Man I love yubi keys. Feels great being able to lock things down with a physical device.
But now I need to update to USB-C.
Anyone else a fan?
I wish I could use them to sign into nostr clients 🤔
Discussion
That’s a nope.
Doesn’t this require physical access?
I’m no expert. I just know they have a design flow that allows them to be hacked. 🤷♂️
Requires physical access and latest series not affected
https://www.yubico.com/support/security-advisories/ysa-2024-03/
I've been meaning to get into the physical key rabbit hole. When you say "lock everything physically", does it mean basically instead of (or on top of) a password manager / 2FA authenticator, you slide the thing into a USB outlet to log in?
Phone, websites, everything?
Yeah either plug into device or NFC.
It pairs with Auth app that can only be accessed with a physical key.
It helps to buy more than one so you don’t get locked out if you lose one of the keys.
I also love the yubikey, my main uses are logging in using pam, gpg keys, ssh and webauth
Haven't explored all the functionality yet, but it is definitely a great product and gives comfort that accounts can't be hacked. I have it setup with KeepassXC too.
Eventually I want to setup ssh with it.
Highly recommend getting a backup key in case the first one fails.
Why yubikeys if we have trezors
Nitrokey better for me
What and why
Our computer overlords say this:
"Nitrokey is often preferred by folks who value open-source and transparency. They're super open about their design and manufacturing process, which can be a big plus for those who want to know exactly what's going on under the hood. Plus, Nitrokey is a bit more affordable than Yubikey, which is a nice bonus.
On the other hand, Yubikey is a more established player in the market, and they've got a reputation for being super secure and reliable. They've also got a wider range of products, so you can choose the one that best fits your needs.
Ultimately, it comes down to your personal preferences and priorities. If you're all about open-source and transparency, Nitrokey might be the way to go. But if you're looking for a tried-and-true option with a wider range of features, Yubikey is definitely worth considering."
Same boat and I didn't want to spend 70$ equivalent for the #Yubikey 5 USB-C (I have the feeling that they increase a lot in price since I got my first one), so I tried the token2.swiss option (I'm in Switzerland, wanted to support local company and it's made in Switzerland, I guess last assembly and programming but still).
Price is much better, like 20-25$, the USB-C model is more compact than the Yubikey USB-A but wider than the Yubikey 5 USB-C.
It had NFC but I don't really need it if I can plug it in the phone directly.
The Rev2 model can host 300 passkey, it's crazy huge, especilly that most service still use the certificate version were data is not stored on the key (so far only GitHub is listed on the key as a passkey).
For passkey and FIDO2 2FA it's very good.
For the rest, Yubikey is much better. First Linux support for OTP is really combersome, you need to manually install and run a Python app which doesn't work with shenanigans (I mean, installing dependencies and plugins), so far it's still not working on my Ubuntu but tech support is very responsive, hopefully they will help me to sove it when I got time.
Android app is working fine for OTP.
Using the key for 2FA on Linux (unlock, sudo, ...) is not working yet but I'm still trying.
PGP and ssh login with ed25519-sk I didn't try yet.
I also couldn't add my HMAC for Keypass XC on it, not sure it's possible.
I would say, if you strictly use it for passkey/FIDO2 2FA, it's a good product at a competitive price, it you want to have all your OTP in it and you are ok to read it on your phone, fine. (Or on Windows/iOS of course, didn't test but it should be better supported).
If you want the more advanced stuff, get a Yubikey, the time I lost so far is not worth the cost saving for me.
Picture for comparison.
