Not all MFA is created equal: YubiKey delivers phishing-resistant authentication

1:40 What stops the attacker from asking me to touch my security key through their fake website?

teegeevee

*This Yubico video is a disgrace and very disappointing:* The video is professionally made, but: It is very embarrassing that Yubico forgot to explain the core of why YubKey are phishing-resistant.
*The video is a shame because Yubico hopes that users will trust that the claim is already true.* But Yubico should know that they work in the context of IT security, where trust is the worst starting point: you have to understand why you choose which system.

tomschi

YUBICO products might be good, but the entire infrastructure of the tools, databases, and most of all documentation is a one big mess. Information is inconsistent, unclear (for new users), there a crucial piecess missing. Pages are scaterred all over the place, lots of places where documents are not up to date. Video tutorial are perhaps good for advanced users, but not for beginners. I am not talking about beginer computer users, but Yubikey beginers. I am in IT for 45 years and already wasted a week trying to grasp the concept how to deal with those keys. It is not the concept of how certain security procedures and protocols work and what they are but how to use Yubico tools, pages and other crap which is like one big basket mixed with trash and goodies.
If I was able to do programing, advanced networking and hadrware troubleshooting for 40+ years I am probably not so dumb, but still stuggling with the multiple aspects of using those keys. Simply because after week of research I have no found one place where all pieces are explained in a way that average user would understand.
So called Support Pages are hard to find (without using Google search) and many of them are not helpful or outdated. I was already twice ready to return those keys for a refund, simply because I am wasting way to much time for something which supposed to be much simpler. There are tons of advertisers (earning commission) who claim that using YUBIKEY is simple but if I struggle with it then most of my friends which have very basic computer knowledge woud simply be completely turned off by this product.

YUBIKEY might be the most advanced key on the market but certainly the whole information, support and documentation infrastructure SUCKS !
The language used on many pages is very confusing and lack of basic explanation of terms (on the page) makes it hard to use. There are (as AFAIK) two tools for key configuration (on Windows)! Personalizxation Tooll ? I discovered this accidently while searching for answers (and for a week was not even aware of it). Simple things are hidden and missmanaged.
On top of that when we face the fact that there is no information in any other language than English, I can say this product is only for advanced computer users, NOT FOR AN AVERAGE CONSUMENR who will very quickly get lost in the Yubico mess.

Bottom line is that this product seems to be really good but entire Product and Information (website, tools, support) management really, really sucks !

I suggest to study the information and documentation first, if you plan to purchase Yubikey. See if you can understand what they talking about and how friendly is the entire process (?), Do not let the RESELLER HYPE missguide you, that it is super easy process, unless you want to use the key simply to store one or two passwords and that's all. The security industry is complex, but YUBICO certainly does not make it easy to understand. Be prepared to spend lots of time until you are ready to use full potential of this product.
HTH!

sadarahurh