[HN Gopher] An Opinionated Yubikey Set-Up Guide
___________________________________________________________________
An Opinionated Yubikey Set-Up Guide
Author : justinludwig
Score : 17 points
Date : 2023-09-14 19:21 UTC (3 hours ago)
(HTM) web link (www.procustodibus.com)
(TXT) w3m dump (www.procustodibus.com)
| XorNot wrote:
| I feel like leaving the "backing up" section of this till last is
| burying an important part of realistic threat analysis here: i.e.
| the risk of losing access to data from losing, accidentally
| destroying, or a malfunction of your Yubikey is substantially
| higher then the risk of compromise.
|
| If you set all this up, then it would be an expected outcome that
| the most likely thing you'll be doing is needing to recover from
| a disaster, not prevent a compromise.
| [deleted]
| tomxor wrote:
| I can't stress this enough, risk of losing (or breaking) your
| security keys is the number 1 threat when a service (correctly)
| offers no way to circumvent it's absence.
|
| This is the same for encryption: the number 1 threat is lost
| encryption keys; the number 2 threat is broken backups; the
| number 3 threat is stolen encryption keys. Having #1 occur is
| equivalent to being ransomwared with no way to pay.
|
| In both cases, you need multiple copies, or if you are using
| non-copyable aspects of security keys like U2F or OTP, then you
| need multiple backup keys registered to the same services.
| mixmastamyk wrote:
| Neat, but this too hard I think. Have used a key with websites
| and that is doable for a regular (or busy) person. The rest of
| this should be done by the OS, through a wizard, at install time
| and/or later. Maybe a control panel app.
___________________________________________________________________
(page generated 2023-09-14 23:01 UTC)