I've been using his guide forever as well, except that nowadays you can just use the native OpenSSH support for deriving Ed25519 or ECDSA keys from FIDO. The main advantage is that you do not have to deal with the very subpar GPG Agent anymore... https://www.maths.tcd.ie/~fionn/misc/fido_ssh/

Besides, 1Password now has a very convenient agent, which prompts users permission for an application to use a key - which is added security https://developer.1password.com/docs/ssh/get-started/#step-4...

And yes, Yubikeys do break - My keychain'd 5Ci is missing a huge chunk of plastic, exposing the PCB, and among the two new C Bio I received last week, one has already fried after just a few days.

It’s super good!

I love my Yubikey - it’s way less friction to use than other forms of 2fa, and I get to use it for stuff like storing my PGP keys. I don’t feel like it use it to its full potential (mostly signing commits and ssh) but it’s super satisfying seeing that little “Verified” badge next to my signed commits :)

I do generate them on device, I just have multiple Yubikeys. Of course there's a significant cost there, but OpenPGP cards are a good backup and cheaper.

Yep, thats the same guide I used a few years ago as well!

I use it daily for Github/ssh in general - and the 2 slots are used for part of passwords for a couple of other things.

I have a couple that are used daily, one in a safety deposit box (which is the "master" key), and a stack of new ones on my desk in case anything breaks. (I used that Cloudflare offer to get a hefty discount on them).

I also have a paperkey copy that lives elsewhere.

>or a malfunction of your Yubikey

Can't stress this enough. I had a yubikey nano that I literally never pulled from my laptop, that sat on my desk for basically the entirety of COVID. It just up and died after about 14 months. Fortunately, I had only set it up for testing purposes because I was worried about this exact scenario, and while I had a backup in my safe, had I been on my normal travel schedule that wouldn't have helped much.

The fact that it died after 0 abuse was a MAJOR turnoff for me ever proceeding down the path further. I'm sure my failure was a one-off but it left an extremely bad taste in my mouth.

I get a failure of a key that's on a keychain or being beaten up on the regular, but failure from literally just sitting in a usb-c port for less than two years is... not a great look.

I guess this might be an expected failure mode too, because their warranty is only 1 year for manufacturing defects.

I can't stress this enough, risk of losing (or breaking) your security keys is the number 1 threat when a service (correctly) offers no way to circumvent it's absence.

This is the same for encryption: the number 1 threat is lost encryption keys; the number 2 threat is broken backups; the number 3 threat is stolen encryption keys. Having #1 occur is equivalent to being ransomwared with no way to pay.

In both cases, you need multiple copies, or if you are using non-copyable aspects of security keys like U2F or OTP, then you need multiple backup keys registered to the same services.

Agreed. Turns out the best backup medium is paper: print out the secret bits and store them in a safe. The paperkey tool can do this and QR codes can make it really convenient. I even added binary decoding interfaces to zbar to support this exact use case.

https://www.jabberwocky.com/software/paperkey/

https://wiki.archlinux.org/title/Paperkey

  gpg --export-secret-key $KEY | paperkey --output-type raw | qrencode --8bit --output $KEY.png
  zbarcam --raw --oneshot -Sbinary | paperkey --pubring $KEY.gpg | gpg --import

Not every key needs to be backed up. Signing keys are ephemeral, losing one is inconsequential. Losing an encryption key means it'll be impossible to decrypt data later so backups could be interesting. The master key should be kept permanently offline in a physical safe.

Like the other comments, the risk of losing data/access/etc is not enough.

The article even actively suggesting you DO NOT make backups of things.

    Now you’re ready to generate a new set of OpenPGP keys on the YubiKey, using the generate command:

        gpg/card> generate
        Make off-card backup of encryption key? (Y/n)

    Enter n to ensure that the private keys never leave the YubiKey, and enter the admin PIN when prompted:

I suppose this is why it's an Opinionated guide as my opinions on how the actual target of a "remote adversary" should go about balancing security with risk.

The simple solution is to buy two, or more. Mind you, Yubi could be more upfront about the risk and the solution. But it's pretty obvious pretty quick that if your access depends on a single physical key that one key isn't enough.

I don't enable Yubikeys unless I can assign at least two to my account.

I have this same discussion about people using Vault and having secret unseal keys.

If you're all in on the idea and have a robust process around key custody it's great, but if you just deploy it without thinking especially to an environment that may not be fully rebooted for 1-2 years at a time, it's far more likely someone will lose the keys and then only months or years later when the entire thing is restarted realise they lost all their data. And I'd put this as more likely than encryption at rest ever saving most people from data privacy.

