For many months I’ve been using a Yubikey as a staple of my cyber security plan.  It makes me exponentially more secure and at the same time makes it easier for me to stay secure.  The only part of it that isn’t drop-dead simple is the configuration, though even that isn’t very difficult.  I’m going to show you step by step how to configure your Yubikey to get the most out of it and set yourself up for success.

In order to configure your Yubikey, you’re going to need the personalization software.  This utility is available for Windows, Intel-based Mac OS X and Linux so you’re good to go no matter what you use.  Once you download it, follow the instructions to install or run it on your machine.  For this example we’ll be using the Windows version of the utility, running on Windows Vista.

You’ll see areas of the screenshots that are blurred, where there is information that is personally identifiable and possibly still valid.  Anywhere you see information in plain text, that information is invalid so there is no risk in sharing it.

Once you have it installed, run the software.  You will be greeted with a screen like this.
Note: if you’re using a newer version of the software, your interface may differ. At the time of this writing, the latest version is 3.0.1.

This is the main screen, which gives you an overview of your Yubikey and the options for configuring it.

Yubikey offers two memory slots, meaning you can have two different configurations stored in the device. For this example we’re going to have the following setup:

• Memory 1: Yubico-authenticated One Time Password (this is used with services like LastPass)
• Memory 2: Static Yubikey password (traditional password – always the same)

This is going to give us the most use from our Yubikey, since you can use the static password anywhere One Time Password isn’t supported (logging into Windows, securing a TrueCrypt volume, etc.).

One Time Password

Let’s get started with Memory 1, the One Time Password configuration. On the main screen, click “Yubico OTP Mode” to get started.

On the next page, click the “Quick” button.

This greatly simplifies setting up the Yubikey, and handles all the configuration options required for the One Time Password system. It also allows you to upload your Yubikey’s credentials directly to the Yubico servers, which is required for using the Yubikey to authenticate with services like Lastpass. The Quick configuration screen looks like this:

Everything you need for OTP to be configured is shown, and all the values are randomly generated and pre-filled by the software.  All you have to do is choose the memory slot you want to use, which for this example (and I’d recommend for your use as well) will be Configuration Slot 1.  Once your screen looks the the image above, click “Write Configuration” and click yes at the prompt.

The software will now write the values we’ve just generated to the first memory slot in your Yubikey.  When it’s successfully written the information, your screen will look like this:

Now that we’ve programmed the Yubikey for One Time Password authentication, we need to provide the unique credentials to the Yubico servers.  In order to the One Time Password system to work, a service using OTP to authenticate you must be able to verify that the one time string they’re being given is valid for the device giving it to them.  They do this by sending it to the Yubico servers and asking if it’s valid.  So, we need to provide our data to Yubico so they can verify those OTP strings.  To do this, click on the “Upload to Yubico” button.

This will launch your browser and take you to a page that’s pre-filled with all the data from the Yubikey.

You’ll need to fill in any fields that weren’t provided by the configuration software, such as your email address and the CAPTCHA at the bottom.  Once every field (including the CAPTCHA) except for the “OTP from the YubiKey” field is filled in, place your cursor in that remaining field and place your finger on the gold button on your Yubikey for 1-2 seconds.  This will generate a one time password string, enter it into that field, and send the Enter key command to submit the form.

It may take a couple of seconds for the data to upload since the server needs to verify that all the provided data checks out.  Once this is complete and the data has successfully been saved to the server, you’ll see the following page.

The page verifies all the data that was saved to the server, and shows the OTP string that was provided.  Since each string is only valid once (hence the name “One Time Password”) that string is already invalid by the time you come to this page.  It will never, ever be used again.  You will want to validate that the Yubikey can successfully authenticate with the Yubico servers, so click the green link labeled “online test service” on that page, which will take you to a page with a Yubikey OTP form field.

To test your Yubikey, simply place your cursor in the box and tap the button on your Yubikey for 1-2 seconds.  Just like when we were uploading the credentials a moment ago, the device will generate a string of OTP and send the Enter key command.

Remember, it can take 15-20 minutes for the uploaded key to spread to all the servers, so you may not be able to test at first.  If your authentication fails, you’ll see this page:

If this happens, just try again in a few minutes.  Eventually you should see a page like this:

Once you see this, you’re all set with configuring your Yubikey for OTP.  You can start using it with any service that supports it.

Static Password

Not all authentication systems support One Time Password.  For example, Windows and Mac OS user accounts don’t support One Time Password, so you have to use a traditional static (unchanging) password.  Luckily the Yubikey has a second memory slot which we can use for exactly that.  This is a much simpler configuration process since it doesn’t require uploading the code to any servers.

In the Yubikey configuration software, click “Static Password” along the top, and then click the “Advanced” button.

