Hi guys,

I got my Yubikey plugged in to my USB. Is it safe? Or should use it only when logging in?

  • @sznowicki
    link
    English
    31 year ago

    It should be safe. It only shares the secrets with legit domains. That’s one of the powers of this tech: it won’t share your secrets with something that looks like a legit domain.

    • badgrandpa69OP
      link
      English
      21 year ago

      but without physical - click - key will be non accessible?

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        No, some of the functionality is definitely accessible without that, e.g. if you use ykman oath accounts code on Linux to read the TOTP codes you don’t need to click and I seem to recall some of the functionality has a configurable click requirement.