I have had multiple Ubikeys for a long time as I am a frequent international traveler, and am afraid of Google locking me out suddenly. Having a Ubikey gives me peace of mind, but it losing the key can be a headache, as I need to buy another costly key, log into every service that uses the key, remove it, and add a new key. With this project (I hope, I haven’t tested), I may be able to simply gpg encrypt my fidokey and keep it safe in my computer rather than having to worry about my ubikeys.
It’s a really interesting tradeoff. Nominally the value prop of the Yubikey is that it’s a separate physical device so that you know that “even if someone were to steal my laptop and have unfettered access to my password manager, they still wouldn’t be able to access these services”
But the flip side is definitely a concern too… if I lose my (physical) keychain, I won’t be able to access these services either.
In my own experience, I have had a laptop stolen but haven’t ever had my keys stolen nor have I lost my keys for any length of time. My wife, though, has the opposite experience.
I mean no, that’s not a good reason to use a Yubikey at all. It’s about having a smartcard that performs cryptographic operations for you without exposing the keys. Of course using it as a second authentication factor is a specific use case of that, also providing multidevice access as a side-effect of being a separate device.
More to the point, compromising a device cannot leak the keys for further attack vectors.
I have had multiple Ubikeys for a long time as I am a frequent international traveler, and am afraid of Google locking me out suddenly. Having a Ubikey gives me peace of mind, but it losing the key can be a headache, as I need to buy another costly key, log into every service that uses the key, remove it, and add a new key. With this project (I hope, I haven’t tested), I may be able to simply gpg encrypt my fidokey and keep it safe in my computer rather than having to worry about my ubikeys.
It’s a really interesting tradeoff. Nominally the value prop of the Yubikey is that it’s a separate physical device so that you know that “even if someone were to steal my laptop and have unfettered access to my password manager, they still wouldn’t be able to access these services”
But the flip side is definitely a concern too… if I lose my (physical) keychain, I won’t be able to access these services either.
In my own experience, I have had a laptop stolen but haven’t ever had my keys stolen nor have I lost my keys for any length of time. My wife, though, has the opposite experience.
I mean no, that’s not a good reason to use a Yubikey at all. It’s about having a smartcard that performs cryptographic operations for you without exposing the keys. Of course using it as a second authentication factor is a specific use case of that, also providing multidevice access as a side-effect of being a separate device. More to the point, compromising a device cannot leak the keys for further attack vectors.