Hardware security key options?

I’ve been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn’t I will have to pass on.

PS: what are the things I need to know about these hardware keys that’s not being talked about too much, I am very much delving into new territory and want to make sure I’m properly educated before I delve in.

@linux @technology@lemmy.ml @technology@lemmy.world @privacy #2FA #MFA #yubikey #InfoSec #CyberSecurity

  • Scraft161OP
    link
    fedilink
    111 months ago

    Let’s *NOT* go that route.

    I’m very much looking for a hardware key to avoid biometrics (I can have a field day expressing my opinions on those; but in general they tend to be the weakest MFA factor and most have known working bypasses based on photos).
    This leans a little too close to that for me to consider, let alone all of the things you have to consider when putting implants in your body.

    • @carzian@lemmy.ml
      link
      fedilink
      211 months ago

      Just wanted to add something different from the other posts, definately not recommending it.

      That being said, it is a hardware key. You can set it up as a Fido2 key, making it as secure as any of the other options here, it is not biometrics.

      Like I mentioned, you have to be a little crazy to go that route