Comment by xorcist

Comment by xorcist 2 months ago

5 replies

View on Hacker News

> ssh from the phone

That strengthens the previous commenters point. That personal phone is not an "anywhere" device but one that already carries the necessary software and can both interface your yubikey or carry your encrypted keys.

A better example would be the same ski trip but where the data connection is bad on nonexistent so you borrow the hotel's computer to make the emergency fix.

We used to do things like that, complete with post trip password rotations. I carried a laminated card in my wallet with the important key fingerprints. But with devices like the yubikey and cheap international data roaming, that has gotten less common.

sam_lowry_ 2 months ago

A Google or Apple phone carrying encryption keys to my precious servers? Hm... I feel already pwned.

Jokes aside, I can not be bothered installing ssh keys on my phone. Phones change, get broken or stolen. Ssh clients on phones change as well and can not always be relied upon. I want to be 100% sure I can have ssh access to my servers in whatever improbable situation.

As for Yubikey... I used it for a while as a keyboard emulator to generate a string to prepend to my corporate laptop password that had insane strength requirements.

For personal and small business auth... it is too complex and brittle.

And frankly, what's the problem with a strong password? Like... a quote from Netzsche translated in a mix of French and Dutch with a couple special chars thrown in?

Reply View 4 replies
  • gregjor 2 months ago

    We can all dream up improbable scenarios that will neuter reasonable planning and precautions.

    I travel full-time and work remotely, for over a decade. I have lost my phone once. Both Apple and Android phones sync passwords and ssh keys (if you set it up) to their encrypted cloud services. If you get a new phone everything comes back.

    I put my most crucial keys and backup codes on a biometric-locked USB key that I protect along with my passport. I have never needed to use it, but in case I lose my phone and can’t get into my cloud account I have that.

    I use a Yubikey for 2FA where supported, I have two, one handy and one secured with my passport.

    Reply View 0 replies
  • ycombinatrix 2 months ago

    Yubikey with libfido works beautifully.

    >As for Yubikey... I used it for a while as a keyboard emulator to generate a string to prepend to my corporate laptop password that had insane strength requirements.

    Wtf? Tell me you don't know how to use a yubikey without telling me you don't know how to use a yubikey.

    Reply View 2 replies
    • sam_lowry_ 2 months ago

      I bet you did not know Yubikeys have keyboard emulation mode )

      Reply View 1 reply
      • ycombinatrix 2 months ago

        Lol. I'm pretty sure everyone has a coworker that has accidentally "keyboard emulated" their OTP into a public slack message.

        Reply View 0 replies