So, it has been like three months using FIDO/U2F keys instead of passwords. Both in ...

release_candidate /

npub17dp…f345

2024-12-16 20:57:28

So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.

I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.

No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.

Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.

Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.

I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.

The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.

So I officially have two horcruxes. Destroy both and I can't log-in anywhere.

#fido #u2f #infosec #NetBSD #arch #keepass #password #horcrux

Author Public Key

npub17dpwfweq8lw8p5gfq5njp6tflmca5p9s2wkn0enseccptm5rw2ssnaf345

Show more details

Published at

2024-12-16 20:57:28

Kind type

1 Short Text Note

Event JSON

{ "id": "7c67515a97f0294d70c080c28f530f31f8b268d7e25bcf3cea29d63daa775c41", "pubkey": "f342e4bb203fdc70d109052720e969fef1da04b053ad37e670ce3015ee8372a1", "created_at": 1734382648, "kind": 1, "tags": [ [ "t", "fido" ], [ "t", "u2f" ], [ "t", "infosec" ], [ "t", "netbsd" ], [ "t", "arch" ], [ "t", "keepass" ], [ "t", "password" ], [ "t", "horcrux" ], [ "imeta", "url https://media.bsd.cafe/bsdmmedia01/media_attachments/files/113/664/429/870/925/930/original/d0b5011b7e4d4dc4.jpg", "m image/jpeg", "dim 2499x3319", "blurhash UwHUwgxat7R*0KWBM{WVxtj[xts:ofayxuof" ], [ "proxy", "https://mastodon.bsd.cafe/users/release_candidate/statuses/113664501269066922", "activitypub" ] ], "content": "So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.\n\nI use a \"medium\" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.\n\nNo password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.\n\nAlso, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.\n\nBecause U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.\n\nI'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.\n\nThe problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.\n\nSo I officially have two horcruxes. Destroy both and I can't log-in anywhere.\n\n#fido #u2f #infosec #NetBSD #arch #keepass #password #horcrux\n\nhttps://media.bsd.cafe/bsdmmedia01/media_attachments/files/113/664/429/870/925/930/original/d0b5011b7e4d4dc4.jpg", "sig": "77f4151cd538a1ad535427329b566e069d8460095ef339f6ca254adfedda07203603080cf8b37ad503b20ee2d80846ab2a35d9fb3442bd88963d5140719c1143" }