Hacker News new | ask | show | jobs
by Elizzy 3466 days ago
You lose it and it's gone. You can't remove credentials on the device. This is why you buy two, register both, and save one in a safe.

EDIT: I mean you can't copy credentials off in most cases, like this one. Credentials can be replaced.
1 comments
sasas 3466 days ago
If you program your own keys into the Yubi, then you know them and can archive them for reprogramming on another device. You can do this with the Yubi Personalisation tool [1] for a few modes the device supports.

[1] https://www.yubico.com/products/services-software/personaliz...

link
Elizzy 3466 days ago
Eh. Hence why I said it like I did. In most cases, the device generates the secrets. And that's how it should be done, it guarantees that they can't be compromised easily (vs if someone compromised wherever you backed up those keys to).
link
sasas 3465 days ago
Sure. There are also other instances where the Yubis keys maybe exposed, such as when using their OTP protocol which requires the keys stored in a validation server (either theirs by default, or your own [1])

[1] https://www.yubico.com/products/services-software/open-sourc...

link