Aaron Toponce βš›οΈ:debian:  

For those who have U2F/FIDO #security keys (#Yubikey, #SoloKey, #Nitrokey, etc), have you registered multiple keys with a single account?

I guess the motivation would be just in case you lose one key, you have a backup. But this also seems to increase your attack surface.

Thoughts?

#cybersecurity #2fa

15 people Β· Jun 17, 2021, 02:34
1+
kravietz πŸ¦‡
Follow

@atoponce

If you keep both keys at the same home/office then the attack surface will be the same for both. If the backup is kept in a safe or other secured location then there's an increase in attack surface although a negligible one, while at the same time the increase in business continuity is substantial.

P.S. you can also have U2F and TOTP as backup, although two U2F is probably more secure.

Β· Β· 0 Β· 0 Β· 1
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…