[hollander]

I have a Yubikey on my keychain, and never use it. I'm still looking for that application that will make me want to use it daily. I was thinking about using it to unlock my Mac, hoping this would add to its security after Meltdown and Spectre. Maybe add a second admin account which would require Yubikey. Then if that fails, I have another admin account without Yubikey as fallback login.

My main problem is how to handle the loss of the key. Now I have one, but how do I handle the loss of one or more keys and can I lose access to my encrypted laptop? Same goes for Lastpass or other password managers where 2FA might be used. On the other hand, if I have an accident with head trauma and forget my passwords, what then?

[Shoothe]

> Now I have one, but how do I handle the loss of one or more keys

The same way you handle loss of keys to your home, car, etc. - you buy a second pair. If you're using OpenPGP you can provision them with keys any time so it's not a problem but if you're using U2F then you better add at least two to all your services (Yubico has a cheap U2F only key).

[ben1040]

Yep. I got multiple U2F keys. One is on my keychain, another is in a drawer in my desk, and a third is in a safety deposit box at the bank with my other important documents.

[jopsen]

I use my yubikey for 2FA (TOTP), GPG/SSH.

I use an encrypted github for passwords storage: https://www.passwordstore.org/

For backup in case I loose my key I have multiple yubikeys, and whenever I setup 2FA on a site I take screenshot of the QR code and store it in an encrypted tarball in my password-store.

To duplicate my yubikey you'll need one of my yubikeys; and the password for the tarball (which is thus encrypted twice).

[xur17]

I use my yubikey with Password Store as well and absolutely love it. One of my favorite features is the ability to use my passwords in personal scripts / programs without having the save the password in the code. Instead I have the program call out to the password store binary to retrieve the password.

[serf]

>My main problem is how to handle the loss of the key.

if using for 2fa, most offer a way to turn 2fa off temporarily in case of a key-loss.

I suggest buying more than one, associating them both with whatever task, and throwing one in a safe. It's less-than-ideal, but better than losing access completely when your keys are stolen or destroyed.