@tychotithonus
They are totally blowing the opportunity to have a pumpkin spice #YubiKey
Interesting discovery using #Bitwarden — #VaultWarden on #Ubuntu Desktop with #YubiKey Bio
There are 4 #Linux client options: Flatpak and Snap (both with full support), plus AppImage and .deb (no auto-updates).
Today I found that browser integration in #Firefox with biometric unlock only works for me via #AppImage and .deb.
#Flatpak and #Snap claim full support, but browser integration doesn’t work yet in my case.
Still, happy with #Bitwarden — the AppImage and .deb versions work great!
With USB/IP, I can now use my YubiKey remotely via SSH in the same way as I was sitting in front of my machine. Both in early boot stage (initrd); unlocking LUKS encrypted filesystem, and in booted system stage; signing git commits and authenticate to GitHub. Great! But what about using FIDO2/WebAuthn via RDP to log in to web services? USB redirection is not supported for xrdp. Is there any workarounds coming up to for example redirect WebAuthn from one machine to another?
It would be nice if my #yubikey stopped murdering my MacBook battery while it’s sleeping
Nextcloud sicher nutzen: Überblick über Weboberfläche, Clients und essentielle Sicherheitsfunktionen wie 2FA, starke Passwörter und Freigaben.
Teil 3 der Artikelserie »Nextcloud«.
How to Reset Your YubiKey and Create a Backup
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
Nextcloud sicher nutzen: Überblick über Weboberfläche, Clients und essentielle Sicherheitsfunktionen wie 2FA, starke Passwörter und Freigaben.
Teil 3 der Artikelserie »Nextcloud«.
I'm betting the answer here is "this isn't possible" but if anyone knows how to tell OpenSSH that when it's enumerating pubkeys it should check which of the two known authentication dongles is actually plugged into the computer, and only prompt me to unlock the SK key that belongs to that dongle, not both of them, please tell me how.
Explain #passkeys to me like I'm your grandparents.
Does anyone have experience with either #Yubikey, #Nitrokey or any other hardware security token for both #MFA/#2FA as well as #encryption via #PGP/#GPG or #SMIME?
In particular, I am looking at the Nitrokey 3A NFC. As far as I can tell, Yubico only sells #MFA tokens(?), unless the YubiKey 5 FIPS Series can hold encryption keys as well?
Both price and open hardware aspect definitely speak for Nitrokey, but I do not know anyone who owns such a token... Anyone who I can talk to?
j2k25 - OpenBSD Hackathon Japan 2025 (rsadowski@) https://www.undeadly.org/cgi?action=article;sid=20250601104254 #openbsd #hackathon #j2k25 #development #kde #kdeapps #yubikey #freesoftware #libresoftware
TIL that Pure Storage issues YubiKeys branded with their logo!
(eBay, not my listing:)
https://www.ebay.com/itm/135898756327
Interesting: Just over the side of the logo, the phrase "NO NFC" is seen (not sure if an add-on label, or part of the logo). NFC-enabled keys ship with NFC disabled by default until first power-up (and can be re-disabled in ykman
-R
/ --restrict
option):
https://www.yubico.com/getting-started/
... so I'm not sure if this means NFC is permanently disabled, but it seems likely. Will update when I get one.
Fuck #Authy. Fuck it in it's stupid ass. They got rid of the desktop version. Fine. It sucks, but I could deal with it. Then they dropped support for #GrapheneOS. Meaning I'm locked out of everything. Luckily I have a #YubiKey so I can get into most things. I guess it's time to move to something else.
So, #passkey question:
Is it possible that a web site that has been supporting YubiKeys for a while would automatically support Safari’s and 1Password’s passkeys, by means of it being webauthn in both cases, or at least appear to support them, even if it fails later?
That would explain some of the ignorance of customer service agents when you point out how their passkey implementation is broken.
Very happy to finally be able to use my yubikeys on my phone (GrapheneOS, without Play services)
Most of the pieces were already there, it only missed to be assembled into a Credential Provider, which is finally done with HW Fido2 Provider
@Linux there are 3 big options you forgot that I know of which too ain't under #Cloudact aka. have no subsidiary/office/parent company in the #USA:
And for #PasswordManagers, there's also #Enpass for those that don't like #KeePassXC / #KeepPassDX / #KeePass and for organizations there's even #Passbolt as a centrally manageable solution. All of these allow #SelfCustody & #SelfHosting on-premise.
Mein #yubikey wird in #keepassxc nicht mehr erkannt bzw erkannt aber nicht mehr gelesen.
#PCSC läuft. Hab das auch nochmal neu installiert. Aber hat nichts gebracht.
Hat jemensch eine Idee wie ich das fixen könnte?
#eh22