Saturday, September 18, 2021

Argon ONE Case - Upgrading Original to V2

Disclosure of Material Connection: I received the Argon ONE V2 product for free. I was not required to write a review. I am disclosing this in accordance with the Federal Trade Commission's requirements.

I recently upgraded from an Argon ONE (original) to the Argon ONE V2.  A wrote a separate article (link at the end of this one) sharing my thoughts about the case, and the upgrade, in this article I am just sharing some pics and thoughts of moving my Pi 4 from the old to new case.

I set everything out ( the old case, new case and a few tools) and got started.

Left: Original
Right: V2 still in box

Top: V2 (without Pi)
Bottom: Original (with Pi)

As you can see above, the cases are very similar.  The main physical difference is the HDMI port size (the V2 has full-size ports) and the power button moved.  Other than that, everything else looks the same on the outside.

Pi 4 in the original Argon ONE case

Someone of the material from the silicon thermal pad.

The silicon thermal pad from one chip and a little bit of
another the other chip stayed on the heat sink side

Once the Pi 4 was removed from the original Argon ONE case, I had to clean up some of the old silicon thermal pad material.  It didn't stick to anything really, not like glue, so it was just a matter of carefully taking it off and cleaning up the area.  Make sure no small pieces fall off, you probably don't want little pieces causing problems.

Video/Audio PCB Extender - From original case

Video/Audio PCB Extender - From V2 case

Pi4, both cases, and a few other other items
Left Top/Bottom: Argon ONE (original)
Right Top/bottom: Argon ONE case (V2)

The original case has a  power mode jumper, but no IR items.

The V2 has a power mode jumper and IR IN.

Both the boards have a jumper so you can set the power mode.  I kept mine in the default setting (where you have to hit the power button to turn it on), but I believe the "always on" option is best if you plan to use your Pi 4 as a server or network device and you want to ensure it turns on after a power outage.

I didn't follow directions, but it worked.

The directions have you place both silicon thermal pads on the case/heatsink side, but I decided to place them directly on the chip.  Also both pads are the same size, but I cut a little material off one to match the chip it was going on.  I really wanted to make sure the pads lined up directly over the chip, but this is probably just a situation where I was over thinking things.

I finished putting everything together, put the MicroSD card back in and had my Pi 4 back up and running with no problem.

If you haven't seen my review of the case, go check it out:

Argon ONE V2 Case Review

Disclosure of Material Connection: I received the Argon ONE V2 product for free. I was not required to write a review. I am disclosing this in accordance with the Federal Trade Commission's requirements.

Before I get into sharing my thoughts on the Argon ONE V2, I think it is important to give my thoughts on the original Argon ONE.

Back in September 2020, I purchased the original Argon ONE case for my Raspberry Pi 4.  I really wasn't doing much hardware tinkering with my Raspberry Pi 4 ( I had other things like Arduino boards for that ) so most of what I was doing on the Pi was related to trying out different software.  Of course my Rasperry Pi 4 had a case, but I think it was just a generic plastic one.  I started to research various options to add a fan to my Pi 4, and I ended up settling on the Argon ONE case.  Not only did it give me a fan, but it gave me a nice case and a power button - all for a reasonable cost.

