72
nobody 2y ago

It is time.

#opsec

Reply to this note

Please Login to reply.

Discussion

Avatar
Ava 2y ago

awesome! i have the same model 🔥

Avatar
GHOST 2y ago

What are they?

Avatar
Ava 2y ago

hardware authentication devices

https://www.yubico.com/

Avatar
GHOST 2y ago

So it’s a cold wallet for your passwords?

Avatar
Ava 2y ago

for mfa. and yes, that's how i see it and use it

Avatar
Ava 2y ago

...and passkeys

"YubiKey is designed to meet you where you are on your authentication journey by supporting a broad range of authentication protocols, including FIDO U2F, WebAuthn/FIDO2 (passkeys), OTP/TOTP, OpenPGP and Smart Card/PIV."

Avatar
Ava 2y ago

*typo: ignore the first line*

Avatar
GHOST 2y ago

So just the authenticator for 2FA or does it actually store passwords as well?

Avatar
Ava 2y ago

it is a mfa hardware authenticator key. it does not store passwords, except for when using the yubikey in secure static password mode where it is recommended the user store only half of a password i.e. the user types the first half, then uses the yubikey to complete the other half.

check out the website for more info 🤙🏻

https://www.yubico.com/products/how-the-yubikey-works/

72
nobody 2y ago

Any gotchas I should look out for?

Avatar
Ava 2y ago

how so?

72
nobody 2y ago

Never set one up before.

Avatar
Ava 2y ago

i think you'll be good. i'm here to help if not

Avatar
Enki 2y ago

I should get me one of thems.

Avatar
Ava 2y ago

they're awesome...even as passkeys are trying to send them the way of the dodo bird.

Avatar
Enki 2y ago

Yeah I run a vaultwarden instance (I think that does passkeys I know bitwarden does but I forget if vautwarden did). I was wondering if its still useful.

72
nobody 2y ago

Can be used as 2FA with Bitwarden, but I’m not sure about vaultwarden.

Avatar
Enki 2y ago

I know it can be a 2fa for vaultwarden. I think the only thing vaultwarden gets rid of is the enterprise features like SSO and a few other things.

Avatar
Ava 2y ago

did you see the article i posed before about this? if not, are you up for a bit of a technical read that's totally worth it?

Avatar
Enki 2y ago

I did not and I'm always up for a technical read. Ill look for it.

Avatar
Ava 2y ago

hang on, i'll find it

Avatar
Ava 2y ago

just reposted it

Avatar
Enki 2y ago

Sick ill add that to my rss as well. Looks like a good blog.

Avatar
Ava 2y ago

it is

72
nobody 2y ago

Link me nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka I’m begging 🙏

Avatar
Ava 2y ago

ofc

Avatar
Sikto 2y ago

What are you knitting?

72
nobody 2y ago

Security.

Avatar
Sikto 2y ago

72
nobody 2y ago

I want one. Do they make them smaller?

Avatar
Sikto 2y ago

We will need a mould, and then we can get it made.

Avatar
nobody 2y ago

I'll have to pick up a few. do thy make them for desktop? Or will I need an adapter for one of these?

72
nobody 2y ago

They make both USB-A and C models.

Avatar
pukka 2y ago

Ohhh I see what these are for. Is best place to buy from Yubico?

72
nobody 2y ago

Only easy place I found was direct. Took two days.

de
nobody 2y ago

Smart man getting two!

Avatar
Mike Dilger ☑️ 2y ago

I've got one of these on my keyring. Been using it for years with github, bitwarden, and a few other websites.

I also use TOTP as a fallback and I have an TOTP database and little rust program on an offline computer in case I lose my phone I still have all my TOTP seeds.

I *hate* TXT based 2-factor. My phone provider sometimes gets stuck and TXTs don't arrive for hours, then they come all as a batch. And it's too easy for someone to impersonate my SIM.

72
nobody 2y ago

Not to mention SMS not being encrypted.

I’m not gonna lie, Apple Passkeys made me think about this lately. This is my first set, so I’m going slow. GitHub, Microsoft, and Google are my trial accounts, since they were on passkeys already.

I just felt this is something better done externally to the device 🤷‍♂️

Avatar
Kc 2y ago

You can also secure your ssh sessions with them.