Hardware security key options?

I’ve been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn’t I will have to pass on.

PS: what are the things I need to know about these hardware keys that’s not being talked about too much, I am very much delving into new territory and want to make sure I’m properly educated before I delve in.

@linux @[email protected] @[email protected] @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity

  • @Freddyyeddy
    link
    41 year ago

    Onlykey. It’s u2f. And has up to 12 or 24 depending on how you setup username password combinations. It’s got a physical pin required and you can set what happens on 6 failed attempts. Like nuke it’s own firmware and (quantum proof encrypted alg) password and keystore. It requires no software on machine (after setup) so you can use it on machines you don’t own and don’t need to install middleware (I’m looking at you nitrokey) If you use Linux you can use it as a ssh private key and login method requiring challenge response (via its pin pad) (windows support for it is middleware to do this is …not easy). It’s a true one way write… you add a password in all you can do is overwrite never read from it. https://onlykey.io/. Ive been using it my corporate IT day to day for 3 years.