What you'll learn 👉
What exactly is YubiKey, and how does it secure your account?
YubiKey is a product developed by Yubico, which is based out of Silicon Valley. The company claims that the technology behind the product makes it one of the best solutions for securing online accounts. YubiKey uses a variety of different authentication methods like FIDO2, FIDO Universal Second Factor, USB Type-C, and NFC.
The solution works by inserting a small piece of plastic called a YubiKey into your computer. Once inserted, it generates a unique code every 30 seconds. This code is used to authenticate your identity when logging in to your web browser or mobile app. When you log in, you are required to enter your password along with the generated code. If both match, you are granted access to your account.
In addition to being able to use it to log in to your email, cloud storage, and social media accounts, the YubiKey can also be used to securely sign documents. You can even use it to unlock your phone.
Crypto exchanges that support YubiKey
Crypto exchanges, accounts, and high-value transactions may all be protected with YubiKeys.
It’s important that crypto is safeguarded at the exchange level while YubiKey’s account secrets are kept secure. When exchanging accounts, YubiKey users just tap or touch their security key to authenticate. Additionally, Yubico Authenticator is a mobile authenticator that stores secrets on the YubiKey rather than on the mobile device.
The private keys held by the crypto exchange make them an enticing target for criminals who want to steal your money. Crypto private keys must be stored securely on hardware in order to protect them from remote attacks and their unauthorized extraction.
Coinbase
Even if you have no money in your Coinbase account, you should still use a YubiKey. Crypto’s popularity has increased the risk of account takeover. Back in 2020, due to poor security, an unauthorized third party accessed thousands of Coinbase clients’ accounts.
A total of 6000 Coinbase users had lost all of their cash.
In order to protect the accounts of those affected, two-factor authentication was activated on them. Although it is largely deemed hazardous, it should be avoided in favor of more secure authentication techniques using tokens with time-based one-time passwords (TOTP). It is more secure to use a security key like a Yubikey than to use an SMS-based 2FA.
Binance
Binance crypto exchange, is now the world’s most active crypto exchange, processing more than 1.4 million transactions each second. One of the security options offered on Binance is to have YubiKey instead of the standard 2FA authenticator. This offers additional layer of security for Binance users.
Kraken
Based on euro volume and liquidity, Kraken is the largest worldwide digital asset platform. There are hundreds of digital assets and many fiat currencies traded by Kraken’s customers across the world.
Trading with margin, auctions, staking, regulated derivatives, and index services were all originally offered by Kraken when it was established in 2011. Millions of traders and institutions throughout the world rely on it for expert online support that is available 24 hours a day, seven days a week.
With the help of the YubiKey, customers can use the hardware-backed key to protect their account login, fund transfers, and trades on the exchange via the Web and Kraken Mobile Apps.
Gemini
Gemini is the first crypto exchange that started offering support for hardware security keys on both the web and mobile platforms. Gemini customers can use USB and NFC security keys to secure their accounts while accessing the Gemini app on either Android or iOS devices.
In addition to providing stronger protection against fraud, hardware security keys enable Gemini customers to regain control over their digital assets and financial information. For example, a customer could lock down his/her funds by requiring a PIN code or biometric verification prior to making transactions. In another scenario, a customer might require a different PIN or OTP for every transaction, thereby preventing others from gaining access to sensitive data.
To make this possible, Gemini has worked closely with Yubico, the world leader in software development for hardware security keys, to integrate hardware security keys into the Gemini app.
Bitfinex
Bitfinex is one of the relatively safe crypto trading platforms and a favorite place of OG crypto traders to trade bitcoin on a margin. However, just because it is relatively safe doesn’t mean it isn’t risky. Just like any other crypto trading platform in the market today, they are at risk from hackers.
Hackers are typically looking for vulnerabilities and breaches that could give them access to user accounts or platforms. It is, therefore, extremely important for Bitfinex to ensure their security standards are up to par and they provide the best solutions to their users.
