Hardware security key options?

I’ve been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn’t I will have to pass on.

PS: what are the things I need to know about these hardware keys that’s not being talked about too much, I am very much delving into new territory and want to make sure I’m properly educated before I delve in.

@linux @[email protected] @[email protected] @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity

  • Scraft161@tsukihi.meOP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    For many TOTP may be a good option; but my experience with TOTP has been less than subpar.

    Initially I did use TOTP like you’re supposed to; but after my last phone died I had to set up TOTP on the accounts that used it *after* getting into them without it using backup codes.
    This lead me to put the TOTP stuff inside my KeePass vault (as KeePassXC supports TOTP) which is backed up (unlike most TOTP solutions I’ve used).
    The problem now is that my 2FA keys are stored in the same location as my passwords… (not that I’m worried about someone breaking the vault; but this is *not* how 2FA is supposed to work).

    Additionally I have some other issues with TOTP that make it far from ideal for me and hardware keys seem to be a good fit to solve my issues with TOTP.