I Won't Buy A YubiKey
In this interesting post, Garrit talks about why he wouldn't buy a YubiKey and I get where he's coming from.
I wonโt buy a YubiKey
by Garrit Franke
In this interesting post, Garrit talks about why he wouldnโt buy a YubiKey and I get where heโs coming from.
I own 3 YubiKeys that I have for personal use. Thereโs one that I keep connected to the USB hub on the desk in my study, another that I keep in my work bag, and a third that I keep in the safe at my mumโs house.
That third one is registered with both mine and my wifeโs Bitwarden accounts. So I know that no matter what, we can always get into our password vaultโs. Two of the YubiKeys (including the backup one at my mumโs) are the NFC version, so we can use them with our phones.
Like Garrit, I use Bitwardenโs built in TOTP multi-factor tokens for most things, as I think itโs a good balance between security and convenience. Yes, it can probably be compromised, but it would have to be an extremely knowledgeable and motivated threat actor. So the risk is worth it for me.
Aside from Bitwarden, I also use my YubiKeys for certain important accounts where I donโt think the risk of having the MFA token in Bitwarden is worth it.
So, for me at least, thereโs a use for owning a YubiKey (or 3), but I totally get where Garrit is coming from, and I think itโs a fair conclusion that heโs drawn.