[calvinmorrison]

I am sitting on a 12TB array after my move I just can't come up with the combination...

However, there are better options for users - how about Smartcards? You know, like yubikey / U2F before the web?

You can even use it with LUKS

[girvo]

As much as I adore my Yuibikey, my girlfriend thinks I’m decidedly weird because I have two: one on my actual keys, and a backup that’s in my safe at home. Which is annoying because not every system lets me setup two Yubikeys (though TOTP is fine at least). I’m not using it for FDE, but I am using it for securing my password manager (which does support both keys) which holds the backup keys for said FDE and so on.

[gwillen]

Name and shame sites that don't support using multiple Yubikeys! I'm pretty sure they're violating the guidelines in the standard if they do that.

[ufmace]

I think AWS is still the only one I know of doing that, or did they finally fix that?

Yup, just checked, they still are.

[kogir]

AWS is my largest annoyance in this regard.

[vanous]

The issue I have is that the second key can't really sit in the safe all the time because everytime you setup new service, it needs to be taken out and added.

[ilyt]

It's weird that we had that issue solved ages ago (like SSH, just add multiple public keys to the account, no need to have private key available for that), yet keep inventing worse way to do it.

Especially that most YK versions do support pub/private key auth...

[girvo]

Absolutely, but it's worth the trade-off for me personally. I get weird looks from my partner because of it though haha