Just surprised there hasn’t been any mention of it on the channel. I find it the best way to do 2FA even if it’s only storing TOTP codes. Would be interested in seeing a deep dive using it for GPG/SSH priv. keys.
Dr. Duh has a great guide on this: https://github.com/drduh/YubiKey-Guide
Watched a crosstalk vid on the Yubikeys a couple of days ago. I have one sitting in a box that I never use but keep thinking I should.
That’s the video that inspired me too! haha
I looked at this a while back, the costs of those keys soon add up plus they have have different types which just adds more cost. I know there was/is an open source project trying to make the hardware more affordable but they need to get way down to say £10 for 10 keys.
For now encryption and software 2FA seems the best option not to get locked out of my own kit.
I think I never really used it because I couldn’t get things going on my phones (or I was worried that I woudln’t be able to so never tried)
The new ones have usb C and Lightning and NFC (which I understand now works on iOS as well as Android) so you probably can now have one key to rule them all.
Just recently got a 2 pack and it has been nice to setup both to be identical so I have a backup of all 2fa codes kept in a secure location.
if you use KeepassXC you can also keep a backup in software of your 2fa
In India, Yubikeys are really expensive, I have found some cheap ones but I don’t know how good they are. A yubikey 5 costs more than a $100 here which is crazy. You can buy a decent phone in India at that price.
I use Yubikeys for 2FA (password manager, etc) and SSH (all lab servers, etc).
I’ve got one nano that is permanently plugged into my day to day laptop, and then two regular ones that I use on worklaptop and carry along with me. All version 5, even though I don’t use the NFC feature yet. The only feature I need that is not available on version 4 is touch caching (for when I run ansible scripts towards multiple servers and need it to cache touch).
The nice thing with multiple ones is that I generate the private key on the yubikey itself, it never leaves the key. If a key is stolen I got the other ones as backup to be able to log into things.
I think they are worth the price, even if they are on the expensive side.