Pro:
• stored safely on protected hardware
• secret "cannot" be extracted
• can access TOTP codes from an untrusted device, e.g. if my phone's battery is empty
Con:
• backing up the secrets is "not possible"
• having a second YubiKey for redundancy is recommended, but both need to be present when setting up a new secret (or you need to store a copy of the secret somewhere else)
• only has 32 slots (but I only have 23 TOTPs atm)
@scy I tried TOTP secrets on two yubikeys for a time (putting all your secrets on one easily-loosable basket seems not great) and it was quite the hassle. Made me go the TOTP-in-Password-Manager-Route, which seems „good enough“ for me.
@scy As someone who started using one recently: Some applications want you to register a Authenticator App first, before you’re ever allowed to use the YubiKey, which I found rather unfortunate…
Add comment