I hope to use the blog a bit more to document not only travel but practical issues and data. Unfortunately, most of the practical data I deal with would be categorized as nerd stuff.

First off, I want to explain the issue that will dominate the coming years when it comes to internet technology: Security and Encryption.

Security is an issue that is only lightly understood by most. Our bank has a username and password, Paypal has another password, Gmail or Yahoo has another password. We store these passwords on sticky notes on our monitor, have Internet Explorer remember them or use a password manager. Keepass is the best (open source) password manager.

Unless you use a password manager, your passwords are usually in this form; “GoReds!” or “1983Win!”. All of these passwords can be cracked easily using new methods that are advancing quickly. The only password you should use for anything (even hotmail or yahoo) should be alpha numeric and longer than 16. Example: “k43uLK823JHjkasdFFf2fas43″. I probably just irritated you but it is true. Any “easy to remember” password can be cracked easily.

So, let’s just say that you want to secure your back account, investment account or Gmail with a gnarly password. How can you do this, without having to write it down for anyone that can read a sticky note to learn. As stated, I use Keepass but I wanted to show you another method.

Yubikey is a product that was made by Yubico. They are currently on version two of the device and the prices have come down enough to justify getting one. I sent Art B one so he can test it in parallel with me.

Here is the device:

It is quite small, extremely durable and looks similar to the new minimalist USB drives.

Here is a great article if you want to learn more about it’s practical nature. “ReadWriteWeb”

I am going to focus on the questions that I had to find answers for.

• How much does it cost? $15-25
• Where can I read a simple “What is this doc”? Here
• Is the unit water proof? Yes
• Where can I find the config utility? Here
• How can I use the static password option without messing up the OTP? Here
• Where is the instructions? Here (not the best documentation I have read)
• Are there real world services I can use this with now? Yes
• What is a static password? Wikipedia
• What is an OTP(one time password)? Wikipedia

More and more services using offering OTP authentication services. Google, OpenID, osCommerce, MediaWiki and Salesforce are just a few who currently use Yubikey. Below is a quick video on how to use Google with your Yubikey.

How will I use my Yubikey?

I will start with the static password config and as I get confidence in the product/concept move toward Google Apps.

One issue that I have yet to resolve is the reduncancy variable. What if I loose my OTP token?

Let me know if you find value in the “nerd stuff” or only want to read travel stuff.

Christopher