Advice Request Gmail & Yubi key 2fa?

Please provide comments and solutions that are helpful to the author of this topic.

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
Crosstalk Solutions posted a YT video about how it's best to use yubi key for 2fa at gmail. gmail told me to put my yubi into usb slot, then touch the yubi button. It failed, no obvious reason. All gmail ever said was "try again" so I did ... ... ... :mad: Am I the only one? The yubi itself is good, works on other sites aok.
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
you probably did it wrong, i have yubikeys, no issues at all. search in google for instructions.


you should contact yubikey support.
well I dunno? I watched the CrossTalk video, then followed the gmail screen instructions to the last instruction (touch the yubi key), and that's where it "failed"?? And I did send feedback to gmail help, and so far I have not seen their reply, but will look again later today. (PS I have setup my yubi on other sites too). Just wondering if gmail is vastly different than other 2fa sites.

EDIT: I fixed my 2fa yubi key "try again" issue with gmail. Nothing to report without compromising "security." :ROFLMAO:
 
Last edited:
  • Like
Reactions: vtqhtr413

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
I got my gmail (google account) working with yubi key 2fa and google pushed me to turning on "enhanced protection" -- is this any real added protection or does it just help google track you better?
 

amir 957

Level 6
Verified
Well-known
Jan 9, 2017
246
Crosstalk Solutions posted a YT video about how it's best to use yubi key for 2fa at gmail. gmail told me to put my yubi into usb slot, then touch the yubi button. It failed, no obvious reason. All gmail ever said was "try again" so I did ... ... ... :mad: Am I the only one? The yubi itself is good, works on other sites aok.
I’m using gmail with youbikey without any problem so far
It’s knida weird 🤔
 

Evgeny

Level 7
Verified
Well-known
May 1, 2015
314
I got my gmail (google account) working with yubi key 2fa and google pushed me to turning on "enhanced protection" -- is this any real added protection or does it just help google track you better?

well its more like a gimmick to me, it will only require a fido key (yubikey) to unlock your account.
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
231
What I find interesting yubi key 2fa is to protect the password manager, although not all password manager that supports, more is good security addition. How many accounts can you store in yubi key? 34 accounts?
the yubikey 5 can store 32 OTP codes but unlimited fido/webauthn
also you can configure the second slot (touch & hold) to do another function e.g Challenge/Response, HOTP and Static Password

the main security benefit of the fido/webauthn 2fa method is for phishing protection (e.g just using OTP you could potentially get tricked into entering user/pass & OTP into a fake site, but with fido/webauthn you cannot)
 

piquiteco

Level 14
Oct 16, 2022
624
the yubikey 5 can store 32 OTP codes but unlimited fido/webauthn
also you can configure the second slot (touch & hold) to do another function e.g Challenge/Response, HOTP and Static Password

the main security benefit of the fido/webauthn 2fa method is for phishing protection (e.g just using OTP you could potentially get tricked into entering user/pass & OTP into a fake site, but with fido/webauthn you cannot)
Thank you very much for your information. (y)
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
update ISSUE google account 2fa yubi key. I've been using my yubikey for 2fa with my google account (gmail & youtube). It has been working aok for several weeks, until today. Suddenly today, I went to login, entered pw and had yubikey ready, but I was logged in without the yubikey! Either some sort of hack o_O OR more likely I forgot to uncheck don't use 2fa on this computer again, or for 30 days (whatever it says -- which I find annoying -- why would I want the security of using yubikey, and the default option is not to use it??) Here is where it gets "odd" -- the fix should be remove this computer from devices you trust, and google help lays out the instructions, but my screens do not show or follow google's instructions??
Open your Google Account.
Under "Security," select Signing in to Google.
Choose 2-Step Verification.
Under "Devices you trust," select Revoke all.
I see the first two steps, but 2-step verification is not being shown as a selection (eg to disable or enable) and not seeing devices you trust either.
maybe a solution is to use a computer that I never used to login to google account, and hopefully that will (or should) require yubikey, and then perhaps needed option about revoking trusted devices will reappear. frustrating this is happening, impossible to contact google support, and not knowing why / how this happened. :unsure::eek::mad:
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
@simmerskool is everything okay with you? hope all is well with you and your family. Do you know indicate or recommend where I can buy the similar yubikey 5 that @kC77 quoted in post 8 for a more affordable price? i am interested in buying one. Thanks! (y)
obviously "everything" is not ok with me, so far I have been unable to reset chrome to require my yubi for my google account. As for cost, I bought my keys from yubi in the somewhat distant past, ie, not recently.
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
UPDATE fwiw: I finally got around to "testing" login to my google account from another computer, and login DID require me to use my yubikey, so I must have missed unchecking the default box re "don't require yubi on this device" the other day. But still miffed that google's instruction for untrusting a device, or all devices, is not taking me to the right place in my account to do this. Could be "enhanced protection" has a different set of screens, or something. In any event, 2fa_yubikey is being enforced by google, so ok... :cautious:
 

piquiteco

Level 14
Oct 16, 2022
624
obviously "everything" is not ok with me, so far I have been unable to reset chrome to require my yubi for my google account. As for cost, I bought my keys from yubi in the somewhat distant past, ie, not recently.
I asked, to you, if everything was ok, health-wise, taking into consideration that I have as a friend. (y) You and @harlan4096 and @BryanB was one of the people who I talked more here in MT. Not that I treat the other members of the MT differently, I treat everyone the same, but there is always some that we talk more, so I asked if everything was okay. Now back to the subject, so by the looks of it you were able to test yubikey in your google account? I don't have yubikey, but I recommend when activating 2FA using Yubikey, generate and save the recovery codes in a safe place, in case it refuses to accept your Yubikey for some reason, you use those recovery codes to log into your google account. I hope you were able to solve this problem. Best Regards! ;)
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
I asked, to you, if everything was ok, health-wise, taking into consideration that I have as a friend. (y) You and @harlan4096 and @BryanB was one of the people who I talked more here in MT. Not that I treat the other members of the MT differently, I treat everyone the same, but there is always some that we talk more, so I asked if everything was okay. Now back to the subject, so by the looks of it you were able to test yubikey in your google account? I don't have yubikey, but I recommend when activating 2FA using Yubikey, generate and save the recovery codes in a safe place, in case it refuses to accept your Yubikey for some reason, you use those recovery codes to log into your google account. I hope you were able to solve this problem. Best Regards! ;)
Thanks, I appreciate your above-comment and your posts generally. IIRC, google requires you have to have TWO (2) yubikeys registered to the account, as well as keeping recovery codes in a safe place. I must have logged in the last time with the box checked [default :mad:] to disable 2fa on this device for 30 days. Duh? google's instructions for revoking trusted status thus requiring 2fa on the device are not consistent with what I'm seeing here, but I'm ok knowing that google IS enforcing the required use of yubikey other than on this device. My yubi's work with iphone too, IIRC they were about $45 each directly from yubi and was a year or 2 ago, iirc.
 

piquiteco

Level 14
Oct 16, 2022
624
Thanks, I appreciate your above-comment and your posts generally. IIRC, google requires you have to have TWO (2) yubikeys registered to the account, as well as keeping recovery codes in a safe place. I must have logged in the last time with the box checked [default :mad:] to disable 2fa on this device for 30 days. Duh? google's instructions for revoking trusted status thus requiring 2fa on the device are not consistent with what I'm seeing here, but I'm ok knowing that google IS enforcing the required use of yubikey other than on this device. My yubi's work with iphone too, IIRC they were about $45 each directly from yubi and was a year or 2 ago, iirc.
Now I get it, you have to have TWO (2) yubikeys, one of which is a backup, in case one goes bad you have the other. It makes perfect sense. Google is really enforcing the required use of yubikey. My google account has 2FA (Enabled) sometimes even when I type the token generated by the authenticator application, google sends another code via sms to my cell phone to confirm my identity, that sucks, it's not always that happens, but when it comes to security we accept it. Now it has become 3FA and not 2FA.:LOL: You just pay attention to the cookies, I don't know how yubikey works because I never had one, so I can't give an opinion, but when you check the box trust this device, it will only ask for your password, ignoring the second MFA/2FA factor, I suppose you are accessing from the same device, that you marked as trusted. Wow $45 each? or both? if you had one or both in this price range nowadays I would buy it on the spot. Here it costs around $150 each. On the web you can find a more affordable price. (y)
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Wow, just wow! you need to be careful when installation thats one of big important read it before click next then read it then click next as step by step next time lol.
 
  • HaHa
Reactions: piquiteco

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
Now I get it, you have to have TWO (2) yubikeys, one of which is a backup, in case one goes bad you have the other. It makes perfect sense. Google is really enforcing the required use of yubikey. My google account has 2FA (Enabled) sometimes even when I type the token generated by the authenticator application, google sends another code via sms to my cell phone to confirm my identity, that sucks, it's not always that happens, but when it comes to security we accept it. Now it has become 3FA and not 2FA.:LOL: You just pay attention to the cookies, I don't know how yubikey works because I never had one, so I can't give an opinion, but when you check the box trust this device, it will only ask for your password, ignoring the second MFA/2FA factor, I suppose you are accessing from the same device, that you marked as trusted. Wow $45 each? or both? if you had one or both in this price range nowadays I would buy it on the spot. Here it costs around $150 each. On the web you can find a more affordable price. (y)
re price when I got both yubi, I'm going off the top of my head guesstimate.
 
  • HaHa
Reactions: piquiteco

piquiteco

Level 14
Oct 16, 2022
624
@simmerskool Here where I live the Yubikey costs $89 each, and I've been searching the internet on amazon costs $74 if it is durable is not expensive a Yubikey, taking into account the security that will provide you. The interesting thing that it works on mobile devices NFC and my phone has NFC, I'll wait a little and slowly I'll research about Yubikeys. ;)
 

simmerskool

Level 31
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,092
@simmerskool Here where I live the Yubikey costs $89 each, and I've been searching the internet on amazon costs $74 if it is durable is not expensive a Yubikey, taking into account the security that will provide you. The interesting thing that it works on mobile devices NFC and my phone has NFC, I'll wait a little and slowly I'll research about Yubikeys. ;)
I was going on vague memory as to cost for my yubikeys, it was long enough ago, I have no absolute memory or receipt to confirm what I paid. I do recall I purchased from yubi, and my yubi keys works with my iphone too. I vaguely recall $90, and was thinking $45 each, but it could have been $90 each! for a total of $180!! I bought 2 because I'm pretty sure google requires 2 in order to use a yubikey for 2fa. It bothers me that when you login to your google account, there's an option to disable for this device (paraphrase) and the default is checked to disable which makes no sense to me. Other sites that use yubikey have the same option BUT their default is unchecked meaning if you take no action, ie, do not check that box, it continues to require the yubikey. IMO google login has this option setup backwards.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top