I have used the case for a year, I wanted to share my thoughts on the original Argon ONE case:
  • It has a power button.  I know this seems simple, but I really got tired of having to plug and unplug the power from my Pi 4.  I even started looking at options like a USB-C cable with on/off switch, or a way to control the power to the actual A/C power adapter.  If you keep your Pi 4 on the time this is less of an issue, but if you turn it on/off often you will know how annoying it is.  The fact your OS can likely interact with the button makes it even nicer, since you can safely power it off.
  • It has a fan, which can be controlled using software.  Ultimately the case itself does a pretty good job of doing passive cooling, but having a fan was a good "future proofing" if I ever ran projects that would need it.
  • All the ports are on the back of the device, which just makes it easier to connect wires if you move it around often and gives it a very clean look on your desk or if you plan to use it near your TV for entertainment.
  • MicroSD slot is accessible from the front, making it easy to swap memory cards (to run different operating systems for example) from the front of the unit.  Again, this is helpful if you have the Pi4 on your desk with the cables out the back and the front (with MicroSD slot) facing you.
  • GPIO pins are accessible on the top of the unit, in case you do projects that need them.  If you are not using them, a nice cover that attaches with magnets goes over the ports given the unit a nice clean look.
  • It has an internal jumper you can use to set it an "always on" mode so the Pi would turn on after a power outage, or you can leave the default setting that requires using the power button.
Overall, I was very happy with my purchase of the original Argon ONE case.  The Argon ONE case was upgraded to V2, which I think brings some nice improvements to the product.  Here are the key differences:
  • Full size HDMI ports instead of micro-HDMI.  The original Argon ONE case had micro-HDMI ports, which means I had to purchase cables with the right connectors since I didn't already own any.  Chances are, most people already have full size HDMI cables.
  • IR receiver.  While I don't have the official remote, from reading the product documentation it looks like you can use it to control power on/off and also control the interface on certain systems like LibreELEC.  If you plan to use your Pi4, the Argon ONE V2 with remote would be a great option to look into.
The vendor (Argon40) also has many other interesting products on their page including an Argon ONE M.2 Case ( or Argon ONE M.2 Expansion Board for an existing Argon ONE case ) that allows you to use a M.2 SATA SSD with your Argon ONE case.

I did another post with some pics I took when I moved the Pi 4 from the old to new case, so if you want to see some hardware pics or plan to upgrade your own original to V2 check it out:


Bottom line: The Argon ONE case was a great purchase, and the V2 upgrade just takes a great product and makes it even better.

Argon40 Products related to the Argon ONE

Argon ONE M.2 Expansion Board (for existing case)https://www.argon40.com/argon-one-m-2-expansion-board.html

Saturday, September 11, 2021

Yubikey - Using Yubico Authenticator

This post is focused on setting up your accounts to use Yubico Authenticator on a Yubikey.  If you are looking to add your Yubikey as a hardware token / security key, check out my other post ( https://bigboystoys13.blogspot.com/2021/09/yubikey-adding-security-key-to-your.html ).  If you don't have a Yubikey yet, you might want to check out this post instead ( https://bigboystoys13.blogspot.com/2021/09/yubikeys-quick-review.html ).

The Yubico Authenticator works similar to many other Authenticator apps like Google Authenticator, Microsoft Authenticator and many others offer.  A main difference with Yubico's option is that the information is stored on your Yubikey, not on your computer or other device.  Of course remember this also means if you lose your Yubikey you lose that authentication option so always make sure you have alternate / backup options.

Before you start setting up accounts

- Make a list of the accounts you want to setup.  It helps to keep track in case you lose your Yubikey or need to change your setup later.
- If you have more than one hardware token, have them all ready.
- Give each key a unique nickname, in case you need to remove/disable it later.  If the devices have different colors or are different models that makes it easy.  If you have two of the same device, maybe use part of the serial # or use stickers to tell them apart.  The nickname can be based on where you store it (Safe, Keychain) whatever makes sense to you even a year or two later.
- Make sure you setup the Yubico Authenticator on the device you plan to use for setting up your accounts.  I would recommend you consider adding a password (on Android you can go to the 3 dots and choose "Change password" to require a password to access the codes).

TIP: If you are setting up two Yubikeys, you could do the setup of one on one device (computer for example) and the other on another device (your phone for example).  It will keep you from having to swap keys on a single device.

Steps to setup Yubico Authenticator

1) Go into your account settings and then security settings.  Here are some sample steps for various sites:

PayPal: Settings > Security > 2-step verification
Amazon: Account > Login & Security > Two-Step Verification (2SV) Settings

If you can't find the option in your settings area search the support/help area of your page or contact support for the site.

