this post was submitted on 03 Jan 2024
75 points (98.7% liked)

Linux

48149 readers
597 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hardware security key options?

I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.

PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.

@linux @[email protected] @[email protected] @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 10 months ago* (last edited 10 months ago) (3 children)

While Keepass has the ability to use a Yubikey (or similar) as 2FA (masterpassword is still required), this does not work on the mobile (Android) apps I tried. If you can make it work, please let me know!

Other than that: I got my Yubikey working ok on Linux Mint. But somehow the first login often does not work as expected (you have to touch the key). That is why I don't use it anymore as 2FA for computer login.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago)

Yubikeys can work with KeePassDX you just need to install the key driver and have NFC enabled

Also I'm pretty sure you are always supposed to touch the key initially when you use it for things like unlocking your KeePass database and what not

[–] [email protected] 2 points 10 months ago

keepass2android also work

[–] [email protected] 1 points 10 months ago (1 children)

I don't have a key yet (which is why I'm asking) and I definitely want it in combination with passwords (they can take the key using force; but they can't take thoughts out of my head just yet).

As for android apps not working with the yubikey: try giving KeePassDX a shot; I got it from F-Droid and it does give me a hardware key field with the option to autofill with "Yubikey challenge-response".

[–] [email protected] 1 points 10 months ago

Thanks, I will try again!