Securing your Accounts with Yubikeys, Proton, Bitwarden, and other 2FA methods...
Part One:
Intro...
As many of you have heard, the phrase "If the service is free, then your product." I agree with that statement, so with that in mind, this guide will recommend services with a monetary cost (I will include the current price for each.)
The one (and backup) key to rule them all...
A security key is currently the best way to keep your account from unauthorized access. Many recent security breaches in the news could have been prevented with a key such as a Yubikey. So let's not risk it for what we care about. The first step might cost anywhere from $50 to $100, depending on the features you would like. Yubico will help us with a nice set of hardware keys. Complete their quiz to find the best key model at Yubikey Quiz. Remember, order two. Once you have received your two keys and set them up, per the included instructions from Yubico, come back to continue.
Creating the master password...
Before we do anything, we must create our master password. The trick is making a longer password than a password with multiple numbers or special characters.
With this in mind, we will create a sentence or phrase to remember. Multiple sites would generate a phrase or sentence, but we will make our own. We will search for random word generators that let us create more than one at a time. Word Counter will help us with that.
We will have the site generate seven words and have it choose from "Words (All)" and then "Generate Random Words," as shown below.
Here we see the following words: `mist chemical passenger violate secretive sneeze
Let's think about this...
How about, The chemical mist sneeze violated the passenger!
Once you have yours, make sure to write it down. You now have your master pass sentence!
Next Steps... Bitwarden...
With our master sentence written down on paper, we will proceed to Bitwarden. We will be securing our account with our Yubikey, so once you complete your signup process, you will need to proceed to Bitwarden Web Vault and purchase a subscription which is $10 annually.
After going to "Get Started," we will put that master sentence to good use.
After reviewing the TOS and PP, input your information and your shiny new master sentence.
Now proceed to Bitwarden Web Vault and purchase a subscription.
After the subscription is purchased, we will go to "Account Settings" then Security on the left-hand side of the screen and locate "Yubico" under "Providers," and click "Manage".
After verifying our password, we will add both Yubikeys to our account.
Once completed, we can download the application and extensions here, Bitwarden Download Page. You can use both, but the steps lined out in this post will assume you are using the extension. Once downloaded, sign in.
Proton...
Next, proceed to Proton.
Once we click on the "Create a free account," we will put Bitwarden to work.
Once on the page, find your Bitwarden extension, click on the icon, then the "+" on the top right. Then we will see "Username" and click on the refresh icon beside it.
We will toggle "Random word" and hit the refresh icon until it gives us a username we would like to use. How about, Sulphate4627? Click on "Select" on the top right when selected.
Now we will locate the "Password" field and select the refresh icon again.
We will choose a "24" length "Password" and click on the refresh icon. Once the password has been generated, go to select. Afterward, select "Save" at the top right.
Now we will click on the new entry and watch it autofill :)
Intro to 2FA ...
2FA stands for two-factor authentication, a way for us to use something you know (password, your master sentence anyways, lol ;) )and something you have (yubikey or the 2FA code).
The first account we will secure will be our Proton account.
Let us go to our Proton Account settings and find "Account and password," once there, look for the "Security Key" toggle. Just flip the switch and add your two keys.
While some accounts will let you add a security key as a 2FA method, many will not, but most have software that can generate a six-digit code every 30 seconds. You might have heard of applications such as "Google Authenticator." We can also use Bitwarden to generate the said codes.
When you go to a new site, and they offer you a QR code to scan, look for the manual enter option listed. The service will now provide a series of random characters. We will copy that code, go to our Bitwarden extension, and select the account, followed by "Edit" at the top right.
And paste the code in the "Authenticator ley (TOTP)" field, then click save.
Then copy and paste the code it generates. After you input the code into the site, they will provide a "backup or recovery" code(s). Next, we will go back to Bitwarden and edit this account again. We will scroll toward the bottom and find "Custom Field."
Label the field and input the codes provided, then hit save.
2FA Setup for other accounts
Check if the service you use can add two-factor authentication. For example, you can visit a site like https://2fa.directory/us/ to confirm if 2FA is available and what methods the service offers.
Once you add your keys and/or TOTP 2FA security, you will need to export your Bitwarden vault and back up Yubikey in a safe location. I recommend exporting your vault on an SD card and a printed copy in a safe location.
Coming up...
Next, we will add Simplelogin to the mix!
Extra
This guide is meant to help the next guy! I want to thank the following people for inspiration.