I Won't Buy A YubiKey

In this interesting post, Garrit talks about why he wouldn't buy a YubiKey and I get where he's coming from.

I own 3 YubiKeys that I have for personal use. Thereโ€™s one that I keep connected to the USB hub on the desk in my study, another that I keep in my work bag, and a third that I keep in the safe at my mumโ€™s house.

That third one is registered with both mine and my wifeโ€™s Bitwarden accounts. So I know that no matter what, we can always get into our password vaultโ€™s. Two of the YubiKeys (including the backup one at my mumโ€™s) are the NFC version, so we can use them with our phones.

Like Garrit, I use Bitwardenโ€™s built in TOTP multi-factor tokens for most things, as I think itโ€™s a good balance between security and convenience. Yes, it can probably be compromised, but it would have to be an extremely knowledgeable and motivated threat actor. So the risk is worth it for me.

Aside from Bitwarden, I also use my YubiKeys for certain important accounts where I donโ€™t think the risk of having the MFA token in Bitwarden is worth it.

So, for me at least, thereโ€™s a use for owning a YubiKey (or 3), but I totally get where Garrit is coming from, and I think itโ€™s a fair conclusion that heโ€™s drawn.

โœ‰๏ธ Reply by email

๐Ÿ‘ˆ๐Ÿป The one before
A Fediverse Backup?
Up next ๐Ÿ‘‰๐Ÿป
I Re-Joined Twitter