this post was submitted on 30 Nov 2023
32 points (94.4% liked)
Privacy
1245 readers
113 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The issue with onlykey is the static key placement. Trezor for example randomizes key positions, so even if someone gets the key, they won't be able to guess the PIN based on greasemarks and such.
Also more resistant to over-the-shoulder spying.
The trezor looks cool, but it's a bit bulky to put on a key ring. I wouldn't want to carry it around as my second factor.
The benefit of external factors, like a fingerprint reader, like an external pin input is that a compromised computer doesn't get the something you know.
It's a question of what your privacy/security model is. I currently use Yubikey + Bitwarden with a strong main password. If I had to be paranoid, I'd sacrifice convenience for security, and carry a Trezor around.
Personally I think the yubikey fingerprint hardware key plus bit warden is an excellent combination even if you need to be very paranoid.