this post was submitted on 30 Nov 2023
31 points (94.3% liked)
Privacy
1254 readers
324 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You didn't mention it in your write up, so it's worth iterating that yubikey does have a bio series, USB-C fingerprint reader :
https://www.yubico.com/products/yubikey-bio-series/ fido2, usb-c, fingerprint
Feitian bio series
https://www.ftsafe.com/products/FIDO/BIO fido2, usb-c, fingerprint, nfc
Honerable mention, no NFC or fingerprint, but the only key has a hardware keypad for your pin. https://onlykey.io/
The issue with onlykey is the static key placement. Trezor for example randomizes key positions, so even if someone gets the key, they won't be able to guess the PIN based on greasemarks and such.
Also more resistant to over-the-shoulder spying.
The trezor looks cool, but it's a bit bulky to put on a key ring. I wouldn't want to carry it around as my second factor.
The benefit of external factors, like a fingerprint reader, like an external pin input is that a compromised computer doesn't get the something you know.
It's a question of what your privacy/security model is. I currently use Yubikey + Bitwarden with a strong main password. If I had to be paranoid, I'd sacrifice convenience for security, and carry a Trezor around.
Personally I think the yubikey fingerprint hardware key plus bit warden is an excellent combination even if you need to be very paranoid.