I’ve long owned - and for slightly longer, intended to use - a Yubikey, a great 2FA (2nd factor authentication) option for increasing personal security around computers, apps and websites. Despite knowing using them is good, though, the habit never stuck. Like a good password manager, though, getting into the habit can really pay off.
Previously, I had set up and integrated a Yubikey rather awkwardly, so the utility was minimal and using it wasn’t consistent or straightforward, leading to the habit not sticking. This time around, I decided to dig in and integrate it into my daily workflow as much as possible. On Linux, that meant setting up not just any website that’d listen but:
- Logging in
- Unlocking the screen
- Using sudo
- SSH keys
There are some things I had to work around:
- USB hubs/docks appear not to work
- In many cases, using a Yubikey on a desktop means the key is
going to be in a more or less inconvenient location.
- an extension cable helps but is pretty awkward
- I’d much rather have a USB port on my keyboard but finding a good mechanical keyboard with a USB port…
- I’d like for the authentication to be subtle, physically, so as not to draw attention to what is being done, where, how often, etc.
- an extension cable helps but is pretty awkward
Two of my Yubikeys offer NFC; I need to remember this if not explicitly try and leverage it.
I’m still ironing some things out and really need to get better about turning more things over to leverage Yubikey SSH keys, but by and large, things are working and especially if I remember to remove the Yubikey from my desktop, things will be significantly more secure than they already are ;)