colleague Jacqueline made of my twitter network a few years ago:

In our online life, we are connected to a huge number of people.

If I get access to your email inbox, I am going to see emails with thousands of people.

Which is what makes this privacy/data sovereignty stuff so important.

When your data is taken without your knowledge/permission, it is not just your data that is taken.

It is the data of thousands of other people, often the people closest to you.

That sucks.

This is one of the many reasons I am hopeful about an Internet 3.0, a decentralized system with data security and integrity at its core.

#blockchain#crypto#Current Affairs#personal security

Yubikeys

I saw my friend Chris tweet this question yesterday and had to respond:

Nick helped me get Yubikeys set up on all of the services I use that support them in the past few weeks. If I had a new year’s resolution, which I don’t, it would have been to start to use Yubikeys.

So what are Yubikeys?

They are a brand of “security keys” that are supported in the two factor authentication offerings at Google and many other Internet services.

They look like this:

You can buy Yubikeys here.

The idea is you keep one with you and one in a safe place in your office or home or a bank safe deposit box.

If you lose your phone, you have a Yubikey to get you back into the service.

But I don’t only use Yubikeys as “backup codes”, which I also keep stored safely.

I have started using my Yubikeys instead of a Google Authenticator code. It can be easier if you have the Yubikey handy.

But whatever you do, don’t use SMS for two-factor codes.

I was hacked this summer and the attacker tried (unsuccessfully thankfully) to port my phone number.

My partner Albert recently experienced a similar attack. He wrote about it here.

So here is the best practice as I see it:

  1. Always use two-factor authentication if it is offered. And it is almost always offered on popular services.
  2. Don’t use text messaging to deliver two-factor codes. It is not safe. You can have your number ported way too easily.
  3. Use Google Authenticator to deliver two-factor codes onto your phone.
  4. Use a Yubikey as a backup in case your phone is lost, stolen, or dropped in a swimming pool or toilet.
  5. Print out the backup codes to the two-factor services and put them in a safe place.

Personal data security is a big deal. Trust me on this. Don’t let yourself get hacked to understand why.

And Yubikeys are a nice addition to the personal security mix. I like them a lot.

#personal security