This isn’t strictly a privacy question as a security one, so I’m asking this in the context of individuals, not organizations.

I currently use OTP 2FA everywhere I can, though some services I use support hardware security keys like the Yubikey. Getting a hardware key may be slightly more convenient since I wouldn’t need to type anything in but could just press a button, but there’s added risk with losing the key (I can easily backup OTP configs).

Do any of you use hardware security keys? If so, do you have a good argument in favor or against specific keys? (e.g. Yubikey, Nitrokey, etc)

  • goatmeal@midwest.social
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    I think y’all are talking about different things. Some sites (like google) have direct yubikey support where you plug the key into the device and what you’re talking about isn’t an issue

    Other sites don’t have direct support, but allow you to use any authenticator app which is what you’re talking about with using the yubico authenticator app/key combination. Plugging it into a yubico authenticator app on any device will show the codes

    Unfortunately I don’t have an answer for a way to protect those other accounts. I guess the hope is that if you lose it, it can’t be tied to your accounts, just the websites themselves