@decryption yubikeys can store and emit a long static password. If you do it in "slot 2" it requires a few seconds of touch before it emits, limiting accidental typing of it into emails etc.
@decryption older models like the yk4 do this mode too, so there are options. The problem is that hid mode is only on the highend keys :(
I have some old ones laying about i dont need if you want a donation (i work on webauthn rust, so i have a literal baggie of test keys)
@decryption no need for any of that - email me directly at wbrown at suse dot de and ill send it no cost. Ill even help include some steps to firmware reset it and set it up. Does the machine have USB A or USB C?
@firstyear@decryption you can also set this up on a short touch if you want the thing to only do just the static password
Even better if you use the Yubikey as a static secure suffix for an insecure manual password, ie you type in <mysupersecretpassword> then hit the Yubikey button, and your password is <mysupersecretpassword><Yubikey gibberish>
@decryption if he's already storing that on paper somewhere, why not encode that long, complex password as a QR code and get a cheap keyboard-emulating barcode scanner for the rare occasions when he needs it - he's going to need to read it off and hunt-and-peck entry is a bit fraught ...
@decryption hmmm ... must remember to click through to the original post before replying, because my late-arriving answer seems a bit limp in comparison ...
@decryption ... then the yubikey solution seems betterer ... I've certainly used the approach I detailed for saving a backup of TOTP enrolment parameters ...
Add comment