I need to explore a lot of that. Am I correct that you canāt actually duplicate a yubikey? You have to register the backup with all those sources too? Thatās the only thing keeping me from buying a second tomorrow - though I probably should.
Discussion
Some websites let you configure more than one. Your password manager should let you add more than one
Yeah I really should do that. Probably time to buy a second even if one of the cheaper ones. I was so stoked the day I could completely replace Google Authenticator with the Yubikey NFC Authenticator. I think a lot of people donāt know that exists
It depends. If you want the SSH and GPG keys on the backup Yubikey you have to generate your master encrypt/sign key on an air-gapped machine and then create a backup of the .gnupg folder.
Generate your sub-keys for the first Yubikey.
Transfer the master key and sub-keys to the Yubikey.
Restore the .gnupg folder from the backup.
Generate your yubikeys for the second Yubikey and transfer the master key and sub-keys to the second Yubikey.
Every time you transfer keys to a Yubikey, you end up with stubs for those keys in your air-gapped machine, thatās why you need to make a backup of the .gnupg folder.
You could do this before or after it doesnāt matter, but you should also export your master key and encrypt it with a passphrase and keep it secure. You can buy one of those rugged USB memory sticks or YOLO it with a micro sdcard. You should do this even if you donāt have a second Yubikey.
Make sure you wipe that air-gapped machine once you are done!
If you only want to use the second Yubikey for signing into your password manager or something you can skip all that above and just register the second key.
Some security experts will frown at my recommendation because I didnāt suggest something so just DYOR and find whatās the acceptable level of security that YOU want.
Had no idea this was even an option. Probably beyond my comfort level at this stage, but I am definitely going to read up on this. Appreciate you sharing in such depth