Questions tagged [yubikey]
YubiKey is an USB authentication key developed by Yubico.
189 questions
0
votes
1
answer
114
views
Safe methods for logins / recovery including using yubikeys
I’m a beginner but I’ve been reading, watching videos, and chatting with an assistant to build a stronger workflow for online security (logins + recovery) and I am planning on getting a yubikey.
One ...
3
votes
1
answer
163
views
How to migrate an OLD Yubikey with an OLD PGP key to a NEW Yubikey with a NEW PGP Key? Cross-signing, certifying, etc
A few years ago, I set up my Yubikey with PGP by following Dr.Duhs Yubikey Guide.
I created an offline Certify key / Master key on a live usb distro, and then created the corresponding sub keys (S,A,E)...
- 141
3
votes
1
answer
835
views
Is a FIDO private key file for SSH cryptographically secure on it's own?
Is an id_ed25519_sk cryptographically secure without a password?
I'm currently experimenting with a yubikey SSH identity. Following instructions to generate an SSH key:
sudo ssh-keygen -t ed25519-sk -...
- 153
1
vote
0
answers
88
views
Managing SSH authorized keys exported from OpenPGP keys
One of the benefits of using OpenPGP authentication subkeys instead of arbitrarily created SSH keyfiles, is key expiration and revocation.
While there is plenty of documentation on how to use OpenPGP ...
- 11
0
votes
0
answers
139
views
Encryption of Data using Biometric Info
I'm trying to securely encrypt and decrypt data using a biometric info, i.e. a fingerprint, on a Raspberry PI. From my prior research, I have found that I need an HSM, since fingerprints cannot be ...
- 125
0
votes
1
answer
141
views
What is the purpose of Yubico API client ID?
Yubico PAM module requires one to specify the id(API client ID) parameter obtained from Yubico API key signup page. For example:
auth sufficient pam_yubico.so id=1234 authfile=/etc/yubikey_mappings ...
- 441
0
votes
0
answers
389
views
Why whatsapp only let you create 1 passkey?
Whatsapp is rolling out passkeys. I don't think backing up passkeys in a password manager is a good idea. I'd like to have device bound passkeys but they only allow me to create one. How should I be ...
- 375
18
votes
5
answers
7k
views
How do Yubikeys improve security if I am typically also forced to enable other, weaker 2FA methods?
It is typically recommended to enable 2FA wherever possible. Moreover, it is typically recommended to enable not just any 2FA method, but Yubikeys in particular.
Yubikeys are considered to be the ...
- 6,851
0
votes
0
answers
164
views
YubiKey Bio for SSH login: Do I have to reauthenticate?
I'd like to use YubiKey Bio for SSH-logins. I'm wondering how often I have to show my fingerprint for authentication when I start new sessions. What's the interval? If I start a new session every 5 ...
- 101
2
votes
0
answers
424
views
Why are Yubico Yubikeys limited to 32 OATH accounts? [closed]
Is the 32 OATH QR code account limit on Yubikeys due to a storage constraint?
Because the Yubikey 5 series has been out for a few years now it'd be amazing if there is a new version released soon with ...
- 123
0
votes
1
answer
713
views
Can the private key inside a yubikey be known to anyone, e.g. the NSA?
I wonder if the NSA can force Yubico (or their secure element chip supplier), a US company located in Palo Alto, California, to hand over the private keys stored in the secure element of the yubikey ...
- 11
0
votes
1
answer
198
views
What mechanism stops smartcards and YubiKeys from exporting private keys?
How are the above devices built and what is the mechanism that seals them off from giving out private keys? Are the sign/decrypt operations somehow soddered into their hardware, is it a tiny piece of ...
3
votes
1
answer
1k
views
When is FIPS certification important?
I was looking at YubiKeys and noticed that they sell FIPS certified keys alongside non-FIPS certified keys. Both seem to have the same feature sets, but the FIPS certified keys are more expensive. ...
- 195
6
votes
1
answer
1k
views
Can someone with access to only my Yubikey gain access to my server that has SSH access via an ED25519-sk keypair?
My understanding is that an ED25519-sk SSH key generated by OpenSSH generates a private key stub that lives on your host machine. This stub is just a reference to the actual private key that lives on ...
- 151
0
votes
1
answer
240
views
Security of using Yubikey to derive Diceware password?
I bought a new Yubikey, and am currently setting it up to use on my desktop PC. Previously the PC was secured with password only, and I'd like to use the Yubikey as an alternative: instead of using ...
- 508