Hardware security key experiences

mid_gen

mid_gen

mid_gen

Soldato
Joined
20 Dec 2004
Posts
18,058
Like many people, I use an authenticator app and 2fa for most stuff these days. Which is grand, but I'm also very concerned about what would happen if someone got into the account that backs them all up.

Been considering getting a few Yubikeys to lock down my main MS account. Wondered if anyone is using them and has good/bad things to say....
 
LostCorpse said:
bad : you loose the key and you only have 1...
so make sure you get at least 2.
remember hardware keys dont work with every service.
Click to expand...
Got a couple of the standard Yubico Security Key NFC. Setup on my MS and Google accounts and removed all the sms/phone number based 2 factor. Pretty painless.

Still use authenticator app for primary 2FA, these are just the backups, but without the possibility of someone cloning my SIM.
 
LostCorpse said:
its why you always buy more than one and test regularly.
but 2years seems to be bandied arounbd for regular daily use.
Click to expand...
I don't see why a yubikey or similar well made passkey would fail after two years. It's completely solid state, and powered through USB, the algorithm is good for 30 years.

Just having a look around and plenty people are happily using theirs since 2014/15.

Badically, chances of both keys failing before you can get a backup is remote. Chances of that happening at the same time as my primary authenticator app is lost, is basically zero..... so I'm pretty happy with the setup.
 
indeed. when i looked i could not find solid numbers.
i saw a quote 2 years based on very heavey usage but others quote 8+years of operations.
i'd rather give a low hard number to set expectations, i should have stated that in original post.
if you get 2 keys you'll use one more than the other. when that dies the back up key is still good and time to get a repalcement for the failed one.

Hardware side :

see also for the software side one aspect

OTPs Explained

developers.yubico.com developers.yubico.com
section : Usage counter

&
between 18-30years

The LED is expected to have a life span of approx 5 years
based on being plugged in 24x7


So it depends on a number of things.
i am expecting a minimum of 2years of operation. but hoping for 10-15years of usage.


This post :
and this one made me chuckle (it linked from the reddit post)

x.com

x.com x.com
 
Seriously looking into getting a couple, is there a limit on how many websites you can use on a key? and where have you got yours from?
 
I'd be scared of losing it and have no idea where I would put it.
I know it's a key ring so maybe with your keys, but then I don't sit at my PC with my car keys

I honestly can't see the use scenario at home.
In a work place? Yea, you take it home and nobody can use your login credentials in the office. But on a home computer, I have absolutely no clue what I would do with it when I'm out
 
Last edited:
wigster said:
Seriously looking into getting a couple, is there a limit on how many websites you can use on a key? and where have you got yours from?
Click to expand...
25 resident passkeys on the old firmware, 100 on the latest firmware 5.7, but it's unlimited if you are using them as 2fa, rather than storing passkeys.
I also use mine as a second factor for a keepassxc database.

I would only buy them direct from Yubico, or from their Amazon store. Given their use, even if the risk is small, I wouldn't trust getting them from anywhere else. That said, they aren't really that much cheaper elsewhere anyway, so either way you may as well buy direct.
If you buy from Yubico, they will also only send the latest firmware keys, so it guarantees you get the most space for passkeys. The latest firmware also fixes a security vulnerability, not really an issue for most people, as exploiting it requires phyiscal/destructive access to the key and a load of expensive equipment, but may as well get the latest version.
 
Thread bump as this seems to be the latest thread about Yubikeys (Yubico).

I recently purchased a couple of these - a main one and one as a backup.

I have so far linked it with Google and Microsoft so that I can now log onto these using the Yubikey. I plug in one, register it, plug in the other one and register that as well.

Once I've linked the key with numerous services, is there a way of simply backing up the entire 1st key to the 2nd key in 1 fell swoop?

I have looked at their downloads page. The WHL file 404's. The tar.gz (archive) file downloads fine but there aren't any compiled programs in there. The MSI (Win64) installs fine but no start menu shortcuts and when I open it from the Program Files folder on the C: drive, it opens a DOS terminal for a split second then closes.

