Password managers

Hi sko,
sko said:
SSH logins, email signing/encrypting and passwords (and other) encryption is since done with the keys on the yubikey, which needs its own password for unlocking (the only one I can and have to remember by now...).
Click to expand...

As there is unreliable cell signal at my location, I had been doing some research for alternatives to 2FA via SMS and found a recommendation of Yubikey But from your quote, it seems that Yubikey can be used for other purposes than only 2FA.

As a former user of pass (https://www.passwordstore.org/) could you please explain the use of Yubikey for what you are doing, it it is not too off-topic?

Kindest regards,

M
 
mefizto said:
As a former user of pass (https://www.passwordstore.org/) could you please explain the use of Yubikey for what you are doing, it it is not too off-topic?
Click to expand...
basically, I'm using the yubikey purely as a smartcard to store my private GPG-keys on it.

I never really had any interest in using U2F, FIDO or whatnot, because it always relies on some external (and sometimes even proprietary) service and working internet connection. I deliberately chose password-store because it uses gpg and nothing "exotic" and I absolutely want/need to access my credentials etc if there is no internet connection available - it wouldn't make any sense for me to add something that requires an external service.
IMHO it's stupid to store credentials (or second factors) for infrastructure like router/gateway systems, switches, BMC etc in a service that relies on the infrastructure to work - if that goes down you are essentially unable to access anything to fix the situation. Also I often have my laptop connected to completely locked-down VLANs where I still need to access credentials or log in via SSH.
By only using its smartcard capabilities, I hold everything I need in my hand with the yubikey - either for decrypting credentials or for SSH logins via the gnupg ssh agent.

For 2FA I only use TOTP - I always refused to use SMS as it is insecure by design anyways. there's a TOTP plugin for password store, so that's fully covered.
 
Hi sko,
sko said:
basically, I'm using the yubikey purely as a smartcard to store my private GPG-keys on it.
Click to expand...
Thank you for the clarification.

Regarding the 2FA, in my understanding, the protocol that one can/must use is dependent on what the web-site supports.

Kindest regards,

M
 
You must log in or register to reply here.
Back
Top