top | item 47192897

(no title)

I was planning to make use of passkeys when logging on to various services, so I ordered three physical devices, supporting passkeys (yubikey). I ordered USB C and USB A variants, with NFC support.

Is this a mistake? I am already using password manager and totp for my accounts, but I am tired of dealing with passwords.

Even when using a password manager (bitwarden in my case), it just get tedious bringing out my phone, starting auth app, locating the correct account, reading 6 digit token and logging on.

discuss

pamcake|16 hours ago

You're good. The relevant advice in article is to not reuse keys for encryption and auth.

Encrypting password manager database with a passkey or other authentication key on one of those yubikeys would be the mistake. Encrypting it with a separate dedicated key (or passphrase) on the same yubikey in parallel to its passkeys is fine.

reddalo|1 day ago

No it's not a mistake. But say you lose the Yubikey, or you're away from home. How do you deal with that? You still need a password somehow.

tuwtuwtuwtuw|1 day ago

Sure. But I think that is same scenario as me loosing my phone today, since I use that for two factor auth.

My plan was to continue using bitwarden for passwords as well, but more as a break-glass mechanism that I really use. I want to use passkeys mostly for convinience.