I rarely use my smartphone and find it a bit annoying to have to use it for 2FA through apps. I wish to get physical passkeys that will allow me to login to my laptop.
I have heard of YubiKey although I haven’t given it any serious consideration since it is closed source. (My super-tin-foiled friend who introduced me to this world of privacy taught me to never trust a closed-source solution… _long _ story).
Are there any FLOSS versions of Yubikey? Can they be used to log into a Linux machine? Or for banking?
There is SoloKey, which is an open-source version of YubiKey. Although full disclosure, I haven’t actually tried it myself so I can’t really vouch for it personally.
I have a onlykey. Been using it for probably 5 years now. Not sure why they aren’t more common.
For my own understanding, what potential dangers are there using a Yubikey as opposed to an open source key?
I’m a novice myself, so don’t expect an accurate and technical answer. My understanding is that the argument basically boils down to “claim versus veracity” on any vulnerabilities or compromises in the key.
How do you know there aren’t significant security vulnerabilities in the key, or that there aren’t backdoors?
The open source community have some excellent security experts who can check and let us know if all is good, or if something is off.
