this post was submitted on 06 Mar 2025
29 points (100.0% liked)

Privacy

1821 readers
69 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No reposting of news that was already posted
  4. No crypto, blockchain, NFTs
  5. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 4 months ago
MODERATORS
top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 month ago (1 children)

I still feel like this kind of thing should be able to be done with a usb flash drive. Like an encrypted drive that has something like an ssh key in it or such. I really hate there is not something more agnostic for this type of purpose.

[–] [email protected] 6 points 1 month ago (1 children)

A lot of the extra value in something like a YubiKey is that they're tamper evident.

Also any process can potentially read data off a USB stick once it's mounted. With a FIDO2 key reading it requires a physical action.

[–] [email protected] 4 points 1 month ago (1 children)

I think it could be setup to allow limited access although im not really sure about tamper resistance. I just don't like these things to be cheaper and not limited to particular companies or such.

[–] [email protected] 6 points 1 month ago

Yubico isn't the only company. There's others that make hardware keys according to the same protocols, so if you just don't like Yubico for whatever reason, there's other options.

But the reason you want a key that isn't a USB drive is the fact that you don't want anyone to be able to extract the keys from your device either through software or by physically attacking it. A small few USB drives have encryption, but I don't know what attacks they can withstand.

A USB drive is trivially easy, because you need it to be. You don't want that same ease for a security device.