This was posted 6 years 9 months 13 days ago, and might be an out-dated deal.

Related
  • expired

Yubikey 4 US$20 & Yubikey 4 Nano US$25 (50% off) (Limit 2 Per Account) + US$5.05 Shipping @ Amazon

590
Yubikey 4 US$20 & Yubikey 4 Nano US$25 (50% off) (Limit 2 Per Account) + US$5.05 Shipping @ AmazonAffiliate
Go to Deal
Cashback
r0xz on 11/07/2017 - 20:00 amazon.com (2437 clicks)
Last edited 11/07/2017 - 23:02
This post contains affiliate links. OzBargain might earn commissions when you click through and make purchases. Please see this page for more information.

Saw this on SlickDeals a few hours ago but already expired and back to normal price US$40. Then I checked again a few minutes ago and it's back at 50% off for US$20.

I don't even have a prime membership and bought 2 for AUD$61.72 delivered. Great deal considering the normal price is US$40 each!

Yubikey 4 Nano here:

https://www.amazon.com/Yubico-Y-159-YubiKey-4-Nano/dp/B018Y1…

Check the comparison here:

https://www.yubico.com/product/yubikey-4-series/

Price History at C CamelCamelCamel.
Computing 2FA Security Key USB-A Yubico

Related Stores

Amazon US
Amazon US

closed Comments

  • pegaxs on 11/07/2017 - 20:04
    +1

    I got one of these years ago. The original yubi key… and I can't work out how to get the thing working… :D they sound like a really good and handy tool to use. I guess I'm just to dumb to work it out…

    • [Deactivated] on 11/07/2017 - 20:09
      +23

      Give me your email address and the password for your account and i'll help you set it up.

        • r0xz on 11/07/2017 - 20:20
          +33

          he's trolling :P

        • stonkered on 12/07/2017 - 07:49
          +2

          Even if they are honourable ozbargainers?

        • Han Solo on 12/07/2017 - 07:56

          @stonkered:
          Yeah I think the idea of ozbargain is just a place where all the scabs on the internet can come find scab deals

        • BartholemewH on 12/07/2017 - 08:13
          +5

          @Proxima:
          It's a place where professionals gather online to discuss matters relating to the profession.

        • stonkered on 12/07/2017 - 09:02

          @Proxima:

          Don't forget it's a good place for internet arguments too.

        • raybies on 12/07/2017 - 12:23

          @Proxima: We're Scrubs not scabs!
          https://www.youtube.com/watch?v=FrLequ6dUdM

        • Meconium on 12/07/2017 - 14:01
          +1

          weary

          wary

        • MathNerd on 12/07/2017 - 14:01

          @Proxima: and also a place to seek advice on investments with high yield, such as $80k cars.

        • gimli on 12/07/2017 - 14:34
          +2

          @Meconium:
          I was weary

    • r0xz on 11/07/2017 - 20:10
      +1

      the original one is not as good as the new one. These new versions can be used to authenticate to Gmail, etc. anything that supports Fido U2F.

    • newbiesh on 11/07/2017 - 23:10

      yes these fkwits are hard to work with, took me days to make it work in linux

      • Diji1 on 11/07/2017 - 23:35
        +13

        Yes, nothing works in Linux.

  • BearerOfDadNews on 11/07/2017 - 20:10
    +2

    https://www.amazon.com/Yubico-Y-159-YubiKey-4-Nano/dp/B018Y1…

    The Yubico 4 Nano is 50% off as well. $25+postage

  • GreenRomeo on 11/07/2017 - 21:12
    -1

    Always want to use a U2F device like Yubikey but it has't supported iPhone yet.

    • merivetio on 11/07/2017 - 22:34
      +9

      Your point stands, and this isn't meant to be a troll comment or anything…but it might be more accurate to say that iPhone hasn't (doesn't) support such a device yet. The iOS ecosystem as far as hardware goes is very closed off, so unfortunately any sort of third party OTG or NFC functionality isn't possible. :(

    • 808State on 12/07/2017 - 00:28
      +3

      Check out FIDO alliance website… lots of companies but no Apple… they have their own agenda.

  • Wally on 11/07/2017 - 22:36

    These do not support NFC do they?

    • r0xz on 11/07/2017 - 22:42
      +4

      Not this one. Check the comparison table for features

  • georgedn on 11/07/2017 - 23:15
    +1

    Got one. Now, what do u do with it?

    • r0xz on 11/07/2017 - 23:24
      +3

      Sell it back on RRP @ eBay :)

  • br1ttle on 11/07/2017 - 23:51

    Sorry for the noob qn but how is everyone ordering off amazon? R u guys using credit cards?

  • n-k on 12/07/2017 - 01:07
    -3

    I have a suspicion that people buy tech like this, but then exercise no real basic precaution with other aspects of their online security. Using a password manager, for instance.

    • Cozza38 on 12/07/2017 - 01:29
      +2

      I've had a yubikey for years and use it as physical 2FA to my lastpass account.

      • dealman on 12/07/2017 - 07:57

        Why is this better than sms 2 factor Auth for last pass..

        • NiteMice on 12/07/2017 - 08:27
          +1

          SMS is a vulnerable protocol that can be intercepted.

        • dealman on 12/07/2017 - 10:55

          @NiteMice:

          Also just realized that sms is now not available…

          How does this compare to say Google authenticator..

        • r0xz on 12/07/2017 - 11:13
          +1

          @dealman: Google Authenticator or whatever software with similar functions are software token while this kind of thing (Yubikey, RSA SecurID, etc.) are hardware token.

          The people in the industry prefer hardware token over software token because software can be exploited (so does hardware, but it's harder to do it unless you have physical access to it, so you get the idea…)

        • joelmuzz on 12/07/2017 - 11:29
          +2

          SMS is dead (or should be) since it is insecure.
          Phone numbers can be hijacked for intercept and any random app given Messaging permissions can steal, silence+hide and forward on so you never even notice it is happening. Also sucks when overseas without roaming.

          The SMS message is really just a TOTP code or equivalent, the whole SMS transmission step is unnecessary since you can just run your own TOTP generator on a smartphone app.
          Google Authenticator and Authy are such apps.
          I recommend Authy, it has the superior feature of offering optional cloud backup so if you lose/break/format your phone you can recover all your TOTP's to another phone or Chrome browser. Just protect the backup login with a quality password obviously. Without backup its a bit sucky if phone is unavailable, some sites have no recovery in that situation.

          The drawback with apps is that they are only as secure as the phones root, if the phone is virussed at the root level then the virus has access to steal the code seeds and generate. The good phones like modern premium Samsungs with Knox are pretty solid if the app is in SecureFolder section and you dont put stupid things in with it, anything you have rooted/jailbreak or from manufacturers suspected of factory spyware not so much.

          There is no way to generate a Yubikey password unless it is plugged in or connected via NFC link, so it is more secure in that regard.
          Though hard to use, the NFC version (the Neo, not this deal) solves that with a compatible phone.

        • idonotknowwhy on 12/07/2017 - 15:03

          Social engineering attacks against the telco. Most of the time they only need a date of birth if you 'forget your password'.
          Also, if you're overseas and can't get SMS's, what will you do? Disable 2fa?

          On the + side for SMS, you can see when people try to crack your account (2fa codes get sms'd to you at 3am).

        • joelmuzz on 12/07/2017 - 17:40
          +1

          @idonotknowwhy:

          Pre Android 4.4 (2014) any app with Messaging permission could delete and hide messages. Since then they partially addressed this problem by allowing only one app at a time to be nominated Default and have the ability.

          Ability to Read is still pretty open and easy to fool people into granting permission to some "free" app.

          And I think any app with Messaging permission can still mark as read and suppress the notification? I noticed one of my banking apps was automagically receiving, applying and marking its own 2FA SMS's as read with the phone never notifying (I think it was during the app association with the phone stage on first signin. Perhaps I did authorise some prompt for temporary permission unsure?). A nice convenient feature for the app sure, but its a bit of a frightening thought how some random trash app can also do that and act as a silent SMS relay.

        • dealman on 12/07/2017 - 19:31

          @joelmuzz:

          Thank you very scary indeed,
          Now I want to go back and review every app with SMS permission.

  • diabolic on 12/07/2017 - 08:39
    +1

    Got a nano - the 4 was unavailable. Good price!

  • terrywang on 12/07/2017 - 08:52

    YubiKey 4 is great (U2F, OpenPGP, PIV etc.), just bought 2 before end of FY for A$60 each from Shadow Auth…

  • Last Seen on 12/07/2017 - 09:18
    +1

    How effective or practical is incorporating a Yubikey into your digital life, if you're also accessing the same services via mobile apps?