2) Find the option to add an authenticator app, normally it will show a QR code that you can scan.  Once you scan the QR code, you should get a code that changes every minute or so in your Authenticator app.  If you are using two devices at the same time you can visually compare the generated codes to make sure they are the same otherwise, once you are done setting everything up it would be good to test each Yubikey that you configured.  I did notice that sometimes I had to swipe down in the app to get the code to refresh.

3) You might want to consider disabling the SME/text message option, go check out my other post ( https://bigboystoys13.blogspot.com/2021/09/yubikey-adding-security-key-to-your.html ) near the end section 4 explains a little more about this.

Useful Yubico Links:

Yubikey - Adding security key to your account

This post is focused on adding your Yubikey as a hardware token / security key to your account.  It does not cover setting up other options.  If you are looking to setup Yubio Authenticator, check out my other post ( https://bigboystoys13.blogspot.com/2021/09/yubikey-using-yubico-authenticator.html ).  If you don't have a Yubikey yet, you might want to check out this post instead ( https://bigboystoys13.blogspot.com/2021/09/yubikeys-quick-review.html ).

Before you start setting up accounts:

- Make a list of the accounts you want to setup multi-factor authentication (MFA) on.  It helps to keep track in case you lose your Yubikey or need to add a backup.
- If you have more than one hardware token, have them all ready.
- Give each key a unique nickname, in case you need to remove/disable it later.  If the devices have different colors or are different models that makes it easy.  If you have two of the same device, maybe use part of the serial # or use stickers to tell them apart.  The nickname can be based on where you store it (Safe, Keychain) whatever makes sense to you even a year or two later.

Steps to setup the hardware tokens.  These basic steps work with many services ( Google, Microsoft, Facebook, Twitter, and Yahoo for example ).

1) Go into your account settings and then security settings.  Here are some sample steps for various sites:

- Google: From Gmail, click your icon in the top right and choose "Manage your Google Account".  In there click "Security" and go to "2-Step Verification".
- Microsoft. From www.microsoft.com, click your icon in the top right and then choose "My Microsoft Account".  Then click "Security" and "additional security options".
- Facebook: Go to the "Settings & Privacy" menu in the top right, then "Settings".  Next go to "Security and Login" and look for the "Two-Factor Authentication" section.

If you can't find the option search the support/help area of your page or contact support for the site.

2) Find the option to add a security key / add a new way to sign in and add your token.  Do this with each token you have.

3) Look at other backup options, especially if you only have one key.  Examples:

- Authenticator app: There are many options - Google and Microsoft have an option, so does Yubico itself and many other options are out there.  This is a good option, but remember if you lose your phone you lose the app with it.  If you plan to keep your key with you that is a problem (since you could lose both items at the same time), but if you plan to keep the token in a safe using the Authenticator app on your phone might be ok.  You could setup Yubico Authenticator on your Yubikey, but the whole point is that you want a backup if you lose Yubikey.  Yubico Authenticator on a token isn't a backup if it is on the same exact token.

- Backup codes: One time use codes that you can put somewhere, maybe print them and put them in a safe.  However don't put it in the same safe you have a spare Yubikey.

4) This might be a good time to disable SMS/text messages/voice calls as an option.  If you Google search "is SMS MFA secure" you will see many articles addressing issues with SMS, and since you have a hardware token as better option might as well get rid of the weaker link.  If you felt SMS was good enough, you probably wouldn't be using or researching a hardware token.

Tuesday, September 7, 2021

Yubikey - Quick Review

This is just going to be a (sort of) quick, high level, review of a two Yubico products and some other hopefully helpful tips.  I sort of laid things out as if someone was asking me questions.

What is a Yubikey?

For now I am going to avoid explaining terms like dual-factor authentication, or multi-factor authentication because if you are reading this post you are probably somewhat familiar and interested.  The Yubikey is a hardware token you can use for authentication.  Yubico itself has a "Why Yubico" page ( https://www.yubico.com/why-yubico/for-individuals/ ) with some good high level information about their products.  There are other products out there, I personally decided to go with Yubikey devices but do your own research.

