Med-Mastodon

Michael GurskiOk, I'm going to fully admit I'm not entirely sure how to use <a href="https://strangeplace.me/tags/YubicoAuthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#YubicoAuthenticator</a> amongst multiple <a href="https://strangeplace.me/tags/YubiKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#YubiKeys</a> vs, say, <a href="https://strangeplace.me/tags/Authy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authy</a> or <a href="https://strangeplace.me/tags/GoogleAuthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleAuthenticator</a> after a year+ of off/on looking to try it out.Do I need to store the <a href="https://strangeplace.me/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> seeds on every <a href="https://strangeplace.me/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#YubiKey</a> I own? And they all take up a slot? If so, I'm glad for most high value ones, I've been saving encrypted copies of the initial secret key in my password manager. Is that the way it works, all stored in the keys, and not some DB on each device?

Mad A. Argon :qurio:Short cautionary storyI wanted to synchronize <a href="https://is-a.cat/tags/OTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTP</a> on my all <a href="https://is-a.cat/tags/yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#yubikeys</a> - now five because of circumstances, I wanted to have every one replaceable with each other and don't wonder which one I must use. For people not familiar with them, OTP codes are stored on <a href="https://is-a.cat/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#yubikey</a> itself, apps are interfaces to interact with it. So they could be used on any device with any version of <a href="https://is-a.cat/tags/YubicoAuthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#YubicoAuthenticator</a> app. I mostly use terminal version on my Linux desktop. And during new account/credential creation user usually writes all in one command, together with seed code.It was some time since I created something, so I tried to check correct command syntax in <a href="https://is-a.cat/tags/shell" class="mention hashtag" rel="nofollow noopener" target="_blank">#shell</a> <a href="https://is-a.cat/tags/history" class="mention hashtag" rel="nofollow noopener" target="_blank">#history</a>. And suddenly I realized I have all seed codes stored in history, ready to reuse.For me it was convenient then, I didn't have to register in all services again, simply copy-paste old commands for new keys. But everyone could see how it could be terrible for <a href="https://is-a.cat/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> :blobcat_ohnoes:Everyone with access to my laptop and terminal could also use them. Of course I use <a href="https://is-a.cat/tags/LUKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#LUKS</a> so my shell history (or other data on my laptop) isn't easily available :blobCat_evil:So, be careful what you could have in shell history. And use full disk <a href="https://is-a.cat/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#encryption</a> everywhere, just in case, you could forget many small things in various places!<a href="https://is-a.cat/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://is-a.cat/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#2fa</a> <a href="https://is-a.cat/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>

Recent searches

Search options

Administered by:

Server stats:

#yubicoauthenticator