undefined | Better HN

0 pointsjiveturkey6y ago0 comments

few providers support enrolling multiple yubikeys into your account.

0 comments

Which don't? For all the big major ones I've used U2F with, they've supported multiple keys for a while (or since introduction). It's practically a requirement in case you lose a key..

To name a few off the top of my head: Google, GitHub, Gitlab, Facebook, 1Password, etc.

zippergz6y ago

Vanguard (where my company has their 401k plan) is one I have encountered that only supports a single Yubikey.

bitskits6y ago

Not sure when you last checked, Vanguard supports up to 4 security keys.

1 more reply

cal5k6y ago

AWS only supports a single U2F key at the moment.

lstamour6y ago

Before this, both LastPass and 1Password said they supported U2F via Duo, but Duo only supported one key, so I could never use it.

mclehman6y ago

If that's the case, it must have changed at some point. Lastpass and Duo both support multiple U2F keys, and have for at least a couple of years. I have two keys registered with Duo for login at my school and also through Lastpass's non-Duo U2F support.

saltminer6y ago

My college uses Duo and it has no such restriction, if you tried this recently and couldn't add more than 1, it is probably set by LastPass/1Password.

1 more reply

cbhl6y ago

This is true, and it is dangerous (once the key fails, folks get locked out). I don't use security keys with such providers.

It would be nice if someone made a library that made incorporating Webauthn login into an app as simple as using django or Ruby on Rails or React to create a login form, so folks don't end up rolling their own and assuming that a user will have at most one yubikey.

Failing that, you could do what Zeit does and rely on email providers' support for Security Keys (login by email link only).

abstractbarista6y ago

Usually you can use a TOTP backup method (Google Authenticator or similar). But don't actually use it. Just save the key to initialize it to a secure backup which can be accessed of your Yubikey is lost.

j / k navigate · click thread line to collapse

0 comments

Operyl6y ago

Which don't? For all the big major ones I've used U2F with, they've supported multiple keys for a while (or since introduction). It's practically a requirement in case you lose a key..

To name a few off the top of my head: Google, GitHub, Gitlab, Facebook, 1Password, etc.

zippergz6y ago

Vanguard (where my company has their 401k plan) is one I have encountered that only supports a single Yubikey.

bitskits6y ago

Not sure when you last checked, Vanguard supports up to 4 security keys.

1 more reply

cal5k6y ago

AWS only supports a single U2F key at the moment.

lstamour6y ago

Before this, both LastPass and 1Password said they supported U2F via Duo, but Duo only supported one key, so I could never use it.

mclehman6y ago

saltminer6y ago

My college uses Duo and it has no such restriction, if you tried this recently and couldn't add more than 1, it is probably set by LastPass/1Password.

1 more reply

cbhl6y ago

This is true, and it is dangerous (once the key fails, folks get locked out). I don't use security keys with such providers.

Failing that, you could do what Zeit does and rely on email providers' support for Security Keys (login by email link only).

abstractbarista6y ago

j / k navigate · click thread line to collapse