Hardware security key options?
I’ve been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.
I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.
As I use linux as my primary OS I do expect it to support it and anything that doesn’t I will have to pass on.
PS: what are the things I need to know about these hardware keys that’s not being talked about too much, I am very much delving into new territory and want to make sure I’m properly educated before I delve in.
@linux @technology@lemmy.ml @technology@lemmy.world @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity
There’s a Swedish startup named Tilitis making open source, verifiably secure hardware keys, but they’re not well supported at the moment.
Yubikey probably has the widest support for things like password managers and automatic sign in.
Look into SoloKeys and NitroKeys and see if there’s products from those vendors that fit your needs.
As to why thisisawayoflife recommends these products (over OP’s consideration of Yubico), probably because Solo and Nitro keys are open source hardware and firmware.
Nitro is a German company. Yubico is a Swedish company. I can’t find where SoloKeys is located. However, the OS nature of Solo and Nitro should make that a little less important.
In my research, I’ve found SoloKeys may be a US company. They are headquartered in New Jersey and one Co-founder is in New York City. However, according to their WhoIs data, the domain was registered in Iceland.
From SoloKey’s Solo 2A+ NFC Security Key product page “Made and programmed in Europe.” https://solokeys.com/products/solo-2a-nfc-security-key?variant=40297992093889
I also recommend Nitrokey. I have a Nitrokey Pro 2 and a Nitrokey 3 NFC and they both work well. Linux support is very good, and they also have good documentation on how to do most stuff you might want to do. +1 for being open-source as well.
While Keepass has the ability to use a Yubikey (or similar) as 2FA (masterpassword is still required), this does not work on the mobile (Android) apps I tried. If you can make it work, please let me know!
Other than that: I got my Yubikey working ok on Linux Mint. But somehow the first login often does not work as expected (you have to touch the key). That is why I don’t use it anymore as 2FA for computer login.
I don’t have a key yet (which is why I’m asking) and I definitely want it in combination with passwords (they can take the key using force; but they can’t take thoughts out of my head just yet).
As for android apps not working with the yubikey: try giving KeePassDX a shot; I got it from F-Droid and it does give me a hardware key field with the option to autofill with “Yubikey challenge-response”.
Nitrokey would probably be my choice as both the hardware and software are open source( in fact you could probably build your own if you wanted to). I don’t trust yubikey as the firmware that runs on them is closed source so you just don’t know of it’s actually secure.
I’m using yubikeys. Works fine on Linux and Android.
