frustrating things I learned the last 2 days
#Yubikeys gpg-card default pin is 123456, admin pin is 12345678. if you enter the admin key 3 times wrong, you need to factory reset the gpg-card feature
https://www.gnupg.org/howtos/card-howto/en/ch03s02.html

If you use pinentry loopback (CLI-input), it wont tell you if you need to enter the user or admin pin. #gnome console doesnt work reliably with the loopback pinentry, the loopback itself is very wonky.

#gpg #yubico #smartcard #frustation #rage

Yubico är ett internationellt välkänt it-säkerhetsföretag som nu börsnoteras genom att gå samman med spac-bolaget ACQ Bure. Här blir grundaren Stina Ehrensvärd intervjuad om verksamheten. https://www.youtube.com/watch?v=KagmmtTr3Hs #aktier #Yubico

Ok, another day another #migration.

I am a big fan of #vivaldi but my online heart is with #floss and had to go to a floss related instance after leaving fosstodon.

Thank you #Vivaldi for hosting me for a few.

Me? A big fan of the following - in no particular order: #RightToRepair #privacyMatters #linux #mojeek #postmarketOS #sxmo #fountainPens #EFF #PopOS #System76 #buddiesofbudgie #solus #fantasy #sciFi #Dune #Tolkien #vpnsecurity #Portmaster #yubico and I am sure I am missing a few.

Thanks @chiefgyk3d for the YubiKey and fidget toy! He's got some donated from #Yubico to giveaway on Twitch streams, so check out his stream to get in on the Marbles games and win a #yubikey. #security

Yubico är det internationellt uppmärksammade it-säkerhetsföretaget som är mitt uppe i att notera sig via spac-bolaget ACQ Bure. Finns uppsida i Yubico men Affärsvärlden stannar vid en neutral rekommendation. https://borsposten.se/finns-uppsida-yubico-men-affarsvarlden-stannar-vid-en-neutral-rekommendation/ #aktier #Yubico #ACQBure

Recently added quite a few finger-sized gadgets!
- Kingston DataTraveler Exodia 64GB
- Orico USB-C female to USB-A male
- PortaPow Data Blocker Pure - Prevents juice jacking
- Sandisk Ultra Luxe 64GB
- Kingston Ironkey Locker+ 50 32GB
- Yubico Security Key USB C NFC

Really happy with the performance of each product so far.

#usbflashdrive #KingstonIronkeyLocker50 #IronKey #yubico #yubikeys #Orico #portapow #juicejacking #sandisk #flashdrives #securitykeys #datablocker #usbcondom #newtoys

While exploring use of PKCS #11 devices in #OpenPGP contexts, I stumbled over a bug (and potential security issue) in the yubihsm_pkcs11.so driver for #YubiHSM devices.

Long form text by Christian Reitter (who walked me through the coordinated disclosure process with #Yubico, and did amazing work analyzing and writing up the issue):
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/

Yubico advisory: https://www.yubico.com/support/security-advisories/ysa-2023-01/

#CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39908

(Thanks again to @sovtechfund for funding my #PKCS11 work)

So apparently, according to Yubico's CS, they accidentally placed a "normal", no-barcode Security Key into an "Enterprise Edition" packaging and told me not worry about it. They advised me to reset the key with ykman if I was still worried.

#yubikey #yubikeys #yubico #OnlineSecurity #CyberSecurity #hardwarekey #securitykeys #fido2

They're here! Not sure why I got the Enterprise Edition though... Seems the only difference is a bar code on the backside compared to having nothing on the normal version. #yubikey #yubikeys #yubico #CyberSecurity #OnlineSecurity #securitykeys #2FAkey #2fa

For actually using the hardware key on macOS login (not Apple ID), you need the more expensive @yubico 5 series keys as they support PIV. So don't buy the wrong key! If in doubt, and budget allows, get the 5 series.

And another common service to use 2fa hardware keys is @bitwarden. You need Bitwarden Premium to use it, not the free tier.

#2fa #2FAkey #yubikey #yubikeys #yubico #OnlineSecurity #macos #hardwarekey #bitwarden

For those who want to use hardware security keys to secure your Apple ID, make sure you fulfil these requirements: all your devices need to support iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, or later. They also ask you to register at least two hardware keys when you activate hardware security keys on your Apple ID.

https://support.apple.com/HT213154

#fido2 #FIDO2Protocol #2fa #2FAkey #yubikey #yubikeys #yubico #OnlineSecurity #appleid #hardwarekey

Gonna be buying 2 hardware keys to up my online security game. Chose the @yubico more budget friendly, Security Key series—one USB-C, one USB-A. I also just read that Firefox 114 (June 2023) on macOS and AWS now supports FIDO2. Hope the setup is smooth sailing! Been wanting to use a hardware key for ages...

https://www.yubico.com/blog/amazon-web-services-aws-announces-support-for-fido2-security-keys-in-aws-govcloud-iam-policy-improvements/

https://www.yubico.com/blog/firefox-support-for-fido2-authenticators-is-here/

#fido2 #FIDO2Protocol #2fa #2FAkey #yubikey #yubikeys #yubico #OnlineSecurity #firefox #macos

Poll (select all that applies)

And by the way, you'll have the same problem with #Yubico OTP:

ISO-FR cccccc...ithnkjkijkdhvddntuvektkjgj
BÉPO xxxxxx...ov,itd.t.èricvpdxeè,oxkep

This is the #facepalm moment when I realize I've planed everything, but in fact I have not.

One of my favorite things about working with #Yubico as an affiliate and brand ambassador. Whenever I need keys for projects they oblige! #infosec #cybersecurity #yubikey

#Yubico sent an email out that advertised

> … _make phishing-resistant authentication as easy as getting a new credit card._

Idk, maybe I'm not American enough for that, but this doesn't sound easy to me lol.

Facebook have the option to have U2F with a security key but Instagram don't why?

#security #yubico #instagram #facebook

My #Yubico USB security keys weren't working in the version of #Firefox that comes installed with #KDENeon. Thanks to Mozilla support it turned out that there is something wrong with the configuration of Firefox in Neon; the official version of Firefox from the Mozilla site works fine. Thanks Mozilla Support! 👍

Still seeking options on #MFA besides #Yubico / #yubikey opensource or at least with a full Linux compatibility

#Yubico bought by investment company featuring… checks notes… eurovision contestant baroness caroline af ugglas.

https://www.yubico.com/blog/yubico-is-merging-with-acq-bure/

Security key maker Yubico is "merging" with a Swedish holding company called ACQ Bure in order to become a publicly traded company. It's unclear what, if any, long term impact this will have on the company's products. https://www.yubico.com/blog/yubico-is-merging-with-acq-bure/

#Yubico #Security #MultiFactorAuthentication