75
submitted 10 months ago by Scraft161@tsukihi.me to c/linux@lemmy.ml

Hardware security key options?

I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.

PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.

@linux @technology@lemmy.ml @technology@lemmy.world @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity

you are viewing a single comment's thread
view the rest of the comments
[-] 413j0@lemmy.world 2 points 10 months ago* (last edited 10 months ago)

I personally just have 3 u2f keys from different brands, one of them is a yubikey, but I only use the u2f functionality. I have read enough about the u2f standard to trust it, but the other fluff on some keys I don't trust enoug in to use on my accounts, and the basic u2f functionality works perfectly on Linux (I even use it for my Linux login) and basically everywhere

I keep one on my keychain(it has an USBA port, but I keep a female a to male c converter on it as cap so I can use it on my phone), another that has password protection instead of a single button lives on a port on my desktop and the third I keep stored, it is more annoying to set up all of them on a new account, but I know I won't loose access or have to recover my accounts if I loose my keychain.

And for sites that don't support u2f I use Aegis for TOTP which would also be my recommendation, that way if your KeePassXC database is compromised your second factor is safe, and you can also have automatic encrypted backups of your Aegis dB synchronised across devices so you don't loose them

And if you are going to be setting up keys on multiple sites don't forget to update or generate your single use recovery codes and store the safely, preferably on paper not digitally.

I personally print mine on regular printer paper on sections about the size of a library card and then I spread some UV curing resin until it soaks through, then I clean the excess and leave them on the sun for about 2 hours (most printer paper has optical brightener that makes the resin much slower to cure). I then cut the individual segments and store them on my safe

It may be paranoid, but it's extra work just when creating an account, and I started doing it after I permanently lost access to a trading account because of a lost key and a faded recovery code, thankfully it had no balance stored there at the time

this post was submitted on 03 Jan 2024
75 points (98.7% liked)

Linux

48048 readers
774 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS