|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
26 Nov 2014, 05:17 AM | #1 |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
Heads up - for people who want Yubikey for 2FA on FastMail
Hey guys, thought I'd share this deal I just saw (and just took advantage of as well). If you use (or want to use) Yubikey for 2FA on FastMail, there is a super price on Yubikeys right now, which I guess is just for the holidays... not sure when it expires.
It's 4 Yubikeys for $59. Which is really great, because 1 Yubikey normally costs $25. On top of that, you also get 2 LastPass premium subscriptions, so this price is actually kind of insane. 4 Yubikeys + 2 LastPass for $59? No brainer for me, and I picked up some more for myself and a friend. As a Yubikey user I had to pass this along. No offense to those who don't like deals posted in the forum. I don't gain anything from this. And anyone who knows my posts in this forum knows I'm not someone who posts deals like this, ever. But this one was really too good not to post for anyone who cares for FastMail + 2FA, and could benefit anyone who wanted to pick up some Yubikeys for a great price during the holiday season, and these work great IMO. Here's the link: https://www.yubico.com/2014/11/speci...-living-color/ |
26 Nov 2014, 09:23 AM | #2 |
Senior Member
Join Date: Jan 2002
Posts: 187
|
https://www.yubico.com/products/yubikey-hardware/
Happy New Year: $79 + free basic shipping* We have minted a limited edition run of three festive colors for a special YubiKey that exclusively supports the two most used YubiKey protocols – U2F (for Google Accounts) and One-Time Password (for a host of other services). (Note: This device is not a YubiKey NEO and has no support for CCID applications or NFC capability). Happy Holidays: $59 + free basic shipping* Secured passwords for two. Do you want to manage your passwords with LastPass and secure them with a Yubikey? This special holiday bundle has four YubiKeys AND two LastPass Premium Subscription licenses. Holiday price is nearly 50% off regular pricing. if have U2F and NFC will be perfect. |
2 Dec 2014, 04:59 PM | #3 |
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 616
|
So.... I'm still reading up on this stuff and trying to figure out what I need/want... and I wonder if I should prefer the colored Yubikeys because they support U2F in addition to OTP? How important is U2F, or will it be? Maybe we don't know yet...?
|
2 Dec 2014, 05:27 PM | #4 | |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
Quote:
I've just today ordered a bunch of the Christmas keys and a couple of Neos for FastMail staff. We'll be experimenting with U2F in the new year. No commitment to implement anything, of course |
|
3 Dec 2014, 03:53 PM | #5 |
Senior Member
Join Date: Jan 2002
Posts: 187
|
YubiKeys PREMIUM NEO seem good
maybe i get the 3 Limited edition colored YubiKeys U2F + OTP first. Last edited by steventay : 3 Dec 2014 at 04:02 PM. |
3 Dec 2014, 04:12 PM | #6 | |
Essential Contributor
Join Date: Mar 2014
Posts: 212
|
Quote:
U2F is much more secure against phishing/MITM attacks, because the token uses a key handle to select for the keypair used for the challenge-response. Since the MITM does not have the right key handle, it does not select the keypair and so the challenge-response cannot proceed. (Cheap U2F devices do not actually store the keypairs on the device, but that is an implementation detail that should not weaken security. The keypair is stored by the service provider, but encrypted using the protected device key.) |
|
3 Dec 2014, 04:26 PM | #7 | |
Senior Member
Join Date: Jan 2002
Posts: 187
|
Quote:
|
|
3 Dec 2014, 05:55 PM | #8 | ||
Essential Contributor
Join Date: Mar 2014
Posts: 212
|
Also Yubikeys (at least their U2F-only key). But again, it does not reduce security much. The private key is stored by the service provider (e.g. Google) as a part of the key handle, but it is encrypted using the secret on-device key and can only be decrypted by the device.
From Yubico's FAQ: Quote:
Quote:
1. If you were MITMed at the time of registering the key, then all is lost (obviously). 2. You have to believe that the producer of your key does not know the secret key in the secure element. But (T)OTP has the same weaknesses and many more. |
||
4 Dec 2014, 10:21 AM | #9 |
Senior Member
Join Date: Jan 2002
Posts: 187
|
oic..
i wonder U2F on NFC. NFC good for mobile on the move... |
4 Dec 2014, 02:13 PM | #10 |
Essential Contributor
Join Date: Mar 2014
Posts: 212
|
|
8 Dec 2014, 06:38 PM | #11 |
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
This is a really good offer.
I just bought 1 yubikey standard to use with FM and will not be using this offer... For now, 1yubikey is enough for me. I'll be buying another one in a month or so, to keep in a safe. Yubico seem to be an amazing company with great customer service.. |