    I'm probably using the wrong search terms, but I haven't been able to ascertain whether I'll be leaving myself vulnerable on mobile (if 2FA app/SMS auth is disabled by selecting Yubikey)

    • shaybisc on 12/07/2017 - 10:01
      +2

      The Nano doesn't work on mobile phones if that's what you mean. Only the US$50 Neo has NFC.

      Actually it does work on mobile phones I discover, but only with an OTG cable.

      "Yes and no. It is similar to using a YubiKey for USB-A ports plugged in using an “on the go” (OTG) cable into the micro USB port of an Android device. When you insert your YubiKey 4C into the USB-C port on your Android devices, only the basic one-time password (OTP) button press functionality works.

      The following functionalities are not supported using the YubiKey 4C (or over any USB connection) on Android devices:

      U2F
      PIV
      OpenPGP
      Yubico Authenticator
      It is also important to note that while your YubiKey 4C is plugged in to your Android device, the on screen keyboard will no longer be accessible in Android until your remove your YubiKey."

      https://www.yubico.com/support/knowledge-base/categories/art…

      • Last Seen on 12/07/2017 - 10:30

        Thanks shaybisc

        You've clarified for me in part. I think my phrasing was a bit poor :(

        I am under the impression that you can't use multiple 2FA methods, per service or device. So, if I adopt Yubikey for a particular service (password manager, banking site), I believe I'll have to disable any other authentication method.

        This seems to provide adequate security if I don't access any corresponding services on mobile.

        I can't see myself connecting via OTG cable, so in effect by enabling Yubikey, I suspect I'll be left with a less secure mobile experience or inability to access those Yubikey-enabled services on mobile.

        • shaybisc on 12/07/2017 - 10:45
          +1

          You can use multiple 2FA for Gmail and Lastpass. I doubt any Australian bank has multiple 2FA methods available yet- could be wrong- mine only use sms codes.

  • macrocephalic on 12/07/2017 - 09:48
    -4

    It seems pretty expensive for something which is just replicating keypresses.

    • r0xz on 12/07/2017 - 10:04

      gold is expensive

      • Baebs on 12/07/2017 - 10:13

        gold also holds value

    • firstworldproblems on 12/07/2017 - 14:31

      if it were just capable of replicating keystrokes, then your observation would be correct.

      also, even as merely as a HID, it has important features above and beyond keystroke injection, the inability to modify the firmware being one of them.

  • shaybisc on 12/07/2017 - 09:58

    The OnlyKey looks better to me. For starters it is open source.

    https://crp.to/p/

    • whirlpool_guy on 12/07/2017 - 13:02

      International edition doesn't have "Military Grade Encryption"?! C'mon this is not 1996.

      • shaybisc on 12/07/2017 - 13:49
        +1

        Well spotted. From reading this I think you can change it from standard editional to international and vice versa by changing the firmware yourself.

        https://crp.to/2017/04/onlykey-users-guide-traveling-interna…

        And their reason for doing it that way.

        https://crp.to/2017/04/plausible-deniability-onlykey/

        A pain in the arse if you ask me but there you have it.

      • joelmuzz on 12/07/2017 - 18:00
        +2

        Its an intentional feature, that is what makes it suitable for international travel to certain countries where strong encryption is a criminal offence.
        Also some USA export restrictions on certain encryption technology, even though it is openly available online.
        Lack of that encryption is the whole point of an "international" version existing.

        Similar deal with the Plausible Deniability (ability to have an encrypted file which contains a second encrypted file which nobody can prove isnt just randomised noise filler). In order to plausibly deny you have to be able to deny that you have a device which is designed to provide plausible deniability by default.

        Its just a trick.
        You are supposed to order an "international" so you have the receipt and can claim thats what you thought it was. And then update the firmware, claiming it must have been a manufacturing error. Infact there is good odds they actually all go out as the Standard version anyway by "mistake".

        • whirlpool_guy on 13/07/2017 - 13:58

          Thanks for clarifying. Didn't know the customers can plausibly deny she's trying to import strong crypto from the US.

      • m9 on 12/07/2017 - 18:04
        +1

        America has strict export restrictions on cryptography. OnlyKey gets around this restriction by shipping versions without encryption internationally, which can then be flashed with the standard firmware that includes encryption.

  • Trantor on 12/07/2017 - 17:25
    +1

    Procrastinated too long :/ deal is over.

  • eunos on 12/07/2017 - 20:58

    Shame the code didn't work for USB C version

  • [Deactivated] on 16/07/2017 - 17:08

    Any other deals going for these?

Login or Join to leave a comment
Login Join