Comment by 1attice

Comment by 1attice 10 hours ago

0 replies

View on Hacker News

Actually, this is now a solved problem. Root-of-trust pattern.

- Use Bitwarden or similar

- Set BW to recognize the Yubikey as one (of several, incl. TOTP ('Authenticator') code) second factor.

- On all other sites and services, generate passkeys (which are essentially virtual yubikeys) and save them in BW.

- In BW, save the password and TOTP. BW itself, on another device (or in a separate incarnation - e.g. the desktop app when authenticating the browser extension) is now your everyday means of authenticating to BW.

- BW-stored passkey is now your standard means of authentication for e.g. GitHub, Google, etc

- Put the yubikey in a safety deposit box

- Bravo, you have a very professional trust system