YubiKey was chosen because it's a small, low cost, and a durable USB hardware device with open source customization support for Windows, Mac, and Linux. Many companies and governments, including Google and the US Department of Defense, use YubiKey as an industry security standard for 2nd layer verification. Yubico hardware engineering and manufacturing is only conducted in the USA and Sweden to prevent device cloning and to mitigate the risk of exposure of its confidential design. In addition to using YubiKey with your DreamHost panel, it can also be used for securing access to a wide range of applications. For example:
- Remote access
- Password managers
- Computer login
- CMS and popular online services
Most third party support for Google Authenticator is also supported for YubiKey. YubiKey is the affordable, hardware-based alternative to having a mobile phone/tablet with an Internet connection. For example, YubiKey would be useful for remote locations where cellular service/Internet is not available (network admins in a basement, government employees, etc). As of 2015, YubiKey has a few product versions:
- Standard model (estimated price $25)
- Small usb form factor (Model: Nano $40)
- NFC wireless technology (Model: Neo $50)
All these products can be purchased at the Yubico store.
Getting a YubiKey
If you choose to use a YubiKey to secure your DreamHost account, you'll need to get the hardware first. Click here to purchase a YubiKey.
You'll need to make sure your YubiKey is configured to use "Yubico OTP". It should come preconfigured this way, but if you need to set it up yourself download the Cross-Platform Personalization Tool to re-program it.
- Plug in your YubiKey, and then open up the personalization tool.
- Click on Yubico OTP in the upper left corner.
- Click on Quick.
- You should see something like the following:
- Select the 'Configuration Slot 1' radio button.
- Click the Write Configuration button to give your YubiKey the new configuration.
- Click the Upload to Yubico button to tell Yubico's verification servers about your key's new configuration.
Enabling MFA in the panel with YubiKey
- Navigate to the (Panel > ‘Billing & Account’ > ‘Security’) page.
- The Multifactor Authentication section appears in the second section on the page:
- Enter the following:
- Current Password: Enter your DreamHost account password.
- Multifactor Authentication Type: Click the dropdown menu to choose YubiKey.
- Click the Get Started button.
- You won't see any QR code or secret key. There is only a field to enter a passcode:
- Plug in your YubiKey, and then touch the disk. It should type 44 letters in the "Passcode" field.
- Click the Activate! button and DreamHost’s server will be synced to your device.
- You will see the following ‘Success!’ confirmation box appear: