undefined | Better HN

0 pointsLelouBil3y ago0 comments

I don't know why, but I'm still a bit afraid of using security key everywhere. I have an irrational fear of losing/breaking my security key. Even though I know my phone is fine and always with me (as a comparison).

I just set up a whole backup solution for my many self hosted applications, all encrypted with the keys safely in my password manager. Even uploaded to S3, because I figured if I'm paying for it, I could ID-and-support ticket my way to my data even if I lost my AWS credentials.

I don't know how to integrate a security key into this scheme. What to do if it actually gets lost ?

Will I have to use emergency codes for all the accounts ?

Can I make a backup of it somewhere ?

Would that defeat the purpose ?

I'll buy one someday, when I'll have all this figured out.

0 comments

nequo3y ago

I think that worry makes sense. It is a good idea to keep a backup. For example, you could get two YubiKeys, use one as your primary, and put the other in a safe place as your backup.

It is a little bit of a hassle. But changing 200 passwords because LastPass was breached is also a hassle.

PeterisP3y ago

One option is to have two identical security keys. In general, you can't easily read the secrets from an existing key, but you can overwrite/initialize them to get two with identical data.

Tomte3y ago

Most services allow you to enrol two or more security keys, so you wouldn't need to overwrite one.

PeterisP3y ago

The problem with that is that it requires to have all these security keys available in order to enrol them, which is not possible if you want to store one of them in a different secure location. If you have two keys in your pocket, that's not much of a backup; having two identical keys means that you can enrol the one in your pocket and if it gets lost, the copy from your safe works.

1 more reply

TheFlyingFish3y ago

Is this possible with Yubikeys? I'd be very interested if so. "Two identical Yubikeys" is something I've wanted for a long time.

PeterisP3y ago

IIRC https://www.yubico.com/support/download/yubikey-personalizat... could be used for that.

j / k navigate · click thread line to collapse

0 pointsLelouBil3y ago0 comments

I don't know how to integrate a security key into this scheme. What to do if it actually gets lost ?

Will I have to use emergency codes for all the accounts ?

Can I make a backup of it somewhere ?

Would that defeat the purpose ?

I'll buy one someday, when I'll have all this figured out.

0 comments

nequo3y ago

I think that worry makes sense. It is a good idea to keep a backup. For example, you could get two YubiKeys, use one as your primary, and put the other in a safe place as your backup.

It is a little bit of a hassle. But changing 200 passwords because LastPass was breached is also a hassle.

PeterisP3y ago

One option is to have two identical security keys. In general, you can't easily read the secrets from an existing key, but you can overwrite/initialize them to get two with identical data.

Tomte3y ago

Most services allow you to enrol two or more security keys, so you wouldn't need to overwrite one.

PeterisP3y ago

1 more reply

TheFlyingFish3y ago

Is this possible with Yubikeys? I'd be very interested if so. "Two identical Yubikeys" is something I've wanted for a long time.

PeterisP3y ago

IIRC https://www.yubico.com/support/download/yubikey-personalizat... could be used for that.

j / k navigate · click thread line to collapse