<div dir="ltr"><div dir="ltr">My vote would be for Yubikey. The USB-C one is tiny, and we had a number of CLI applications that used it for 2FA.<br></div><div dir="ltr"><br></div><div>Just be sure to get a newer version that doesn't have the recently discovered vulnerability:<br><br><a href="https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot">https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot</a><br></div><a href="https://www.yubico.com/support/security-advisories/ysa-2024-03/">https://www.yubico.com/support/security-advisories/ysa-2024-03/</a><br><br>Jason<br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 1, 2024 at 11:44 AM Chris Irwin via kwlug-disc <<a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg8622315721696170646"><u></u><div><div>On Mon, Sep 30, 2024, at 23:57, Paul Nijjar via kwlug-disc wrote:<br></div><blockquote type="cite" id="m_8622315721696170646qt"><div>Has anybody experimented with these alternative keys? What have your<br></div><div>experiences been? Are these now commodities that all Just Work, or do<br></div><div>I have to be careful?<br></div></blockquote><div><br></div><div>I've had yubikeys, as well as Feitian [1], and Trustkey [2] (linked below, sorry for the amazon). They all seem to work equivalently.<br></div><div><br></div><ol><li><a href="https://www.amazon.ca/gp/product/B01M1R5LRD/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1" target="_blank">https://www.amazon.ca/gp/product/B01M1R5LRD/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1</a><br></li><li><a href="https://www.amazon.ca/gp/product/B08881651P/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1" target="_blank">https://www.amazon.ca/gp/product/B08881651P/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1</a><br></li></ol><div><div><br></div><div>I don't think NFC is a security concern, so I wouldn't go out of my way to avoid it, even if it's a feature you don't expect to use.<br></div><div><br></div><div>I currently have three tokens linked to all my accounts -- one of each of the above brands.<br></div><div><br></div><div id="m_8622315721696170646sig91988184"><div>--<br></div><div><b>Chris Irwin</b><br></div><div><br></div><div><span style="font-family:menlo,consolas,monospace,sans-serif">email: <a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a></span><br></div><div><span style="font-family:menlo,consolas,monospace,sans-serif"> web: <a href="https://chrisirwin.ca" target="_blank">https://chrisirwin.ca</a></span><br></div></div><div><br></div><div><br></div></div><div><br></div></div>_______________________________________________<br>
kwlug-disc mailing list<br>
To unsubscribe, send an email to <a href="mailto:kwlug-disc-leave@kwlug.org" target="_blank">kwlug-disc-leave@kwlug.org</a><br>
with the subject "unsubscribe", or email<br>
<a href="mailto:kwlug-disc-owner@kwlug.org" target="_blank">kwlug-disc-owner@kwlug.org</a> to contact a human being.<br>
</div></blockquote></div></div>