Do I really need one?

Simply put, a hardware token can help protect your online accounts against compromise.  How bad would it be if your online accounts were taken over - not just that someone logged into your account, but they took control of it or erased everything?  Don't forget your e-mail account is often used to gain access to other accounts, so one compromised e-mail account could lead to an even larger impact.  Don't focus on the cost of the device, focus on the impacts you are avoiding.

Which one should I get?

With Yubico, I mainly looked at two options - Security Key NFC and Yubikey 5 series.  This my quick summary of the two options:

1) The Security Key NFC just has one option, that includes NFC and USB-A.  It supports common protocols like U2F and FIDO2, and works with many common providers like Google, Microsoft and Facebook.  Chances are you use at least one of those services.  The device is water and crush resistant, and does not require batteries.

2) The Yubikey 5 Series adds many other options above what the Security Key NFC provides.  Here are a few examples:
  • In addition to FIDO2 and U2F, these also support additional protocols like Smart card, OTP and OpenPGP 3
  • Multiple interface options ( USB-A, USB-C, NFC and Lightning ) and device styles
  • IP68 rated: dust tight and water submersible
Yubico has a quiz ( https://www.yubico.com/quiz/ ) that walks you through the process of picking the best option, and you can also check the catalog of sites that work with YubiKey ( https://www.yubico.com/works-with-yubikey/catalog/ ) to see if your service is supported.  I am not sure the quiz would actually even suggest the Security Key NFC - even when I picked simple options it didn't come up.  This page ( https://www.yubico.com/store/compare/ ) has a good comparison of the various products.

Do I really need a spare?

The quiz does ask if you want to get a spare device.  Imagine if you had a safe with 1 set of keys.  If you lost the key there would be no way to get into the safe.  A second hardware token isn't exactly a crazy idea, but in many cases you can also use other methods as a second authentication option so it isn't required.  No matter what, make sure your plans account for the fact your hardware token could be lost or damaged.  Some accounts let you print "one time use" codes, or provide other authentication options you can consider.

If cost is a factor, the Security Key NFC by Yubico is going to get you into this at a cheaper cost ( around $25 ).  However the Yubikey 5 series has more connector options and supported protocols, and is probably the better option for a tech savvy user that might want to try out some of the additional features.

What did you get and why?

Personally I ended up getting the Security Key NFC as my first device to get my hands on a hardware token, at some point you have to stop reading about it and just go for it.  For the simple use case of tying my accounts to a hardware token, the Security Key NFC did the job but the geek in me wanted to try out the 5 Series since it has extra features.

Yubico Authenticator is one of the features that works on the 5 series but doesn't work on the Security Key NFC.  I tested it out with a few accounts, just to see how it works.  If you already use apps like Microsoft or Google's Authenticator app on Android, then the Yubico app will be very familiar.  I did notice that the Android app does not seem to work on a Chromebook via USB-C, at least when I tested it.  The big difference between Yubico's app and other apps I have seen is that the information is stored on your Yubico token making it easy to move between devices, but I believe there is a limit on the number of accounts.  This page ( https://support.yubico.com/hc/en-us/articles/4404456942738-FAQ#what-is-the-yubikey-s-account-limit- ) you can find information about various limits.

As I mentioned earlier, the Yubikey 5 series has multiple connectors and form factors.  I went with Yubikey 5C with USB-C for future proofing since more devices use USB-C, but I also purchased USB-C to USB-A adapter from Syntech which so far has worked fine on a Windows laptop that only has USB-A ports.  For now I plan to keep my Security Key NFC as the "backup" device, and the Yubikey 5C as one I use to test out some of the new features.

I got one, now what?

If you decide to get a Yubikey, check out these other posts of mine that might help with some tips on setting it up:



Useful Yubico Links:
Quiz to see which device is best for you - https://www.yubico.com/quiz/
Catalog of services that work with Yubikey - https://www.yubico.com/works-with-yubikey/catalog/?sort=popular