[dms-discuss] $5 Yubikeys for GitHub users today (+$5 shipping/handling)

Mon Oct 26 19:12:59 PDT 2015

>* seems pretty fragile, not nearly as robust as your a cheap thumb drive.
I'm dubious it would last > on my keychain for a year or two.

re: fragility of the keys, I can say that I've had a "standard" model
yubikey on my not-insubstantial keyring (a multi-carabiner system on a belt
loop) since 2010 and it has survived a beating, very little worse for wear.
I've had a "neo" model on there for the past year as well, and it's in fine
shape. They are nothing if not durable.

I'm hoping that the firefox gang will integrate support for u2f soon, but
the bugzilla thread about (
https://bugzilla.mozilla.org/show_bug.cgi?id=1065729) is a little
depressing and bad; although in the past week it's started to pick up a bit
and there's now apparently a modest bounty (
https://www.bountysource.com/issues/10401143-implement-the-fido-alliance-u2f-javascript-api)
of around $900 on the issue available for the taking, which is pretty cool.

I'll second that the documentation availability isn't that great. I like
the idea of the product generally, though, so I'm also kinda hoping that
this github deal will get more people interested and lead to a bit wider
support and better docs.

Mostly I use mine with a password manager with a one-time-password (OTP)
setup (which is a bit different than U2F - and why yubico is creating U2F
to compete with itself it a little beyond me) It also seems silly that I
can't use it as a 2nd factor for all the various services that offer 2nd
factor via text messages, authenticator apps, keychain dongles and whatever
else, but maybe someday soon.

--
Timothy D.
(aidian/#davismakerspace)

On Mon, Oct 26, 2015 at 6:44 PM, Bill Broadley <bill at broadley.org> wrote:

> I bought two of the $5.00 github u2f keys.  I'm a fan of 2 factor
> authentications and have used ibuttons, duo mobile, and google
> authenticator for a few different purposes.
>
> My complaints about the yubi key are:
> * Poor documentation, getting it to work with ubuntu 14.04 required a udev
> rule that I ended up finding in some forum post.
> * Isn't the full square USB connector, it just uses the half thickness
> version that can be inserted either way.  So you have a 50% chance of
> having it working once it's fully inserted
> * keyring hole is tiny, doesn't fit on my keychain ring
> * seems backwards for the 3 computers I've tried, the button and light
> aren't visible on the 3 computers I tried them on.
> * only works with google chrome (so far) and few sites (github and google
> mostly).
> * seems pretty fragile, not nearly as robust as your a cheap thumb drive.
> I'm dubious it would last on my keychain for a year or two.
> * Seems illadvised to hang a keychain from a 1" long lever from a USB
> port.  If they want to encourage that kind of use they should include a
> detatachable tether or something.
>
> So I was hoping for better, if you use a laptop with a free usb port the
> shorter version looks pretty nice.  Not sure why they didn't make it work
> both ways if you can insert it both ways.  Maybe the $5 special was to
> clear them out before they switch to the reversible USB-C version.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.davismakerspace.org/pipermail/discuss/attachments/20151026/069d2f6b/attachment.html>