<div dir="ltr">>* seems pretty fragile, not nearly as robust as your a cheap thumb
drive. I'm dubious it would last > on my keychain for a year or two.<br clear="all"><br>re: fragility of the keys, I can say that I've had a "standard" model yubikey on my not-insubstantial keyring (a multi-carabiner system on a belt loop) since 2010 and it has survived a beating, very little worse for wear. I've had a "neo" model on there for the past year as well, and it's in fine shape. They are nothing if not durable.<br><div><br></div><div>I'm hoping that the firefox gang will integrate support for u2f soon, but the bugzilla thread about (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1065729">https://bugzilla.mozilla.org/show_bug.cgi?id=1065729</a>) is a little depressing and bad; although in the past week it's started to pick up a bit and there's now apparently a modest bounty (<a href="https://www.bountysource.com/issues/10401143-implement-the-fido-alliance-u2f-javascript-api">https://www.bountysource.com/issues/10401143-implement-the-fido-alliance-u2f-javascript-api</a>) of around $900 on the issue available for the taking, which is pretty cool. <br></div><div><br></div><div>I'll second that the documentation availability isn't that great. I like the idea of the product generally, though, so I'm also kinda hoping that this github deal will get more people interested and lead to a bit wider support and better docs. <br><br>Mostly I use mine with a password manager with a one-time-password (OTP) setup (which is a bit different than U2F - and why yubico is creating U2F to compete with itself it a little beyond me) It also seems silly that I can't use it as a 2nd factor for all the various services that offer 2nd factor via text messages, authenticator apps, keychain dongles and whatever else, but maybe someday soon. <br></div><div><br clear="all"><div class="gmail_extra"><div><div class="gmail_signature">--<br></div><div class="gmail_signature">Timothy D.<br></div><div class="gmail_signature">(aidian/#davismakerspace)<br></div></div>
<br><div class="gmail_quote">On Mon, Oct 26, 2015 at 6:44 PM, Bill Broadley <span dir="ltr"><<a href="mailto:bill@broadley.org" target="_blank">bill@broadley.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I bought two of the $5.00 github u2f keys. I'm a fan of 2 factor authentications and have used ibuttons, duo mobile, and google authenticator for a few different purposes.<div><br></div><div>My complaints about the yubi key are:</div><div>* Poor documentation, getting it to work with ubuntu 14.04 required a udev rule that I ended up finding in some forum post.</div><div>* Isn't the full square USB connector, it just uses the half thickness version that can be inserted either way. So you have a 50% chance of having it working once it's fully inserted</div><div>* keyring hole is tiny, doesn't fit on my keychain ring</div><div>* seems backwards for the 3 computers I've tried, the button and light aren't visible on the 3 computers I tried them on.</div><div>* only works with google chrome (so far) and few sites (github and google mostly).</div><div>* seems pretty fragile, not nearly as robust as your a cheap thumb drive. I'm dubious it would last on my keychain for a year or two.</div><div>* Seems illadvised to hang a keychain from a 1" long lever from a USB port. If they want to encourage that kind of use they should include a detatachable tether or something.</div><div><br></div><div>So I was hoping for better, if you use a laptop with a free usb port the shorter version looks pretty nice. Not sure why they didn't make it work both ways if you can insert it both ways. Maybe the $5 special was to clear them out before they switch to the reversible USB-C version.</div><div><br></div></div><br>
<br></blockquote></div><br></div></div></div>