[codetrotter]

I have four Yubikeys.

One of them is a black one that work gave me for use with the work computer. I’ve had this Yubikey for over 1 year.

Three of them are blue ones I bought from Amazon, that I also added to my SSO profile at work. I’ve had these Yubikeys for several months.

One of them I keep in my wallet most of the time. One of them I keep on my desk and bring in my backpack when I go somewhere. One I keep in a box. One is somewhere in the room.

I rotate between these, and I switch which one I keep in the wallet, which one I keep in a box etc.

It’s worked well for me so far. None of them have failed yet, and when one does fail or get lost I will remain confident that the other ones I have will continue to work long enough that I can order even more Yubikeys to replace which ever ones went bad.

[tuatoru]

Yeah, if you want to be a charity donating to Yubico, godspeed. Not my cup of tea.

[sneak]

Yubikeys are $50. Ten are $500. Mine protect keys that can decrypt data worth hundreds of millions of dollars.

My $500 worth of Yubikeys has lasted me 5 years and counting, so we're at <$10/month TCO. That's to have 10 of them.

[gymbeaux]

Data worth hundreds of millions of dollars? What’s an example of data that an entity would realistically pay hundreds of millions of dollars for? The only thing that comes to mind would be the database backups of user data of a large company’s software, which is literally irreplaceable if lost (but then infinity is larger than one hundred million…)

[sneak]

I am the co-founder of Keyternal.

https://keytern.al (website painfully out of date)

I estimate the hundreds of thousands of cryptocurrency private keys we safeguard (in conjunction with the keys held in other organizations, via multisig) have at points in time protected somewhere on the order of single digit billions USD.

We're not a wallet provider, just a backup key storage service, so I couldn't get exact figures even if I wanted to: by design we don't have that information about our customers.

The PGP-encrypted keys are held completely offline (cold) in vaults, the set of Yubikeys (in other, different vaults) is used during signing ceremonies to temporarily decrypt them (only in ram, on offline computers without storage) to produce recovery signatures when our customers run out of other options. We're the last resort in a DR plan.

It requires careful coordination with another keyholder (a different organization) to produce valid transactions; neither ours nor theirs alone is sufficient. Transactions need two signatures: one from each. In that sense, neither key is "worth" anything by itself, but together they protect large sums.

[codetrotter]

What happens when someone that stores their keys with you pass away? Do you have contact details for who in their family to reach out to, to help them recover the money of the deceased person?