This is going to allow us go make sure all the parameters of our static password are how we want them, which I’ll walk you through.  The page you’re taken to looks like this (though in this picture I’ve already set everything up):

Notice the settings I’ve chosen in the image above.  Starting from the top, I’ve set the Configuration Slot to Configuration Slot 2.  This is crucial, as we don’t want to overwrite our OTP configuration that we just set up.  In the “Program Multiple Yubikeys” section we’re going to leave this turned off, since we’re just configuring one Yubikey.  I have no experience using this tool to program multiple Yubikeys at once, so I’m not going to attempt to walk you through that if that’s what you’re trying to do – we’re just going to focus on programming a single Yubikey.

In the “Configuration Protection” area, I’ve turned on protection.  This is a safeguard against somebody (including you) either accidentally or intentionally erasing or overwriting your static password.  This is done with  a 6 byte hex code in an effort to prevent the use of insecure, easy-to-guess passwords.  You can get a hex code by going to Gibson Research Corporation’s Perfect Passwords page, and copying the first 12 characters from the “64 random hexadecimal characters” field (that’s where I got the one shown above).  Just paste in the field shown, and the software will automatically format it properly.  You also need to store this 12 character code somewhere safe, in case you never need to reprogram your static password.

The Password Parameters section is the important part: this is how we determine what the password will be.  The length defaults to 32 characters, which is fine so we won’t change that.  The Public Identity field doesn’t apply to this process, so it’s grayed out.  Private Identity and Secret Key are the parts that really matter, but those fields need to be generate.  Simply press the “Generate” button next to each one and a random string of characters will appear in each.  This string changes every time you press the “Generate” button.  You’ll also want to check the boxes for “Upper and lower case” and “Alphanumeric” to make the password stronger, and to ensure compatibility with systems that support limited character sets.  If you plan to have multiple Yubikeys with the same static password (keeping a backup, sharing it with your spouse, etc.) you can do so by replicating the settings in this section.  Copy the Private Identity and Secret Key and make note of the length and which boxes were checked.  You can then paste the strings and replicate the other settings, and the password that results will be the same.  In fact, it’s smart to keep this information somewhere safe even if you only have one Yubikey in case you lose or break your Yubikey and have to create your static password on a replacement.  Just be sure to keep this information somewhere secure, since somebody could replicate your password if they got their hands on it.

Once your screen looks like the one shown, click “Write Configuration” and wait for the message saying it’s been successful.

You’ll want to test it to verify that it’s working.  Open a text editor such as Notepad, and hold your finger on the Yubikey button for 3-4 seconds.  When you release it, the static password will be “typed” into the editor, and an Enter key command will be sent at the end.

Your Yubikey is now fully configured.  To use the static password, copy it from the text editor and paste it where you’re prompted to set a password.  I would recommend using it in combination with a short password string that you’ve memorized.  Make sure you place the memorized password ahead of the Yubikey static password, since the Yubikey presses Enter as soon as it’s put in the static password.  By doing it this way, you effectively create a multi-factor authentication system in a simple password field: one part from something you know, and the other part from something you have.  This makes it easy to remember your password, while still giving it superb stength by adding the 32 character random string from the Yubikey.

How To Use It

Because there are two separate configurations stored inside the Yubikey, there are two separate ways to trigger the Yubikey.  Here’s how it breaks down.

• Generate OTP string: place your finger on the Yubikey button for 1-2 seconds.
• Enter static password: place your finger on the Yubikey button for 3-4 seconds.  Don’t hold the button for longer than 4 seconds or else it won’t do anything.  If that happens, just try it again.

With this setup you’ll be able to have top-notch authentication security in any situation.  Use the One Time Password component wherever it’s supported, and use the static password combined with a memorized password everywhere else.

For years I’ve been using the same link structure on every WordPress site I operate: example.com/year/month/day/post-title.  I opted for this method because I liked that it gave time context to the content right inside the URL.  Plus, my links looked fancier & more impressive!  Recently I’ve decided I don’t like this so much anymore, mainly for one reason: it’s not easy to tell somebody a link like that in conversation.  Since doing more audio & video content where I can’t simply post a text link for people to click on, I’ve decided that big, complicated links are a pain.  This is partially solved by link shorteners, but these aren’t good for conversation either.  If, for example, I wanted to tell somebody about my post on Lastpass it would be awkward to say “go to C-N-V-R dot C-C slash lastpassreview” since they won’t remember it & it sounds like a pain to do.  Instead, if I could just say “go to C Conover dot com slash lastpassreview” they’ll be more likely to do it.  So I decided to change my WordPress settings to enable this method.

There’s just one problem: I’ve been using the old system for years, and those links are all over the place.  I don’t want them to break & people to get “Page not found” errors all day long, I want them to be routed to what they are interested in seeing.  Luckily that’s easily accomplished no matter how much you want to change.

