One last piece of advice: buy a YubiKey

Almost no one takes their safety seriously. I know there are some people who think it’s a good idea to store passwords in a real book – that these timeless invocations whispered to Amazon, Bank of America or Google by their mere presence protect them from glasses and trench coats – disguised “hackers”. These are the same people who ignore heaps of pending security updates and all screen space wasted by browser toolbars. You can’t just make the people storing their bank details in iCloud or Drive text notes keep themselves safe because everyone the loss of comfort for them is beyond begin. But almost every adult carries a set of car or house keys with them, and the solution they can use is just as convenient.

ANDROIDPOLICE VIDEO OF THE DAY


I beg any person reading these words to just buy a YubiKey and set up all the services that can use it.

You need two-factor authentication, and the dongle is the best

It’s the easiest way to increase your online security, and with all the constant hacks and the incredibly justified lack of even basic security standards in so many companies, need have something other than a password standing between the world and any digital account whose value exceeds $ 20. There are many things you can add to the equation and many 2FA (Two Factor Authentication) systems you can apply, such as SMS and email methods. But your security is only as good as the solution you choose, and the dongle is your best choice.

Admittedly, not every company supports 2FA or even 2FA based on hardware tokens. There is a great public list of 2FA-compliant online services that I recommend checking out, but most of the more popular non-financial services support two-factor authentication. It’s embarrassing how little US banks care about their customers, as only Bank of America supports big-boy hardware security keys, and even purportedly first-to-the-internet banks such as Ally, SoFi and Capital One are firmly stuck in the 2002 vision. . Internet. The best you can count on is SMS-based verification, which is quite a bad idea considering how little security the carriers have.


As far as I know, like banks, carriers don’t really care about you – just look at the constant stream of intrusions and the basic failure to meet even elementary security standards. We are all only a source of income in exchange for overly expensive data placed in the columns of the quarterly financial report. Carriers can and will hand over your number to anyone who is smart to call, Google your name and try it without even convincing an imitation. Don’t trust them.

Metaphorically, your phone number is basically as secure as your wallet, and you can get robbed, stolen, and hacked. Just as you probably wouldn’t feel safe carrying thousands of dollars in cash all the time, don’t trust your phone number as your last line of safety with anything of great value, such as a valid online account.

A hardware 2FA security key is convenient – you don’t need to remember anything else, just like carrying a key in your home. If it is stolen, someone cannot magically get into your account. They also need your other credentials, and this serves as a final, hard-to-copy barrier. Even if your username and password fall into the hands of a malicious actor, they cannot get to it without a jangling key in their pocket.

Upcoming passwordless standards also mean that using a hardware security key can be: still more convenient than remembering and tapping a stupid, long password – just type in your username, insert the key, and you’re done. It won’t have to be changed every three or six months based on some nasty rules, it won’t be hacked or extorted, and you won’t have to juggle another password or deal with a password manager. It will be the epitome of comfort and equally safe in every way.

Seriously, buy a YubiKey

I said “Buy a YubiKey” beforehand, but I should point out that I don’t like Yubico any more than other 2FA hardware companies. Really, any newest hardware 2FA dongle is fine as long as it works well with FIDO2 and WebAuthN (for upcoming passwordless standards) and supports the ports you need. But YubiKeys are sold in more places, tend to release models supporting newer standards faster, offer a wider range of ports for device compatibility, their products are externally audited and are mostly black so won’t stain or show as much wear as they can lighter models. (They also have fun stickers to make your keys a little less boring – maybe dBrand should take care of that.)

Buy the YubiKey 5 Series

Starting at $ 45 from Yubico

I personally recommend the YubiKey 5C or the YubiKey 5C NFC, but you should choose based on the devices you use. If you have older computers something with USB Type A might be important, and if you have an iPhone you might need a YubiKey 5Ci with a Lightning connector. I also recommend that you stock up on at least two, leaving a backup at home in case you lose your keys. If money is limited, get the more entry-level Type-C model for $ 29 – it doesn’t support all the standards that the more expensive have, but will be fine for 99% of people.

Last year, I also checked the keychain, which was specially designed to fit the YubiKeys. Really no you have to buy it, but it’s nice, not too expensive, and fits very well with the YubiKeys along with its own standard size wrenches.

