scy,
@scy@chaos.social avatar

Pondering whether to move my #2FA #TOTP secrets to a #YubiKey.

Pro:
• stored safely on protected hardware
• secret "cannot" be extracted
• can access TOTP codes from an untrusted device, e.g. if my phone's battery is empty

Con:
• backing up the secrets is "not possible"
• having a second YubiKey for redundancy is recommended, but both need to be present when setting up a new secret (or you need to store a copy of the secret somewhere else)
• only has 32 slots (but I only have 23 TOTPs atm)

svbito,

@scy I tried TOTP secrets on two yubikeys for a time (putting all your secrets on one easily-loosable basket seems not great) and it was quite the hassle. Made me go the TOTP-in-Password-Manager-Route, which seems „good enough“ for me.

DerMolly,
@DerMolly@kif.rocks avatar

@scy As someone who started using one recently: Some applications want you to register a Authenticator App first, before you’re ever allowed to use the YubiKey, which I found rather unfortunate…

scy,
@scy@chaos.social avatar

@DerMolly Some YubiKeys (including the one I own) can also be used as an "authenticator app".

There's https://www.yubico.com/products/yubico-authenticator/, (and the ykman CLI interface) which access a YubiKey's HOTP/TOTP secret storage and can then have it generate these 6-digit codes.

What you're probably talking about is FIDO functionality, i.e. when your browser lets the website verify that you own a certain YubiKey.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • DreamBathrooms
  • mdbf
  • ethstaker
  • magazineikmin
  • cubers
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • InstantRegret
  • Durango
  • JUstTest
  • everett
  • tacticalgear
  • modclub
  • anitta
  • cisconetworking
  • tester
  • ngwrru68w68
  • GTA5RPClips
  • normalnudes
  • megavids
  • Leos
  • provamag3
  • lostlight
  • All magazines
    •