Releases

developers.yubico.com developers.yubico.com

There is also the Yubico app but it has bad reviews.

play.google.com

Yubico Authenticator - Apps on Google Play

Allows you to use a YubiKey to store 2-factor authentication credentials.
play.google.com play.google.com
 
I don't know if you have had this issue yet but i've seen people online complaining that buying 2 keys was a waste of money as some sites have started to restrict access to a single passkey.
 
Last edited:
Ice Tea said:
I don't know if you have had this issue yet but i've seen people online complaining that buying 2 keys was a waste of money as some sites have started to restrict access to a single passkey.
Click to expand...
Not something I’ve come across. I just use them for my core accounts anyway, let other systems (Proton Pass) take care of other stuff.
 
While most modern platforms allow you to register multiple passkeys as backups, some services historically or currently limit users to only one passkey or one "security key" registration.

This is often a result of early implementations that haven't been updated to support multiple FIDO credentials.

Sites with Known "Single Passkey" Limitations

The following services have been identified by users as having restrictions on the number of passkeys or hardware security keys you can add:
  • Amazon UK: According to Amazon's UK support, you can generally only create one passkey per passkey provider account (e.g., one for your Google account, one for your Apple ID).
  • PayPal: Historically, PayPal has been noted for only allowing a single security key to be registered for an account, often restricted to desktop use only.
  • eBay: Users have reported that eBay only allows one instance of a security key in account preferences, which can be a risk if the primary key is lost and no other recovery method is set.
  • EE: While listed as supporting passkeys, some users have encountered interface limitations where only a single credential can be actively managed.
Click to expand...

Is that info outdated?
 
I don’t know I only use hardware keys for Google, Microsoft, Proton and a few others not on that list. Haven’t come across anything that doesn’t accept multiple yet.

Always have the printed codes as a last resort backup if you were restricted to only one key mind.
 
How do you get the printed codes? Is it for the hardware keys or is it a set of codes for each individual service like what Overclockers forum uses?

Is the Yubikey phone app or desktop program needed?
 
Pawnless Endgame said:
How do you get the printed codes? Is it for the hardware keys or is it a set of codes for each individual service like what Overclockers forum uses?
Click to expand...
The codes you can get from the service, they can be your last line backup.
Pawnless Endgame said:
Is the Yubikey phone app or desktop program needed?
Click to expand...
Nope, no app required. Anywhere that supports the keys will just give you an option, it’ll prompt you to insert your key and press a button on it (and enter a pin if you have one), then you’re logged in.

Alternatively on your phone you can use the NFC feature and just place the key on your phone. Tis a little finicky on my iPhone but always works.
 
Pawnless Endgame said:
Thread bump as this seems to be the latest thread about Yubikeys (Yubico).

I recently purchased a couple of these - a main one and one as a backup.

I have so far linked it with Google and Microsoft so that I can now log onto these using the Yubikey. I plug in one, register it, plug in the other one and register that as well.

Once I've linked the key with numerous services, is there a way of simply backing up the entire 1st key to the 2nd key in 1 fell swoop?

I have looked at their downloads page. The WHL file 404's. The tar.gz (archive) file downloads fine but there aren't any compiled programs in there. The MSI (Win64) installs fine but no start menu shortcuts and when I open it from the Program Files folder on the C: drive, it opens a DOS terminal for a split second then closes.

Releases

developers.yubico.com developers.yubico.com

There is also the Yubico app but it has bad reviews.

play.google.com

Yubico Authenticator - Apps on Google Play

Allows you to use a YubiKey to store 2-factor authentication credentials.
play.google.com play.google.com
Click to expand...
You can't back up or transfer the Yubikey, it would essentially defeat the point of the security of a hardware key if you could do that. You either use multiple keys and register them each individually on the services that you want to authenticate with, or you keep with one and rely on the emergency recovery codes that each service gives you when you first register a key with them to get back in if you lose your key or it breaks.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom