[simias]

I've been using my Yubikey in GnuPG smartcard mode for years to do the same thing, from what I can see from this tutorial FIDO2 seems a bit easier to setup initially but it also seems much less widely supported at the moment. Are there other tradeoffs to consider?

[StavrosK]

I think those are pretty much the only ones, the Yubikey in GPG smartcard mode was always too fiddly for me and interfered with my agent in other ways, but this is trivial to set up and use.

Also, a big draw of the USB SSH key for me is that I can plug it in to other computers and connect to my servers, which smartcard mode didn't do, so that was a big drawback for me.

[simias]

Yeah fiddly is the right word, although once the painful initial configuration is done it generally works fairly well in my experience.

Being able to easily migrate to a new computer sounds like a great feature though.

[RL_Quine]

You can't do that easily, you still need the public key file on disk.

[StavrosK]

Not with resident key mode.

[RL_Quine]

Sort of. The keys have limited space on them (20 for some Yubikey models) for resident keys. You wouldn't want to be always using them for everything.

[StavrosK]

That's why I'm excited about SoloKeys v2, they (will) come with space for thousands of resident keys.

[OJFord]

You can use an OpenPGP card more generally than just for SSH auth.

E.g. other auth, and GPG encryption - such as with `pass`.

[tialaramex]

Going FIDO-SSH can perhaps be cheaper than PIV, especially if, as we very much want, FIDO is popular which will tend to drive down prices.

Cheaper/ simpler FIDO2 products (from Yubico) exist if this feature is the only thing you want from a Yubikey. I don't know if that's a future Yubico are enthusiastic about, but I don't see much reason to hate it as an end user.

Even cheaper and even simpler FIDO products (from many vendors) exist if you only ever actually want this from one or two systems (e.g. a laptop and then one desktop workstation) so you don't need resident keys because the "non-resident" part lives on your workstation.

[simias]

I always assumed that the relatively high price of the Yubikey had more to do with it being a relatively niche product than the cost of production, after all it's not much more than a cheap microcontroller underneath all that.

Was I wrong to make this assumption? Why would FIDO tokens be significantly cheaper and/or more popular?

If anything it seems like at first it's going to fragment the market even more.

[tialaramex]

A full-blown Yubikey has modifiable firmware and a relatively large amount of rewritable Flash storage. I assume those features aren't free.

A FIDO authenticator has no modifiable state beyond maybe some sort of counter, it has a random secret key which makes it unique from its siblings, and that's it. No firmware update feature, no storage.

The crypto hardware is also simpler. FIDO was defined in terms of these nice compact elliptic curve schemes. The keys are small, the operations are simple, I'd be surprised if dedicated silicon to implement this isn't cheaper, and if you're just running it on a cheap microcontroller I'd be surprised if you can't get away with a cheaper microcontroller than you would need to implement RSA encryption and whatever else a Yubikey can do.

Finally in terms of volume, it makes sense to give all your 5000 staff a FIDO key. "Go to the enrollment page we built by this Friday. Enrol your FIDO key. Call the help desk if you have problems. From next Monday these are mandatory". You can lock down common corporate web SSO solutions with it for example, outfits like Duo will let you just check one box and you can now answer "Yes" to pages of questions your CISO is supposed to fill out every year.

It doesn't make sense to give out 5000 traditional Yubikeys. A dozen to a dev team for PIV? Maybe. But the lady who does 2.5 days per week in the accounts department? She doesn't need PIV. She can use a FIDO key to sign into the accounts web app though.

[crote]

That's not really true anymore. Yubikeys haven't supported firmware modification for years due to security reasons, and FIDO2 keys often have storage in order to support Resident Keys.

[tialaramex]

I was not aware that Yubikeys no longer can be firmware updated. My impression was that they just don't permit user firmware modification by policy but that is clearly wrong.

FIDO Security Keys are cheaper than FIDO2 Security Keys which is what I'd expect from what I wrote, they don't need any storage.

[acdha]

If it's been stable for you, that definitely works well but I found OpenSC to be unstable and required hotplugging the device and/or killing gpg-agent on a regular basis.

Mac users do have built-in support which works the same way with certificates and is more stable in my experience:

https://piv.idmanagement.gov/engineering/ssh/#ssh-from-macos