YubiKeys are on sale today, FYI. https://slickdeals.net/f/15242767-yubico-yubikey-5-nfc-2-factor-authentication-security-keys-usb-c-2-for-55-usb-a-2-for-45-free-shipping?src=frontpage
On Tue, Aug 24, 2021 at 5:15 PM Michael L <[email protected]> wrote: > Thank you everyone for the excellent info. I'm glad I asked. > > > On Tue, Aug 24, 2021 at 2:45 PM Kent Perrier <[email protected]> > wrote: > >> IIRC, the Yubi folks do recommend getting two, and using the second one >> as the backup authenticator in case the primary is lost/broken/etc. Put in >> a safe/safety deposit box for safe keeping. >> >> On Tue, Aug 24, 2021 at 2:13 PM Paul Boniol <[email protected]> >> wrote: >> >>> I agree with Tilghman, but would add there are NFC versions of >>> Yubikey's (still without battery), and USB-C connector (which may or may >>> not attach to your phone). If supported, it could be added as a backup >>> authentication method, but I don't recommend using them as the primary >>> method. (Left it at home, fell out of your bag, got eaten by a toddler, you >>> never know.) >>> >>> Paul >>> >>> On Tue, Aug 24, 2021 at 12:48 PM Tilghman Lesher <[email protected]> >>> wrote: >>> >>>> There are multiple reasons why I'm not fond of hardware keys like that: >>>> >>>> The first I've already mentioned. If it's lost or misplaced, you've >>>> just lost your way of getting into the system. >>>> >>>> Second is the form factor. It's a USB A connector, which is fine when >>>> you're sitting at a desktop or a laptop that you own. What happens if >>>> you need to get into the machine, and the only thing you have is a >>>> cellphone or tablet, which likely doesn't have a USB A port? Do you >>>> keep a selection of dongles with you to make it fit? Or are you SOL? >>>> And if you're at a machine that you don't own, they may well either >>>> prevent you from accessing the USB port or have severe restrictions on >>>> what a USB device plugged in can be. For example, it might be limited >>>> to ONLY a mass storage device and not a USB keyboard. If that's the >>>> case, the Yubikey won't work. >>>> >>>> Third, while the Yubikey is powered off the device to which it's >>>> connected, and that's a nifty workaround to this problem, a lot of >>>> hardware keys have a sealed battery. That battery cannot be replaced, >>>> because the device will self-destruct (by design) if you try to open >>>> it up. So you're only good for as long as the battery life lasts. >>>> >>>> All that said, you also want to avoid using SMS as your second factor >>>> authentication, because the telecom network is not secure. If an >>>> attacker knows your phone number, they could attempt to steal your >>>> number and receive your SMS codes. While the telecoms have tried to >>>> close this security hole, in many cases, it's an insider attack, which >>>> can't be easily stopped without completely destroying number >>>> portability. >>>> >>>> On Tue, Aug 24, 2021 at 11:04 AM Michael L <[email protected]> >>>> wrote: >>>> > >>>> > That's another important reason why I'm asking: when my Pixel LCD >>>> became unusable, I couldn't login. >>>> > >>>> > Glad again I asked. >>>> > >>>> > On Tue, Aug 24, 2021, 10:08 Tilghman Lesher <[email protected]> >>>> wrote: >>>> >> >>>> >> I would suggest configuring PAM to use one of the myriad 2 factor >>>> >> authentication schemes, preferably one that isn't tied to a hardware >>>> >> key. For example, you can use a Google Authenticator scheme with an >>>> >> app like Authy, which will allow you to authenticate with multiple >>>> >> devices -- useful if you lose or temporarily misplace one of them. >>>> >> Authy will also work as a Chrome App -- just make sure that you only >>>> >> put it on devices that you can keep secure. >>>> >> >>>> >> https://hackertarget.com/ssh-two-factor-google-authenticator/ >>>> >> >>>> >> On Tue, Aug 24, 2021 at 6:09 AM Michael L <[email protected]> >>>> wrote: >>>> >> > >>>> >> > I have a couple of sensitive logins which I need to keep secure >>>> online and offline. I see multiple USB devices from about $10 and up. I >>>> also see Google OpenSK and Predator DIY results. >>>> >> > >>>> >> > Does anyone have a recommendation? >>>> >> > Thanks everyone >>>> >> > >>>> >> > -- >>>> >> > -- >>>> >> > You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> >> > To post to this group, send email to [email protected] >>>> >> > To unsubscribe from this group, send email to >>>> [email protected] >>>> >> > For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> >> > >>>> >> > --- >>>> >> > You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> >> > To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> >> > To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/nlug-talk/CALdmzXZM9KizB9jj6mgORek5W6NAQ%2BF3-fJ%3Dc04ov%3DNJAiD0wg%40mail.gmail.com >>>> . >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Tilghman >>>> >> >>>> >> -- >>>> >> -- >>>> >> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> >> To post to this group, send email to [email protected] >>>> >> To unsubscribe from this group, send email to >>>> [email protected] >>>> >> For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> >> >>>> >> --- >>>> >> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> >> To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> >> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/nlug-talk/CAHPkZcUKJeOsCzFRP1sVJ5kcVoSxech68NJmpvvb_hS_EsXnsw%40mail.gmail.com >>>> . >>>> > >>>> > -- >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> > To post to this group, send email to [email protected] >>>> > To unsubscribe from this group, send email to >>>> [email protected] >>>> > For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> > To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/nlug-talk/CALdmzXY3mqhw4W8CO%3D9c5vjEumuoYxvE6A4L3tiQ4704o1h5pQ%40mail.gmail.com >>>> . >>>> >>>> >>>> >>>> -- >>>> Tilghman >>>> >>>> -- >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To post to this group, send email to [email protected] >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/nlug-talk/CAHPkZcUgcpuReTjv9rg%2B5EMPcT3wNyodWQo5paxqo47fQ5xgcQ%40mail.gmail.com >>>> . >>>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nlug-talk?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/nlug-talk/CAL9PgS1FESoMxXfb-e8Jdg8RqzG9yHyh%2BOwrSWr4WyKk_w8w_Q%40mail.gmail.com >>> <https://groups.google.com/d/msgid/nlug-talk/CAL9PgS1FESoMxXfb-e8Jdg8RqzG9yHyh%2BOwrSWr4WyKk_w8w_Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/nlug-talk/CA%2B6_KC8etEXfbhAPxKR89zDd1k7GdMgVp0_Xn8Do81Fgc%3Dj%3DUg%40mail.gmail.com >> <https://groups.google.com/d/msgid/nlug-talk/CA%2B6_KC8etEXfbhAPxKR89zDd1k7GdMgVp0_Xn8Do81Fgc%3Dj%3DUg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nlug-talk/CALdmzXbPRGoQY75eUy0Go55cpTSajF7FXnQvR1Uu%3DtRNASXL%3DQ%40mail.gmail.com > <https://groups.google.com/d/msgid/nlug-talk/CALdmzXbPRGoQY75eUy0Go55cpTSajF7FXnQvR1Uu%3DtRNASXL%3DQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CAPsQiUZ9S1HokX4wOkYZh8krACVYD0BOUMTcXCX-gfWNJTWSTw%40mail.gmail.com.
