This isn’t strictly a privacy question as a security one, so I’m asking this in the context of individuals, not organizations.
I currently use OTP 2FA everywhere I can, though some services I use support hardware security keys like the Yubikey. Getting a hardware key may be slightly more convenient since I wouldn’t need to type anything in but could just press a button, but there’s added risk with losing the key (I can easily backup OTP configs).
Do any of you use hardware security keys? If so, do you have a good argument in favor or against specific keys? (e.g. Yubikey, Nitrokey, etc)
Understandable. I‘ve had a recent „near miss“ if you will and since then I thought I might wanna check my security as a whole. So maybe I‘ll end up with that as well.
Is it possible to use generated keys as a login option on websites btw? I know its usable for ssh and git but i dont know about other sites. If you made one key for each site, they could never leak your password as they dont have it. Would be a ton of work though.
That’s essentially what FIDO2 is (the security keys I’m talking about), but instead of public/private key, it’s challenge/response (similar enough security-wise). More and more services support it, but unfortunately the really important ones don’t (financial, government websites, etc). So you’re left with mostly social media and other tech sites.
Thanks for mentioning that! I‘ll probably need to check that out then.