Hello I’m thinking about buying two Yubi Keys for my keepPassXc database but I just want to be sure they’re worth it before I buy them since two would cost a fair chunk of money ($100), can anyone recommend them?
Have a good day, -Sebo
I really wish I had gotten the nano version of the 5c. The full size sticks out my laptop and I always get nervous I’m going snap it off. They can be inconvenient when you don’t have them on you, but that’s exactly the point. I carry one on my keys with me everyday and it’s handled the beating no problem.
A+ would recommend. Replacing my titan/Google keys as funds present…
I can recommend them. Have had one attached to my keychain for years and it’s still working just fine. Be advised that there’s an in-built dichotomy, in that you always need to keep a backup of your key, ideally offsite (mine is with my in-laws), but you also can’t duplicate one key to another (by its very design) … so they work best when you’re using them an a unlock for a password/passkey manager, where you just set it up once, rather than using it as a 2FA everywhere. If you go down the “I’ll employ my yubikey everywhere I can”, you’ll quickly find your backup key going out of date (thereby no longer being a backup key).
I got mine for 10$ per key during a CloudFlare sale, and I really like them. Very durable, ive had mine for 6 or 9 months idk, and not a scratch can be seen on the plastic. The key is very convenient to use too, but I don’t think its worth it at about 50$. I would wait and see if there is some sort of sale soon or during the black friday. Also check out their competitors as they are all compatible
I bought during the sale. 4 keys for $50.
They are great. I own 3 of them. One for home use, one is on the go when im out and 3rd is backup. The one i use on the go is on my keychain and its over 3y and works fine, there are few scratches. They are very durable and they make your accs safe.
Do not use YubiKey with database that is already local. Instead you can secure your online accounts.
If you ask me then don’t bother buying them. Why? Because typing in your password to unlock your DB is still possible and afaik it cannot be turned off. Adding Yubikeys as additional option adds comfort but it’s an additional way for an intruder to unlock your DB. You want less options for an unauthorized person to unlock your DB for better security, not more.
I can’t speak for YubiKeys themselves, but I’ve been using an OnlyKey for years (which can emulate one). Works great for KeePassXC, but only because it can type the DB password (challenge-response unlock still requires the password). I haven’t used the YubiKey emulator very much, except with a few services that are much easier to use if you have one.
I think it’s great to have the option of securing things with a hardware key, and I think it’s a good investment in general. But as others have said, it’s probably not be the best choice for KeePassXC (but there are benefits). I would recommend an OnlyKey, but it seems the prices have gone way up and they’re sold out.
Yubikeys are good. A Open source alternative is Onlykey
If its just for your database, I would just rely on a keyfile on a usb drive until a sale happens for yubikeys.