this post was submitted on 30 Nov 2023
31 points (94.3% liked)

Privacy

1254 readers
315 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
 

Hey everyone,

I am currently using an old(er) HYPERSECU FIDO key, USB-A with a button, and I am looking to

  • secure my phone as well (NFC) and, if possible
  • add biometric authentication to the mix.

Are there good alternatives or better: upgrades to the YubiKey which do support NFC as well as biometrics and come with a USB-C?

Thanks for your time ๐Ÿ‘‹

you are viewing a single comment's thread
view the rest of the comments
[โ€“] dog@suppo.fi 3 points 11 months ago* (last edited 11 months ago) (1 children)

The issue with onlykey is the static key placement. Trezor for example randomizes key positions, so even if someone gets the key, they won't be able to guess the PIN based on greasemarks and such.

Also more resistant to over-the-shoulder spying.

[โ€“] jet@hackertalks.com 2 points 11 months ago* (last edited 11 months ago) (1 children)

The trezor looks cool, but it's a bit bulky to put on a key ring. I wouldn't want to carry it around as my second factor.

The benefit of external factors, like a fingerprint reader, like an external pin input is that a compromised computer doesn't get the something you know.

[โ€“] dog@suppo.fi 2 points 11 months ago (1 children)

It's a question of what your privacy/security model is. I currently use Yubikey + Bitwarden with a strong main password. If I had to be paranoid, I'd sacrifice convenience for security, and carry a Trezor around.

[โ€“] jet@hackertalks.com 1 points 11 months ago* (last edited 11 months ago)

Personally I think the yubikey fingerprint hardware key plus bit warden is an excellent combination even if you need to be very paranoid.