[jwr]

YubiKeys are absolutely fantastic, and under-rated, too.

I used this guide: https://github.com/drduh/YubiKey-Guide to set up my YubiKeys with GPG keys that are also used as SSH keys. This gives me, in a single setup:

* secure 2FA for sites with WebAuthN * ability to encrypt backups and other information using GPG, with decryption only possible with a physical device * ability to securely log in via SSH to all my infrastructure

I use keys, in case one gets lost. I did try to use the PIV features, but I just don't live in a world where this is useful — but the FIDO2 and GPG functionality is fantastic in itself!

[matheusmoreira]

I use my YubiKey to store a full set of subkeys while keeping my primary key offline on paper. No secret keys are ever written to disk. I boot a live Linux system and restore my primary key when I need to generate new subkeys or sign other people's keys.

[deadbunny]

Same use case here. While setting up the yubikey with the gpgkeys is a long process it's totally worth it in my opinion.

[fullstop]

I went through this as well, and it was a really fun task. Then I realized that I do not use GPG nearly as often as I thought I would.

I ordered some CDs online once in the late 90s from CDNow, and they let you email them credit card information in a PGP encrypted message. How times have changed, eh?

[deadbunny]

Eh we enforce GPG signing of all commits at my shop and I use the gpg/SSH key magic so end up leaning over to touch my yubikey a lot! Large rebases are particularly gun, lots of touching there.

[beagle3]

What kind of baackup do you have in case the yubikey is borked/lost/stolen?

[ThePowerOfFuet]

Another YubiKey that's been prepped in advance and kept in a safe place.