Hardware security key experiences

mid_gen

mid_gen

mid_gen

Soldato
Joined
20 Dec 2004
Posts
16,256
Like many people, I use an authenticator app and 2fa for most stuff these days. Which is grand, but I'm also very concerned about what would happen if someone got into the account that backs them all up.

Been considering getting a few Yubikeys to lock down my main MS account. Wondered if anyone is using them and has good/bad things to say....
 
LostCorpse said:
bad : you loose the key and you only have 1...
so make sure you get at least 2.
remember hardware keys dont work with every service.
Click to expand...
Got a couple of the standard Yubico Security Key NFC. Setup on my MS and Google accounts and removed all the sms/phone number based 2 factor. Pretty painless.

Still use authenticator app for primary 2FA, these are just the backups, but without the possibility of someone cloning my SIM.
 
LostCorpse said:
its why you always buy more than one and test regularly.
but 2years seems to be bandied arounbd for regular daily use.
Click to expand...
I don't see why a yubikey or similar well made passkey would fail after two years. It's completely solid state, and powered through USB, the algorithm is good for 30 years.

Just having a look around and plenty people are happily using theirs since 2014/15.

Badically, chances of both keys failing before you can get a backup is remote. Chances of that happening at the same time as my primary authenticator app is lost, is basically zero..... so I'm pretty happy with the setup.
 
indeed. when i looked i could not find solid numbers.
i saw a quote 2 years based on very heavey usage but others quote 8+years of operations.
i'd rather give a low hard number to set expectations, i should have stated that in original post.
if you get 2 keys you'll use one more than the other. when that dies the back up key is still good and time to get a repalcement for the failed one.

Hardware side :

see also for the software side one aspect

OTPs Explained

developers.yubico.com developers.yubico.com
section : Usage counter

&
between 18-30years

The LED is expected to have a life span of approx 5 years
based on being plugged in 24x7


So it depends on a number of things.
i am expecting a minimum of 2years of operation. but hoping for 10-15years of usage.


This post :
and this one made me chuckle (it linked from the reddit post)

x.com

x.com x.com
 
I'd be scared of losing it and have no idea where I would put it.
I know it's a key ring so maybe with your keys, but then I don't sit at my PC with my car keys

I honestly can't see the use scenario at home.
In a work place? Yea, you take it home and nobody can use your login credentials in the office. But on a home computer, I have absolutely no clue what I would do with it when I'm out
 
Last edited:
wigster said:
Seriously looking into getting a couple, is there a limit on how many websites you can use on a key? and where have you got yours from?
Click to expand...
25 resident passkeys on the old firmware, 100 on the latest firmware 5.7, but it's unlimited if you are using them as 2fa, rather than storing passkeys.
I also use mine as a second factor for a keepassxc database.

I would only buy them direct from Yubico, or from their Amazon store. Given their use, even if the risk is small, I wouldn't trust getting them from anywhere else. That said, they aren't really that much cheaper elsewhere anyway, so either way you may as well buy direct.
If you buy from Yubico, they will also only send the latest firmware keys, so it guarantees you get the most space for passkeys. The latest firmware also fixes a security vulnerability, not really an issue for most people, as exploiting it requires phyiscal/destructive access to the key and a load of expensive equipment, but may as well get the latest version.
 
You must log in or register to reply here.
Back
Top Bottom