Global Redirects

The first thing to do is install a plugin called Dean’s Permalinks Migration.  This plugin is incredibly simple to set up, but very powerful.  All you do is provide to it the old permalink structure (the one you’re phasing out) which is simply the syntax code in the box on the “Permalinks” settings page in your WordPress installation.  Once you’ve saved that, the plugin will look for any request to your site using the old link structure.  If it gets one, it redirects it to that same location under the new permalink structure.  If the requested page doesn’t exist (or at least not at that slug) then the user will still get a 404 error, but otherwise it will work immediately across the whole site.

Of course, the most important part of this is actually deciding on what you want the new permalink structure to be.  The Permalinks Migration plugin only supports one entry for the old permalink structure, so you only want to change it once.  Hopefully the plugin developer will add support for multiple entries, but for now be sure you’ve chosen the structure you really want.

The way this plugin handles redirects is important.  Any time somebody goes to a page at the old location, Permalinks Migration returns a 301 code with the redirect command.  ”Christiaan, what’s a 301 code & why do I care?”  Good question, I have an answer.  See your visitors won’t really care or notice, they’ll simply click or type a page they want, and after a moment they’ll get there.  Search engines will notice and care, because a 301 code indicated to a search engine that it’s a permanent redirect.  When a search engine is told that, it makes a note to update this page in its listings to reflect the new location to which it’s being redirected.  It may take a while for this change to show up in Google results & the like, but after a while you’ll see the new URLs showing up in search results.

Special Case Pages

Of course, not all pages will end up staying in the same place.  You may decide you want to change a page’s URL to make it simpler, more descriptive, or just because you think it looks better.  I actually did this with all the show episodes on Wheelspin Network, to make it easier to quickly pull up an episode.  Before I was using the structure I mentioned at the top of this post, but I’ve switched to just the show abbreviation & episode number.  For example, the link to episode 40 of RoundelTable used to be: wheelspin.tv/2011/02/01/roundeltable-40-bill-auberlens-daily-driver-has-3200-horsepower/ instead, it now reads: wheelspin.tv/rt40.

Doing it that way makes it much easier for someone to quickly pull up an episode if I reference it during a show, and it looks a lot cleaner.  However, since the location of the page itself has changed the Permalinks Migration plugin won’t be sufficient to get a user from the old location to the new one.  For this situation, we need to create a custom redirect.  That’s where the plugin Quick Page/Post Redirect comes in.

This plugin does the same basic thing as Permalinks Migration, but on a page-by-page basis.  All you have to do is go to the plugin’s Settings page, and in a blank line enter the location the user requests on the left, and the location to redirect them to on the right.  It’s that simple.

As a side note you’re not limited to redirecting to pages just on your site, but to any URL you want.  You can see in the picture above that I have some links going to completely different places, but I can still give people a link through my domain to get there.  Very handy.

This is obviously the more time-consuming stage of the process, but it’s just as critical to a successful migration.  The best way to ensure you don’t miss any custom redirects is to add one to the list every time you change a page’s location.  That way you don’t forget about any & end up sending users to a dead end.

You’re All Set!

Properly configuring these two plugins should ensure a totally seamless transition to your new permalink structure.  I personally would like to see WordPress support some sort of page tracking & redirect for permalink modification by default, but in lieu of that the solution I’ve outlined works like a champ.

Do you have a different solution for doing this?  Let me know in the comments, I’d love to have some additional ways in my toolbox.

The file is a complete PHP.INI file with all the configuration options you’d find in a full PHP installation. I’ve changed a few key settings that I found most important, such as max upload size and post size, allowing for high resolution photos to be uploaded.

If you have questions or suggestions about other ways to customize this file further, please leave a comment on this post. Thanks.

GoDaddy PHP.INI

First, let’s write the HTML code we’ll need for this:

<html>
<head>
<title>Button Navigation</title>
</head>
<body>
<div id="menu">
<ul>
<li><a href="#">Example 1</a></li>
<li><a href="#">Example 2</a></li>
<li><a href="#">Example 3</a></li>
</ul>
</div>
</body>
</html>

Now that we have our HTML, let’s go to our CSS document and make those links look button-like:

#menu ul {
margin: 0px;
padding: 0px;
padding-top: 5px;
list-style: none;
}

#menu li {
display: inline;
}

#menu a:link, #menu a:visited {
margin-right: 2px;
padding: 3px 10px 2px 10px;
color: #000000;
background-color: #CCCCCC;
text-decoration: none;
border-top: 1px solid #FFFFFF;
border-left: 1px solid #FFFFFF;
border-bottom: 1px solid #717171;
border-right: 1px solid #717171;
}

#menu a:active {
border-top: 1px solid #717171;
border-left: 1px solid #717171;
border-bottom: 1px solid #FFFFFF;
border-right: 1px solid #FFFFFF;
}

This will give your link the appearace of a button on the page, and will make it appear that it is being pushed when you click on it.

Click Here to see this example in action.