Hey everyone,
I am currently using an old(er) HYPERSECU FIDO key, USB-A with a button, and I am looking to
- secure my phone as well (NFC) and, if possible
- add biometric authentication to the mix.
Are there good alternatives or better: upgrades to the YubiKey which do support NFC as well as biometrics and come with a USB-C?
Thanks for your time 👋
No doubt, Nitrokey.
Made In Germany ❤🇩🇪
Fully open source
Anti tempering
You can also compile your own firmware. Updates are also verifieable
I know yubikey is the biggest in the market and it’s always good to have alternates but is there a reason you don’t want them?
I thought their security was pretty good and haven’t heard of any breaches.
Maybe their prices
I think I paid 35 for USB-c and nfc… You think that is severely overpriced?
May be similar issue as mine. Yubico has pretty awful on-device password support, but for MFA it works. With yubico you’re better off thinking of per-site passphrases that you keep in memory in addition to their one-click password entry, so it gets memory heavy.
My main thing is my paaword manager is protected by 2fa…maybe not 100%secure granted, but I am not a state level actor and have no major money/property to steal. That’s probably why I have no similar issues.
You didn’t mention it in your write up, so it’s worth iterating that yubikey does have a bio series, USB-C fingerprint reader :
https://www.yubico.com/products/yubikey-bio-series/ fido2, usb-c, fingerprint
Feitian bio series
https://www.ftsafe.com/products/FIDO/BIO fido2, usb-c, fingerprint, nfc
Honerable mention, no NFC or fingerprint, but the only key has a hardware keypad for your pin. https://onlykey.io/
The issue with onlykey is the static key placement. Trezor for example randomizes key positions, so even if someone gets the key, they won’t be able to guess the PIN based on greasemarks and such.
Also more resistant to over-the-shoulder spying.
The trezor looks cool, but it’s a bit bulky to put on a key ring. I wouldn’t want to carry it around as my second factor.
The benefit of external factors, like a fingerprint reader, like an external pin input is that a compromised computer doesn’t get the something you know.
It’s a question of what your privacy/security model is. I currently use Yubikey + Bitwarden with a strong main password. If I had to be paranoid, I’d sacrifice convenience for security, and carry a Trezor around.
Personally I think the yubikey fingerprint hardware key plus bit warden is an excellent combination even if you need to be very paranoid.
Out of left field, but take a look at Trezor. They specialize in cryptocurrency hardwallets, but by extension, they also offer password/2fa functionality on their devices. No biometrics* that I’m aware of, but PIN protection is mandatory.
Site: https://trezor.io/
Which one of their products would you recommend specifically?
Either Safe 3 or Model T. Model T is their best option, but very costly. Safe 3 seems to be upgraded Model One for 10$ more.
Nice suggestions, thank you very much, everyone.
So as I see it, there is no jack of all trades here, no device supporting modern encryption standards, having biometrics and NFC support and is best case made in Germany, at the moment. 🤓
I went for a YubiKey last night, I am sure it is good enough. 😅 And thanks again for your suggestions.
The feitian device I linked up thread is the jack of all trade you out
deleted by creator