Buy Yubikey “Security Key Series”


From as low as $ 25

YubiKey is an easy choice, but you can just as easily get a different brand if a fancy color catches your attention or you just want to be a gentle opponent. Google, Feitan, Kensington, and many other companies make or resell models, and this is one area where you should avoid the no-name Amazon special. But this is my last piece of advice to you: Purchase a two-component hardware security key.

And goodbye to that

I have more shots and more advice (both good and bad), although from now on I will have to keep both to myself. “I pulled Dieter out,” and the next time you hear from me outside of my regular stream Cabin-related Twitter contentI will be both excited and terrified by my new excavation at OSOM. (As some of you may have noticed, that’s why I haven’t written about them for some time and it was a carefully and diligent decision on the part of Android Police.)

On my way to the door, I have the last few hot shots that I no longer have to come up with complicated arguments to defend. I make every blogger’s greatest fantasy come true: getting the first and the last word in.

  • The Essential PH-1 in Ocean Depths is the most beautiful single smartphone ever made and nothing else is coming, sorry.
  • Embroidery on Android phones will always have a lower quality cap than on iPhone until Google makes a concerted effort to make haptics a larger and more detailed part of Android itself. There’s a whole world of touch textures and variety out there and we just get the basic shake.
  • Android wasn’t good until 4.0 / ICS.
  • Samsung isn’t enough to maintain the Android tablet ecosystem or even Android 12L, Google hasn’t done enough to encourage software development (via tablet stacking apps) or hardware. Folders are the last hope, and if they don’t take off, Android’s dreams on the big screen will be spoiled.
  • Paper boxes, recycled aluminum and plastic in phones, and not having the charger in the box is not environmentally friendly; that’s greenwashing crap, as long as companies still set arbitrarily closed days of death for updates. Saving a few grams of plastic or paper means almost nothing to the environment or the climate if you shit your phone in a few years and companies know it.
  • While macOS does countless stupid, bad and bad things, MacBooks are the only good laptops.
  • There is no such thing as “Android” or “Android”. These are Android phones, period.
  • If Apple really cared about customer privacy, it would adopt RCS, but only pay with word of mouth in a way that is detrimental to competition (such as “do not track”) to keep it looking good. Stop falling for it.
  • Consequently, there is no way to make privacy attractive without an existential crisis such as a massive burglary.
  • Bits are bits and bytes are bytes; Nest Aware Memory should just be part of Google One.
  • World requirements YouTube’s real competitor – Google basically has a monopoly. I am nominating Amazon / Twitch which can step in and fill this void fairly easily.
  • Camera hardware hardly matters now; software is much more important. You all need to stop getting frustrated that the phones come with “old” sensors – if anything, it means that the manufacturer has tweaked its processing to match them even better.
  • As such, the rise in popularity of computational photography as a route to nearly all of the recent gains in smartphone photo quality means the ‘Pro’ camera modes are an anachronism – you no you really want that level of control even if you think so. (But other ways of offering similar controls under this new paradigm may be useful, such as what Google does.)
  • Carriers are VoLTE and 5G certified as weapons that force manufacturers to do what they want (and incorporate dumb / expensive technologies like mmWave). Someone who is able to make a positive change must take control of the situation for the benefit of customers and market competition.
  • Google’s success with Android means it can’t understand the difference between platform and product (or, at the executive level, can’t make decisions that elude that combination) and this will continue to destroy Pixel, Nest, etc in subtle but meaningful way until the company receives it.
  • Accordingly, Google cannot “win” on Android: if it starts using GMS certification as a bigger stick and carrot for smartphone makers to stop making bad and stupid changes (as it should), it will face increased regulatory scrutiny as more the guard on the platform (which is the problem). But Google already creating so many integral parts of the platform as proprietary and part of the Play Services that the argument of Android as an open platform is nonsense – it’s “Android” and then there is Google Android, and the latter is empirically all that matters in the market. Google should probably be broken down into smaller companies.
  • Where are the better 3rd party app store integrations for the Android platform you promised in 2020, Google?
  • AND WHERE is promised by Google for Gmail in 2018 Inbox-style bundling ?!



So much for Android Police’s Ryne Hager, although you may see a few of my stories land in the coming weeks as drafts of other items go through the editing process.

It’s been five years and I’m going to miss promoting your indecency, shit on all the things you love, writing hot love letters to my wife with Android and endless shilling for Google. Is it Samsung? Maybe it’s OnePlus today. You have to tell me.

But trust me on YubiKey

Leave a Reply