[FT_intern]

Has anyone thought of a good redundancy scheme for yubikey?

Physical object authentication is great except physical objects are less durable than brain memory (or at least, if my brain memory is gone then I probably would have no use for the password anyway).

[tedd4u]

Keep 1 key on your keychain, one in a fire vault in the house, and one in the safety-deposit box at the local branch bank office. Most U2F-enabled sites let you register multiple keys. Add new sites with keychain during the day, in the evening add the fire-vault key at home. Once a quarter add the third key from the safety-deposit box.

[davchana]

Why specifically during day/evening/quarter? Why not all three at same time? Just asking. Thanks..

[rajivm]

Because you need the key with you to register it with a site, and if they are being stored in separate locations, you need to do it when you have access.

[watersb]

I am playing with YubiKey storing certificates, then using the certificates like any other GPG setup, so I can have redundancy and revocation. But I have yet to make it dead simple enough to use for real-world application.

Or maybe I am just procrastinating.