I wanna make more of myaccounts in the internet secure with two factor. I don’t know much about it, but found out about Fido 2 and so. The security key my webbrowser shows often is the one from Yubico (BTW, I would like to get one that works with Linux, with USB and for phone with NFC) I got concerned when I noticed that Yubico is from USA, (??) Because I think NSA and thibgs like five eyes and so. Is there actually a risk that the for example is made an backdoor in the key?
The firmware is indeed closed-source, so it’s hard to audit. But they’re popular, and a security flaw wouldn’t go unnoticed for long.
There are other vendors such as NitroKey offers an alternative that offers both open source and audited hardware and software.
I personally went with a yubikey because their form factor is pretty slick. I’m not to worried about damaging the key.
Don’t forget about SoloKeys!
Or OnlyKey
Thank you. I will look into it.