This isn’t strictly a privacy question as a security one, so I’m asking this in the context of individuals, not organizations.

I currently use OTP 2FA everywhere I can, though some services I use support hardware security keys like the Yubikey. Getting a hardware key may be slightly more convenient since I wouldn’t need to type anything in but could just press a button, but there’s added risk with losing the key (I can easily backup OTP configs).

Do any of you use hardware security keys? If so, do you have a good argument in favor or against specific keys? (e.g. Yubikey, Nitrokey, etc)

  • JustEnoughDucks@feddit.nl
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    8 months ago

    But this is only the case if you store your passwords in a plaintext file on your phone. Something that I hope nobody would be dumb enough to do, but I guess many people would.

    If you have an encrypted password manager like Bitwarden or so where you have a single long password to open and get at your other long secure passwords, then it is essentially a different factor than your phone, right? Since having the phone unlocked would do nothing to help the attacker get to your password vault.