Matt Jones Tech
  • Blog
  • Video Projects
  • Web Projects

  • How to Use Yubikey on Linux

    How to Use Yubikey on Linux

    Initial Setup:

    1. Download the YubiKey Manager. This will allow you to modify specific properties of your key, and turn certain features on or off.
    2. Once you’ve installed the manager, you’ll need to make sure that you have U2F mode enabled on your key.
    3. Next, download or create a copy of a special rules file provided by Yubico. It can be found on their Github repository: https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules. Once you have the file, copy it to /etc/udev/rules.d/. If you already have a file in that directory named 70-u2f.rules, make sure that the content looks like the file from the Github repo.
    4. NOTE: If your version of UDEV is lower than 188, you’ll need the old rules file instead. If you’re unsure of your UDEV version, simply run sudo udevadm --version in a terminal.
    5. Save your file, then reboot your system.
    6. Make sure you’re running Google Chrome version 38 or later. You can use your YubiKey in U2F+HID mode starting in Google Chrome version 39.

    Additional Tools:

    Yubico provides a proprietary 2FA authentication tool that enables use of the key with services such as Protonmail. It can be downloaded from their site.

    Another tip:

    If you’re having trouble getting your YubiKey to show up on Linux (I’m running Manjaro), you’ll want to make sure you’re running a service called pcscd. To run it, just open a terminal and run sudo systemctl start pcscd. Keep in mind, that will only start the daemon running. If you reboot your computer and stick your YubiKey in later, it won’t be recognized unless you start the pcscd daemon on boot. You can do this by running sudo systemctl enable pcscd. This will create a symlink to the pcscd.socket file, and it should start the daemon on boot. Once you’ve done that, you’re good to go!

    June 2023 update:

    Running a fresh install of Xubuntu on an Acer Chromebook, I was able to use Yubikey at Google sign-in on Firefox with zero Yubikey-specific package installs, no drivers, and largely out-of-the box. It would seem that none of the work described above is required anymore

    matt

    March 31, 2020
    General Computing, Lifestyle, Linux
    2FA, cybersecurity, lifestyle, linux, security, yubico, yubikey

  • Master Password Management With One Tool

    So if you’re like me, you’ve probably reached the limit of the number of unique passwords that you can 1.) come up with on your own, while still matching all the requirements like total character length, using capitals, using lower case, using special characters, using at least one or two numbers… oh, and it can’t be a password that you’ve used in the past. It’s a lot, but it is a great idea to have unique passwords for every site you need to log into on the interwebz. So how do I master password management?

    The issue:

    The biggest issue is… how do you avoid using the same one or two or three passwords for every single site? I recently took a little inventory of my digital life. Before the inventory, I thought I was doing pretty good. I usually keep 5-7 unique, at least 50-100 bit strong passwords just on the top of my head, and I figure that was better than most who use maybe one or two passwords across all the sites they use, right? Well, comparing the number of unique passwords I kept in my head to the number of unique websites I use on a daily basis, suddenly I wasn’t doing so hot.

    In just a typical week, I use at least 50 different websites that either required a user/password authentication, or were sites that I had already had accounts for. Suddenly my 5-7 unique passwords weren’t so strong. I knew I had recycled a handful of passwords across sites, but I had no idea how bad it was. When I actually took the time to note how many sites I was logging into with the same password, it was very surprising. Proper password management was now essential.

    The sub-issue:

    So how do you solve this problem? Nobody has time or willpower to suddenly become some cryptographic expert and just generate insanely strong passwords every single time you log into a new site, or create a new account. And sure, I could easily just make up a bunch of random numbers, letters, and symbols to get a super strong password, but how on earth can I remember or manage all that random stuff?

    Most people use password management tools like LastPass or Dashlane. A lot of these services have a free version, and most at least offer paid upgrades. But in today’s internet, hardly anything is safe. Companies like this are huge targets for hackers because all it would take is one data breach and you have one of the world’s largest databases of username/password combos on the planet.

    There’s been a lot of talk going around on privacy, especially online, and some tech giants like Facebook and Google are being heavily criticized for their use.. and misuse of other people’s sensitive information. So yeah, we get it, big corporations are evil. But that still leaves us with this whole password management issue. If I can’t remember ten thousand unique and strong passwords, and I can’t store them with a giant, hack-able company, what do I do?

    The solution:

    Enter KeePass. KeePass is one of the best password management tools I’ve ever come across. It’s technically a Windows-native program (.exe), but it can easily be run on any machine using a tool called Mono. I use this tool on my Chromebook (running Gallium OS) every day. What makes this tool awesome is that there is no managed database. There is no company. And best of all, there is no fee.

    KeePass is a completely free tool to manage all your passwords across all sites and even desktop applications and anything else you may need to log into. Unlike LastPass or Dashlane which are designed around managing your online accounts, KeePass manages your login credentials for anything. So instead of being limited to online accounts, you can simply generate insanely strong passwords and customize the number and type of characters used to match any password requirements, and paste them anywhere.

    I use BitBucket to backup code that I’m working on, and before I can push code up to that repository, I need to provide my password… in the terminal. With LastPass, you’d have to log in to your LastPass account, scroll until you find the account you’re looking for, reveal passwords, copy… it’s a lot. And it requires you to be online. What if you need to log into a local network or a piece of software that’s offline? What if you need to unlock an encrypted file? KeePass has you covered.

    Even more features:

    KeePass also has a ‘notes’ section for each entry. This allows you can add required information in addition to your username/email and password. Some accounts, especially banking or loan servicing sites, require things like security questions, additional account PIN numbers that are different from your password, and any other pertinent information associated with your account. The ‘notes’ section is a great tool to keep track of all that extra information.

    KeePass keeps all your login credentials in a single, encrypted database file. And even better, you can back up this file anywhere. Publicly, privately, whatever. You only need one password to unlock your own personal database. And KeePass is so flexible you can run it from a USB stick. Just plug it into the computer you’re using, run KeePass, unlock your database file, and boom. There’s your credentials library. Close it down, eject the drive, and leave no trace that you were ever there.

    matt

    October 7, 2018
    General Computing, Lifestyle
    cybercrime, cybersecurity, hack, hackers, organization, passwords, privacy, security

Prove all things; hold fast that which is good. 1 Thess 5:21