It has made an effort to ensure the safety of its client’s funds and personal information by implementing various security measures, audits, and improvements.
When using the platform, users can take advantage of a wide range of security options. The FIDO Universal 2nd Factor open authentication standard allows them to use a physical security key like YubiKey.
How to Start Using YubiKey?
Yubico’s YubiKey is one of the most popular devices for securing your online accounts. If you’re looking to start using it for enhanced security, here are some tips on getting started.
The first thing you’ll want to do is buy a YubiKey. You can find out what model works best for you by selecting your preferred device from the dropdown menu under “Products”.
After choosing your YubiKey, you’ll see a list of supported services. Choose the one that matches your needs, and follow the steps to pair the device with your account.
To ensure your data stays secure, make sure to keep the YubiKey plugged into your computer whenever possible. When you aren’t actively using your PC, unplug the YubiKey and store it somewhere safe.
How to set up your YubiKey on Binance?
If you want to set up your Yubikey on Binance, follow the steps below:
1) Firstly, log in to your Binance account.
2) Move your mouse over the profile symbol after signing into your Binance account (top right corner). Select “Security” from the dropdown menu that appears.
3) After that, click “Setup” to begin the process.
4) If you agree, click “Continue anyway” after reading the note.
5) To activate YubiKey, please insert it into an available USB port and touch its button within 60 seconds. You can try again if time is up.
6) If the “Allow this site to see your security key” notice appears, click “Allow.”
7) It’s entirely up to you whether or not to give your YubiKey a name. Click the “Verify your account” button when you’re ready.
8) If you have activated Google Authentication, you will be prompted to enter your code.
9) To confirm the YubiKey setup request, check your email.
10) A YubiKey is now protecting your online account.
How do I set up YubiKey on Coinbase?
If you want to set up your Yubikey on Coinbase, follow the steps below:
1) Firstly, log in to your Coinbase account.
2) In the upper right area, select your profile image (or the circle and letter icon).
3) In the slide-out menu, click on your profile image and then select “Settings”.
4) Select the “Security” tab on the left-hand side of the page.
5) Next to Security Key, select Add (or Select).
6) Click to “Continue”, and then click “I understand”.
7) To verify your changes, enter the 7-digit code texted to your phone number and click “Submit”.
8) To begin the registration process, click “Begin registration” and then “USB security key” in the pop-up windows.
9) Touch “Allow” in the pop-up window after inserting your security key.
10) At the end, click on “Done”.
What if you lose your YubiKey?
For lost or stolen YubiKey, the policy varies depending on how that service or app handles the situation.
If your site supports alternative authentication methods, you can use them to recover your account. Then, you can remove the lost YubiKey by associating another (or a new one).
For example, It is possible to configure up to five YubiKeys with a LastPass account so that you can continue to log in with other keys if one is lost.
Other means may be provided by applications or services for you or administrators to assign a new YubiKey if you lose the original key.
YubiKey vs Hardware wallets – which one is better to use?
If you want to stay true to the crypto ethos – be your own bank and not your keys, not your coins: hardware wallets are the solution for you. Hardware wallets are mandatory for any longer term plan on holding crypto. We recommend Ledger Nano X or S Plus – see their reviews here for Nano X and here for Nano S Plus; and click here to buy them.
The Yubikey appears to just be utilized for transaction authorizations and login authentications, which is a huge improvement. Your coins are only as secure as the security measures taken by the exchange because it doesn’t appear to have a direct influence on their security (although you would expect they would be using Yubikeys too).
It doesn’t appear that this would safeguard you in the event that the exchange was hacked, closed down, had its employees steal everyone’s coins, refused to give you your coins for any reason, or had its owner only keep a single copy of the private keys to the wallet before departing for India and passing away. All of them have occurred, including the last one, which really occurred to me. Fortunately, I didn’t have much to say throughout the discussion.
Although the use of a Yubikey significantly increases exchange security, it does not, as far as I can tell, comply with the “not your keys, not your Bitcoin” criterion, making it, in my opinion, unsuitable for long-term storage.