• A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!

Anyone using Yubikey for 2FA?

billymach4

billymach4

TUG Member
Joined
Oct 20, 2006
Messages
4,498
Reaction score
1,964
Location
Everywhere
SMS is getting tired and old. Hackers have been intercepting sms texts via sim card hijacking.

How SIM Card Hijacking Works - Cipher

Your cell phone is the key to two-factor authentication in many instances. This fact has led hackers to focus on taking over phones in order gain access.
cipher.com
 
I never used a Yubikey.
I use Google Authenticator (work) and Microsoft Authenticator (personal) applications since 2 years when I stopped using SMS as 2FA because of the SIM card hijacking possibility.
 
Another vote for Google authenticator, its used by my retirement system, wish I could switch banking to use it.


Sent from my iPad using Tapatalk Pro
 
Do these other 2FA systems require the website or company to support them in order to work? SMS seems to be more universally accepted.
 
dioxide45 said:
Do these other 2FA systems require the website or company to support them in order to work? SMS seems to be more universally accepted.
Click to expand...

Sites which accept use of an authenticator are typically agnostic in regards to which software you use. Google, Microsoft, Authy, Duo, etc… I started using Duo many years ago on my servers for direct approvals so use it daily, but I also have the others. I find software solutions like these much more convenient than any hardware based solution like Yubikey.

SMS is the default because it’s difficult to require a MFA app.


Sent from my iPad using Tapatalk
 
I have a Yubikey but only use it for limited applications. It's not as widely accepted. I'm using Microsoft Authenticator mainly now with Google being a close second.

The other disadvantage that SMS has for 2FA is that it isn't always available when traveling in another country whereas authentication apps or Yubikey can run anywhere you have an internet connection.
 
jabberwocky said:
The other disadvantage that SMS has for 2FA is that it isn't always available when traveling in another country whereas authentication apps or Yubikey can run anywhere you have an internet connection.
Click to expand...

FYI, I use my business VoIP or Google Voice phone numbers for many sites because of this issue. With either, I get an alert on their app and an email with the text verification. Works great.
 
dioxide45 said:
Do these other 2FA systems require the website or company to support them in order to work? SMS seems to be more universally accepted.
Click to expand...
Where possible and applicable I am converting to Yubikey . SMS is flawed in that hackers can hijack the SIM card. Yubikey once set up is actually very seamless and and faster than fumbling around and waiting for SMS texts and the ever growing demand for Google Authencator and Authy requests.

Although I don't think I can ever get totally off of SMS, or software authentication.
 
Order of strength

Good sms
Better software Authentication
Best hardware Security Key
 
dioxide45 said:
Do these other 2FA systems require the website or company to support them in order to work? SMS seems to be more universally accepted.
Click to expand...
Yes the site has to be compatible with a hardware security key such as Yubikey.

Google
FACEBOOK
YAHOO

Have the functionality.
 
dioxide45 said:
Do these other 2FA systems require the website or company to support them in order to work? SMS seems to be more universally accepted.
Click to expand...
You can check this website https://2fa.directory/ to see which websites support SMS, email, HW token (yubikey, ...), SW token (authenticators apps) as 2FA.
Many websites don't support SMS as 2FA like the majority of VPN providers.

I don't know if TUG supports SMS as 2FA but I know it supports SW authenticator apps because I use Microsoft Authenticator as 2FA for my TUG account.
 
You must log in or register to reply here.
Top