[HN Gopher] An Opinionated Yubikey Set-Up Guide ___________________________________________________________________ An Opinionated Yubikey Set-Up Guide Author : justinludwig Score : 17 points Date : 2023-09-14 19:21 UTC (3 hours ago) (HTM) web link (www.procustodibus.com) (TXT) w3m dump (www.procustodibus.com) | XorNot wrote: | I feel like leaving the "backing up" section of this till last is | burying an important part of realistic threat analysis here: i.e. | the risk of losing access to data from losing, accidentally | destroying, or a malfunction of your Yubikey is substantially | higher then the risk of compromise. | | If you set all this up, then it would be an expected outcome that | the most likely thing you'll be doing is needing to recover from | a disaster, not prevent a compromise. | [deleted] | tomxor wrote: | I can't stress this enough, risk of losing (or breaking) your | security keys is the number 1 threat when a service (correctly) | offers no way to circumvent it's absence. | | This is the same for encryption: the number 1 threat is lost | encryption keys; the number 2 threat is broken backups; the | number 3 threat is stolen encryption keys. Having #1 occur is | equivalent to being ransomwared with no way to pay. | | In both cases, you need multiple copies, or if you are using | non-copyable aspects of security keys like U2F or OTP, then you | need multiple backup keys registered to the same services. | mixmastamyk wrote: | Neat, but this too hard I think. Have used a key with websites | and that is doable for a regular (or busy) person. The rest of | this should be done by the OS, through a wizard, at install time | and/or later. Maybe a control panel app. ___________________________________________________________________ (page generated 2023-09-14 23:01 UTC)