Hacker News new | ask | show | jobs
by lordnacho 1485 days ago
If your whole life is on your phone like me, just attach a yubi to your actual keychain (which is stuck to your phone) and then you'll always be thinking about where your phone/wallet/keys/security are all the time.

Then put the second key on your desk. My yubi happens to be annoying to fiddle with since it's on my keychain, so I use the desk one for signing most of the time.

If there's a house fire, you'll have your phone on you. If you lose your phone, you'll have a key at home.
3 comments
groffee 1485 days ago
You're missing the scenario where the police take your phone and your electronics (and the yubi on your desk) and have access to all your accounts because of the yubi attached to it, and you're left locked out of everything.
link
b112 1485 days ago
I am often quite baffled by people using only the device.

The whole point of all this is "something you have, something you know".

Yet lots just have passwordless keys for ssh with their yubikey. Completely unsecure, unsafe in examples you cite, and more.

When using ssh keys for login, you should enforce remote/server password requirements and an ssh key. This is trivial to do in sshd_config, and important.

Never trust end users to have passwords on their ssh keys. Always enforce it server side.

link
zmxz 1485 days ago
I'm a long-time Yubikey user (since they arrived) and I keep my Yubikey on my keychain, with my house keys.

I've a USB dongle at my office workstation (not a laptop, good ol' desktop) and I use Yubikey to store boot decrypt password. I do have a backup.

The anecdote is this: I have to take my keys out of my pocket and then insert Yubikey into the dongle. Naturally - I forgot to take the Yubikey and the keys back, cycled back home (6km away), realized I don't have the keys to my house, had to cycle back, couldn't get into the building, had to call my coworker to come back to let me in.

And I'm glad it happened. For the past 4 years (since it happened), I've muscle-memory when it comes to handling my physical keys and how I use the Yubikey.

link
orev 1485 days ago
Keychain stuck to your phone? I don’t think I’ve ever seen anyone with a setup like that. Sounds incredibly annoying.
link
lordnacho 1485 days ago
Well I've only got one key on the chain, though my wife has a couple of them. Nothing too cumbersome, plus I have a strap that's useful for pulling the phone out of my pocket.
link
b112 1485 days ago
Wait, I read that quicky in your prior post. I thought you meant a software keychain.

If you ask me, drilling a hole in your phone will invalidate the warranty...

link