How do you like the self hosted approach? I contemplate it every so often, but I’m not sure that my sysadmin abilities (and attention) are enough to keep it secure.
Depends on your org. I have a yubikey, a phone app Authenticator, a pin and my regular SSO login/password. All of which I have to use constantly, because some dumbass did something dumb like two fucking years ago. So I can hardly get shit done. Plus the same dumbasses who probably fucked all this up are writing production code for an actual product. Please kill me.
Yeah, I got 4 because I’m paranoid about losing access to things, and still spread out backup TFA mechanisms… I don’t trust technology to be reliable enough, heh.
Personally, I have the second Gen Google Titan USB keys, I upgraded from the first Gen some time ago. They’re Fido2 so they’re very equivalent to yubikey in most respects.
I use my yubikey for work. I connect it to anything and everything I can. I use Microsoft’s authenticator as my backup for work.
I have a pair of Fido2 keys for personal with totp backups, and recovery codes as a last line of defense (stored in a secure location), and one Fido2 key with totp backups for work.
Ironically, the least secure account I have is for my bank, which doesn’t support Fido2 (or anything other than SMS).
Okay so I get this is a meme BUT I started using a yubikey instead of the auth app and it has done a world of good for my sanity.
I transitioned everything to Bitwarden. Password manager, passkeys, and MFA code generation all in one app that works on all of my devices.
And then I started to self-host it via Vaultwarden and transferred all the data.
Bitwarden is just so awesome
How do you like the self hosted approach? I contemplate it every so often, but I’m not sure that my sysadmin abilities (and attention) are enough to keep it secure.
Depends on your org. I have a yubikey, a phone app Authenticator, a pin and my regular SSO login/password. All of which I have to use constantly, because some dumbass did something dumb like two fucking years ago. So I can hardly get shit done. Plus the same dumbasses who probably fucked all this up are writing production code for an actual product. Please kill me.
I hear that if you lock down your system so much that no one can access anything that’s peak security.
I too have a yubikey. My advice, have something that functions as a backup.
Other than that, yes. It’s way better than alternatives.
Yeah, I got 4 because I’m paranoid about losing access to things, and still spread out backup TFA mechanisms… I don’t trust technology to be reliable enough, heh.
Personally, I have the second Gen Google Titan USB keys, I upgraded from the first Gen some time ago. They’re Fido2 so they’re very equivalent to yubikey in most respects.
I use my yubikey for work. I connect it to anything and everything I can. I use Microsoft’s authenticator as my backup for work.
I have a pair of Fido2 keys for personal with totp backups, and recovery codes as a last line of defense (stored in a secure location), and one Fido2 key with totp backups for work.
Ironically, the least secure account I have is for my bank, which doesn’t support Fido2 (or anything other than SMS).
Are you using the slightly more expensive one capable of generating TOTP codes?
I also use a Yubikey too, but I still have to use another 2FA app for services that don’t support passkeys yet.