undefined | Better HN

0 pointsaidenn02y ago0 comments

Yubikey 5 can only store 20, which isn't a whole lot better. Are there yet any readily available FIDO devices that can store 100s of resident keys (I have almost 400 logins in bitwarden)?

0 comments

jeroenhd2y ago

Depending on your level of trust in Bitwarden and your security model, you could consider unlocking the Bitwarden vault with a security key, and then using Bitwarden's passkey support to authenticate to websites. It's not really 2FA, but it works around the resident key limitation.

There's also a nifty app that implements CTAP2 on Android Wear, and basically act like an NFC/Bluetooth security key. If you have an Android Wear and don't think your watch will be hacked and rooted, this could be a useful alternative, especially in places where Google doesn't sell their Titan keys.

kemotep2y ago

Ideally self hosted bitwarden (or a local only password manager such as keepassxc with passkey support) using a master password and a security key for the 2nd factor with all the accounts in your vault using passkey makes it so you need to know 1. the master password password, 2. have the security key, and also have 3. access to the vault.

The website being breached and the passkey public key being dumped is meaningless. They are more likely to compromise a site’s admin access that can get into user accounts than ever crack public key cryptography or simultaneously acquire all three factors necessary to gain access to my vault. And no matter what I do on my end (except only use sites that take security seriously) can stop that.

jaefi2y ago

The new Google Titan keys can store hundreds; sadly not even sure if I can get one here.