Hardware security key options?
I’ve been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.
I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.
As I use linux as my primary OS I do expect it to support it and anything that doesn’t I will have to pass on.
PS: what are the things I need to know about these hardware keys that’s not being talked about too much, I am very much delving into new territory and want to make sure I’m properly educated before I delve in.
@linux @technology@lemmy.ml @technology@lemmy.world @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity
If you’re insane this company makes hardware keys that you can implant under your skin and read via nfc https://dangerousthings.com/product/apex-flex/
(There is also a ring version if for some reason you don’t want to shove a microchip inside you 🫣)
Thanks for this, I’ve actually been seriously considering a microchip implant for a while, is it open source? I don’t want proprietary code inside me if I can help it.
I’ve had a magnet embedded in my pinky for about 7 years now. It’s wild fun having an extra sense, I’ve actually been planning its replacement as it’s gotten much weaker the last year or so. Neodymium magnets do eventually lose their charge, and heat causes it to happen faster.
It runs JavaCard OS, which is developed by Oracle and not open source. Even though it also runs JavaCard OS, I’d recommend the flexSecure JavaCard from Dangerous Things (for the same price as the Apex Flex), because all of its applets are open source: https://dangerousthings.com/product/flexsecure/. It isn’t quite as “seamless”, because it doesn’t have the closed-source app store available for it that the Apex Flex does, but it instead uses open-source applets that you can load onto it. Regardless, either option will run a closed-source OS, but as far as secure verification goes (by using challenge-response instead of static keys which could be read and copied like old RFID tags), JavaCard is currently the best option. And as far as implantable chips go, the flexSecure JavaCard and the Apex Flex are the 2 best chips on the market to my knowledge.
The silver lining is that there are plenty of open source applets you can run on JavaCards (like the flexSecure ones written by Dangerous Things)
Great answer, I will add that another major difference between the Apex Flex and the FlexSecure is the FlexSecure comes with factory default signing keys (which you can change), while the Apex Flex does not. This means you can’t add your own applets the Apex Flex. Para_lyzed touched on this but I wanted to emphasize that the flexsecure gives you the ability to fully manage the implant while the Apex Flex doesn’t. There are trade-offs of course.
Let’s *NOT* go that route.
I’m very much looking for a hardware key to avoid biometrics (I can have a field day expressing my opinions on those; but in general they tend to be the weakest MFA factor and most have known working bypasses based on photos).
This leans a little too close to that for me to consider, let alone all of the things you have to consider when putting implants in your body.
Just wanted to add something different from the other posts, definately not recommending it.
That being said, it is a hardware key. You can set it up as a Fido2 key, making it as secure as any of the other options here, it is not biometrics.
Like I mentioned, you have to be a little crazy to go that route
Hi there! Your text contains links to other Lemmy communities, here are correct links for Lemmy users: !technology@lemmy.ml, !technology@lemmy.world, !privacy@lemmy.ml
On average, Vatican has two popes per square kilometer.
EDIT: My bad, wrong thread.
Nitrokey would probably be my choice as both the hardware and software are open source( in fact you could probably build your own if you wanted to). I don’t trust yubikey as the firmware that runs on them is closed source so you just don’t know of it’s actually secure.
Look into SoloKeys and NitroKeys and see if there’s products from those vendors that fit your needs.
I also recommend Nitrokey. I have a Nitrokey Pro 2 and a Nitrokey 3 NFC and they both work well. Linux support is very good, and they also have good documentation on how to do most stuff you might want to do. +1 for being open-source as well.
As to why thisisawayoflife recommends these products (over OP’s consideration of Yubico), probably because Solo and Nitro keys are open source hardware and firmware.
Nitro is a German company. Yubico is a Swedish company. I can’t find where SoloKeys is located. However, the OS nature of Solo and Nitro should make that a little less important.
In my research, I’ve found SoloKeys may be a US company. They are headquartered in New Jersey and one Co-founder is in New York City. However, according to their WhoIs data, the domain was registered in Iceland.
From SoloKey’s Solo 2A+ NFC Security Key product page “Made and programmed in Europe.” https://solokeys.com/products/solo-2a-nfc-security-key?variant=40297992093889
