|
|
|
|
|
|
by aborsy
2134 days ago
|
|
|
You need a pin for GPG. Note that, that would protect only the gpg keys. Don’t forget to set a password also for the YubiKey Authenticator app. Otherwise I believe anyone who has your key would see the websites with which you have Fido U2F and use it. |
|
|
From what I can see YubiKey Authenticator is a TOTP authenticator. So that's completely orthogonal to U2F (and less safe, although more familiar to users who have things like Google Authenticator)
With U2F non-resident credentials don't leave any trace. If somebody has stolen a working authenticator they'd need to guess sites at which its non-resident credentials would be valid and then try it.