top | item 46359099

(no title)

I'm a different commenter but yeah, solutions exist. For example systemd-cryptenroll let's you use a FIDO token (or TPM or PKCS#11 smartcard) to unlock your encrypted disk and it's very easy to set up. Quite literally a single command.

Windows Hello serves the same purpose for Windows, though I'm sure there are caveats/differences.

discuss

SahAssar|2 months ago

If it's a fido hardware token you still need to make sure you have a backup token. It's a lot simpler on windows/macos where you can use biometrics for the same purpose.

slashdave|2 months ago

You can setup multiple keys. It would be crazy not to include a simple ascii hash key in addition.