I think it’s more a question of effort to protect yourself vs likelihood of being a victim of an attack. It’s great that you may have years working in the telecoms industry but that doesn’t really help someone decide whether its worth the effort or not, or if its tinfoil hattery or not.
Like if someone could put in context for me in terms of, am I putting in all this extra effort to protect myself against a 1 in a million chance, or a 1 in hundred chance. It feels to me like it’s more in the 1 in a million chance arena, but if it could be demonstrated that it’s a much higher risk than that I might make the extra effort in protection.
I am an open source entusiast.
Yubikey is closed source.
Yubikey have bad trackrecord with vunerabilities. And not an easy fix since it is hardware.
All YubiKey 4, YubiKey 4C, and YubiKey 4 Nano devices within the revisions 4.2.6 to 4.3.4 have vulnerability allows an attacker to reconstruct the private key by using the public key.
FIPS series with firmware version 4.4.2 and 4.4.4 Security keys with reduced randomness leave keys easily discovered and compromised.
I think I stay with my self-hosted BitWarden with Bitwarden TOTP.
I personally use an OnlyKey. It has it’s own keypad, security laminate and self-deletion policies so it’s secure at rest. It’s the only device i’m aware of that combines something you have with something you know in one package.
Got one of these to test with as well, and it’s great. You can setup one to be your master password for password manager, and never have to remember a password again. Just unplug it when not in use, 10 wrong attempts it self destructs.
Thanks everyone - another fantastic episode Love how you managed so much humour and so much techie-stuff all at the same time
I get a bit cynical about large corporations in general, though learning more about Canonical via DL, mostly, they’re starting to win me over. I think Flutter is well worth a look. As a Java enthusiast of a number of decades I was pretty annoyed that it wasn’t supported directly on mobile platforms for gui. Let’s see if this helps. C++ is another favourite language and it’s still necessary for performance a lot of the time. If Flutter interaces cleanly with C++ that would be very enticing. I wonder how it compares to Qt though?
I clearly have so much more to learn about 2FA as well - I think I’m going to have to listen to some of this again, slowly!
I have my whole ecosystem in Bitwarden. I have it on minimum 2 devices (actually more like 9), and I need TOTP to authenticate to Bitwarden. So I use Bitwarden to get in to Bitwarden. If I loose all my devices I am kind of screwed.
Love how you managed so much humour and so much techie-stuff all at the same time 
