It happened a few days ago.

I was at the grocery store when I got the text:

COINBASE: We detected a login from Salt Lake City, Utah. If this is not you, please reply with “N” to lock your assets.

Uh-oh.

NOBODY wants to see that. Years ago, I might’ve freaked out.

But then something came over me.

I shrugged, stuck my phone back in my pocket, and continued rifling through the produce section, hunting for gems.

I found the freshest mint I’ve ever smelled in my life. I might’ve even smiled.

My Grocery List

Years ago, I might’ve gotten scared and replied to the text…

You know, just in case.

That probably would’ve gotten me on the phone with a nice “Coinbase customer service rep” who would’ve been incredibly helpful and empathetic to my situation.

The rep would’ve stressed the urgency of the situation and the importance of immediate action.

Although I hope I would’ve caught on that this was in fact a hacker, I might have gone so far as to give this “Coinbase rep” information he could use against me.

Fast-forward to now: You know what I did instead?

Instead, I carefully assembled one avocado, one red potato, two sweet potatoes, a head of broccoli, asparagus, and some sprigs of herbs.

In other words: I went on with my life and didn’t worry about it.

I was so confident that nobody had breached my account, I didn’t check it until hours later.

Foolhardy? Maybe. But I was right.

You Need Yubikeys

While this tutorial will help protect your crypto, this is MUCH bigger than crypto.

With the increasing number of data breaches and cyber attacks, the only solution is to take proactive measures to protect all of your online accounts. 

One of the most effective ways is by using a YubiKey, a physical security key that provides strong two-factor authentication (2FA).

In this quick masterclass, we'll dive into the importance of YubiKeys, best practices for using them, how they work, how to choose the right keys, how many keys you need, and how to set them up and use them effectively.

Why YubiKeys are Important

I can’t stress it enough:

YubiKeys are CRUCIAL tools for safeguarding your online accounts from potential threats.

These small, durable, and easy-to-use devices provide an additional layer of security beyond your username and password.

By requiring a physical key to be present during the login process, YubiKeys significantly reduce the risk of unauthorized access to your accounts, even if your password is compromised.

This pushes your security protocol to the edge -- your device. Hacking you remotely becomes very difficult. A hacker or thief would need to have physical access to both your device AND your keys.

In essence, your threat surface area shrinks from the whole world to your local radius.

Hackers look for low-hanging fruit. Especially if they somehow learn that you own crypto or have a crypto exchange account.

Transcend the Valley of Low-Hanging Fruit

By setting up Yubikeys, you transcend the valley of low-hanging fruit -- and 99 times out of 100 won’t be worth a hacker’s time and effort.

That’s why…

Whether you're securing important financial accounts, work-related platforms, or just locking down your social media profiles, YubiKeys should be considered a baseline security standard.

Compared to other 2FA methods like SMS-based verification (the WEAKEST LINK) or authenticator apps, physical security keys like YubiKeys offer the strongest level of protection available.

Best Practices

To get the most out of your YubiKeys, it's important to follow some best practices. (Don’t worry. We’ll go into how you set them up in a moment.)

First and foremost, enable YubiKey 2FA on all your critical online accounts that support it. This includes password manager, email, Coinbase account, banking, social media, and any other platforms that contain sensitive information.

To ensure you always have access to your accounts, even if you lose your primary key, it's crucial to create backups.

Get at least two YubiKeys for yourself and store one in a safe secondary location.

How YubiKeys Work

One of the best things about YubiKeys is they are ready to use right out of the box, with no complicated setup required.

To use a YubiKey, simply plug it into your device's port (which port will depend on which keys you purchased: more on that below) and tap the button or squeeze the sides, depending on the model.

This action sends a one-time code to the online service you're trying to access, authenticating you after you've entered your password.

Some newer YubiKey models also support NFC (Near Field Communication), allowing you to tap the key on your phone or tablet to authenticate wirelessly.

In most cases, you'll only need to use your YubiKey when accessing an account from a new device, rather than every single time you log in.

Choosing the Right Keys

When choosing your keys, consider the ports available on your devices. For example, if your laptop only has USB-C ports, make sure to get a YubiKey with a USB-C connector.

Keep in mind that YubiKeys cost between $30 and $80 each, so budget accordingly, especially if you plan on getting backup keys.

I recommend keys from the YubiKey 5 Series.

These keys offer a range of connectivity options, including USB-A, USB-C, and NFC, ensuring compatibility with a wide variety of devices.

How Many Keys You Need

At a minimum, you should get two YubiKeys – one primary key and one backup. This ensures that you have a failsafe in case you lose or damage your primary key.

However, for optimal security, consider getting a total of two to four keys.

This allows you to have a primary and backup key for yourself, as well as a pair of keys for your spouse or partner as an extra backup.

When setting up your keys, program your spouse or partner's keys for your accounts and vice versa. This way, you can help each other regain access to accounts if needed.

Setup and Usage

Setting up and using your YubiKeys is a straightforward process.

Start by getting your keys, then follow these steps:

1. In the security settings of your online accounts, look for the 2FA or Two-Step Verification options.

2. Choose to add a Security Key and follow the prompts to name your key.

3. Repeat the process for your backup keys and your partner's keys.

For specific accounts, Yubico has a series of super helpful instructional videos:

Secure your Coinbase account with a YubiKey

How to setup your YubiKey Bio on Windows

How to setup your YubiKey Bio on Chrome

Protecting Apple iCloud with YubiKeys

For accounts that don't support security keys directly, you can use the YubiKey Authenticator app. This app stores 2FA codes on the YubiKey itself, allowing you to use it with any account that supports 2FA.

Here’s the tutorial for that: How to set up your YubiKey Bio with Yubico Authenticator for Desktop

Once your keys are set up, keep your primary key with you and store your backups in a safe place.

Whenever you're prompted to authenticate on a new device, simply plug in your key and tap the button to verify your identity.

As an advanced use case, you can also use your YubiKey to lock your computer itself for ultra-secure machines.

This is particularly useful for computers that store highly sensitive data or are used for critical tasks like managing cryptocurrency.

BUT be cautious when setting this up, as you risk locking yourself out of your own computer if not done properly.

IMHO, Yubikeys Are Not Optional

YubiKeys are a powerful tool for enhancing your online security and protecting your accounts from unauthorized access.

By following the best practices outlined here and making YubiKeys a central part of your online security strategy, you can significantly reduce the risk of falling victim to hackers, cyber attacks, and data breaches.