Kev Quirk

I Won't Buy A YubiKey

24 Mar 2023 | ~2 minute read

I own 3 YubiKeys that I have for personal use. There's one that I keep connected to the USB hub on the desk in my study, another that I keep in my work bag, and a third that I keep in the safe at my mum's house.

That third one is registered with both mine and my wife's Bitwarden accounts. So I know that no matter what, we can always get into our password vault's. Two of the YubiKeys (including the backup one at my mum's) are the NFC version, so we can use them with our phones.

Like Garrit, I use Bitwarden's built in TOTP multi-factor tokens for most things, as I think it's a good balance between security and convenience. Yes, it can probably be compromised, but it would have to be an extremely knowledgeable and motivated threat actor. So the risk is worth it for me.

Aside from Bitwarden, I also use my YubiKeys for certain important accounts where I don't think the risk of having the MFA token in Bitwarden is worth it.

So, for me at least, there's a use for owning a YubiKey (or 3), but I totally get where Garrit is coming from, and I think it's a fair conclusion that he's drawn.

Reply by email

Want more content?

Say no more, dear reader. Here's three random posts from this blog for you to peruse:

How To Install Nextcloud On Shared Hosting
16 Jun 2019

How To Start A Blog If You're Not A Nerd
20 May 2020

What Is Two Factor Authentication?
21 Aug 2018

← The one before
A Fediverse Backup?

Up next →
I Re-Joined Twitter

Enjoyed this post?

I put a lot of work into maintaining this site and I really enjoy interacting with my readers.

My fuel of choice is coffee, so if you did enjoy this post, or found it in any way useful, I'd appreciate more fuel to keep me going. ❤️

Buy me a coffee