U2F / Yubikey users: Not all supporting accounts let you add more than one key. How do you deal with the possibility of losing or breaking your key?

@ataraxia937 If the app doesn't support adding more than one key and doesn't offer backup codes, then I fall back to TOTP codes (Google Authenticator style), and save the seed on both my phone and password manager.

@one But then anyone who compromises your password manager gets your TOTP seed also, and your key is meaningless.

@ataraxia937 or your phone, sure. But:

1 - it is much more unlikely someone would go ahead and compromise your password manager instead of just try to phish you
2 - you have no real choice because the alternative is losing your U2F key and getting locked out of your account forever

For 2 - I'd save the TOTP seed somewhere local. Mine are in a safe in my basement.

I haven't encountered an account yet that prevents two U2F keys from being added, but if that does happen, I'll use my Yubikeys as TOTP devices instead. They support both U2F and TOTP, if you get the right model.

@ataraxia937 @L1Cafe

Well, you have a second key which you've set up with exactly the same informations?

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.