Hey @Steve and audience,
After the recent discussions around passkeys on the podcast, I wanted to share and get feedback on my approach.
As many other listeners, I also have a Yubikey at home and one with me.
But I have never stored a passkey on them. I use the Yubikey Authenticator app for iOS to store OTP secrets on the keys. I always set up both keys at the same time for any service.
Passwords are stored in Bitwarden, Bitwarden is secured by OTP codes from the Yubikeys as well.
With the almost universal availability is OTP, this is a pragmatic way that I have found to secure my accounts by something “physical”.
The Yubikey I carry has also set a password for additional security.
Any downsides to this approach that I might be missing not seeing?
The process in detail below:
Setup of OTP:
1. Ask the site for an OTP qrcode
2. Stick Yubikey A into the phone and scan the code with the Yubikey Authenticator App
3. Stick Yubikey B into the phone and scan the code with the Yubikey Authenticator App
4. Geberate an OTP from either key and put it in the site for confirmation
Get an OTP
1. Stick the Yubikey into the phone
2. Open Yubikey Authenticator App
3. Generate a code an put it in
Happy for any feedback and love the show
After the recent discussions around passkeys on the podcast, I wanted to share and get feedback on my approach.
As many other listeners, I also have a Yubikey at home and one with me.
But I have never stored a passkey on them. I use the Yubikey Authenticator app for iOS to store OTP secrets on the keys. I always set up both keys at the same time for any service.
Passwords are stored in Bitwarden, Bitwarden is secured by OTP codes from the Yubikeys as well.
With the almost universal availability is OTP, this is a pragmatic way that I have found to secure my accounts by something “physical”.
The Yubikey I carry has also set a password for additional security.
Any downsides to this approach that I might be missing not seeing?
The process in detail below:
Setup of OTP:
1. Ask the site for an OTP qrcode
2. Stick Yubikey A into the phone and scan the code with the Yubikey Authenticator App
3. Stick Yubikey B into the phone and scan the code with the Yubikey Authenticator App
4. Geberate an OTP from either key and put it in the site for confirmation
Get an OTP
1. Stick the Yubikey into the phone
2. Open Yubikey Authenticator App
3. Generate a code an put it in
Happy for any feedback and love the show