You have to include availability and user experience in your "threat model".

| Webauthn with fido/u2f is supported on most websites and oidc providers.

I wish that was true. I’ve found that webauthn is becoming more common in the last year, but is still relatively rare. Many “important” sites and services make use of them. https://www.yubico.com/works-with-yubikey/catalog/ is a great place to see them, but they’re still quite rare as a whole.

Threat model aside, I think expecting people to maintain multiple PGP keys, do multi-key encryption, and geographically distribute those keys is probably less practical than writing their pin down.

99% of users are probably better served by Tarsnap and its ilk than attempting to roll this kind of thing themselves.

Eleven years ago I got four yubikeys, two pairs as recommended by Yubico. One pair for personal use and one for work.

I tested the personal key pair first. The primary yubikey I had on my (physical) keyring failed spontaneously after less than three weeks of being carried around in my pocket. That was the end of that.

I am not going back to physical tokens, except for RSA tokens and purely mechanical keys. Those have an adequate track record.

You've got the wrong perception of even the most sophisticated end-users out there. 5 GPG keys, deposit boxes / vaults in different states.. I mean what the hell? Even an old beardy maintainers won't be bothered by that. You're talking about government-level threat models here.

Heck, even the idea of having to renew your resident GPG keys is a nightmare, let alone in different states. If you even let your master key expire on the device, you won't ever be able to renew it or it's derived SSH keys, and will have to reset the device. That's not to mention fried keys, stolen keys, etc. Consumer-grade vaults can be picked in minutes, and most large banks do not issue new deposit boxes anymore.

Any paranoid/sophisticated users would be more than happy with having their SSH keys in 1Password & using their agent, or having one key at home w/ home alarm, one key on them.

5 Yubikeys? That's fine if you're really serious about this, but to me even one Yubikey is too expensive for personal user.

Most people don't have a vacation home, or a safe deposit box. I didn't even think you could still get those at most banks. Plus, I suspect most security conscious people would not want to leave anything at their office.

You can leave them at friends houses, but that's not exactly always a secure location.

Phone numbers can at least theoretically be recovered, so my unpopular opinion is that SMS is pretty great for personal stuff.

Five whole YubiKeys at the cost of $500+ sounds extortionate when memorizing your Ed25519 private key is a free option.

How do you keep your keys up to date? Or, if you need to onboard a new key because you lost one, how do you know it's been registered with all your services?

My suggestion for a regular person is to not deal with Yubikeys. The risk of me somehow shooting myself in the foot trying to use them is much higher than the risk of getting hacked. My most important thing by far is my bank account, which has 2FA via the Chase app on my phone. Doesn't even support Yubikeys. A few other things are like this.

That's good enough for my personal life. I only use a key at work, where they manage all that for us.

For purposes of Fido/U2F, almost every service that lets you use U2F will also let you set up TOTP, and with TOTP you can save/print the QR codes. And TOTP is good enough to let you enrol a new U2F key.

So you don't need the expense of buying multiple yubikeys if most of them will end up in safety deposit boxes. Just put a printout of a TOTP QR code in the safety deposit box.

(This doesn't apply if you want to use the non-U2F features of the yubikey, like PGP, but who needs that?)

Use the "FIDO (both U2F and FIDO2 flavors)" capability to protect your Gmail account. You don't want your email compromised.. it's the most important.

Next, use 1password with the family. It too has FIDO support.

You could buy "nano" keys for each computer and just leave them installed all the time. And the backup would be one on your keychain. This is how I do it.

I'm not really that concerned about someone gaining physical access to my system compared to how concerned I am about someone on the Internet gaining access to my passwords somehow. Of course I look the doors to my house and don't leave my laptop just lying around :)

I need such a guide as well. If I want to sign up for a new service and use the yubikey as a factor is it required that I have all of them including the backup keys at hand to register them or can I keep them outside the house ?

I feel like convenience is an important part of making security keys work effectively. These are definitely cheaper, but once you move out of the large bully USB-A keys to those that might not require adapters, might be smaller, more useful with things like NFC, they get a lot more expensive. Still cheaper than Yubikeys, but similar ballpark. I’m not sure this would change the maths on whether to use a security key or not for that many people?

This works until you get malware on your workstation.

The issue is something could happen to you and if your PIN is lost, it doesn't matter how many second Yubikeys you have.

Seems like this advice assumes you're using your Yubikey to protect data you want to outlast you?

[dead]

There's no alternative with the same set of capabilities: Fido2, OpenPGP, PIV all in one. For the individual capabilities there's many alternatives.