Scraft161

joined 1 year ago
[–] [email protected] 1 points 10 months ago

For many TOTP may be a good option; but my experience with TOTP has been less than subpar.

Initially I did use TOTP like you're supposed to; but after my last phone died I had to set up TOTP on the accounts that used it *after* getting into them without it using backup codes.
This lead me to put the TOTP stuff inside my KeePass vault (as KeePassXC supports TOTP) which is backed up (unlike most TOTP solutions I've used).
The problem now is that my 2FA keys are stored in the same location as my passwords... (not that I'm worried about someone breaking the vault; but this is *not* how 2FA is supposed to work).

Additionally I have some other issues with TOTP that make it far from ideal for me and hardware keys seem to be a good fit to solve my issues with TOTP.

[–] [email protected] 1 points 10 months ago (1 children)

Let's *NOT* go that route.

I'm very much looking for a hardware key to avoid biometrics (I can have a field day expressing my opinions on those; but in general they tend to be the weakest MFA factor and most have known working bypasses based on photos).
This leans a little too close to that for me to consider, let alone all of the things you have to consider when putting implants in your body.

[–] [email protected] 1 points 10 months ago (1 children)

I don't have a key yet (which is why I'm asking) and I definitely want it in combination with passwords (they can take the key using force; but they can't take thoughts out of my head just yet).

As for android apps not working with the yubikey: try giving KeePassDX a shot; I got it from F-Droid and it does give me a hardware key field with the option to autofill with "Yubikey challenge-response".

 

Hardware security key options?

I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.

PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.

@linux @[email protected] @[email protected] @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity