I don't know of any services that use Yubico OTP (it's a legacy protocol) - everything's on FIDO2 nowadays
Thank you, FIDO2 was the magic search term. I'd been going through the "YubiKey Personalization Tool", which didn't say anything about FIDO, when I should have been looking at the "YubiKey Manager" tool instead.
If anyone from Yubico is reading this: Publish precisely one tool. One. Not one per function, for the same device! It especially doesn't help that they're all named similarly.
Stop shipping your org chart like it's a flatpack box of IKEA parts for your customers to put together.
It's still popular in certain corporate settings, where you're dealing with workflows that don't have easy support for FIDO2. For example, certain embedded browsers for logging in to VPNs.
I have a couple of Yubikeys and I can hopefully answer some questions.
1. The Yubikey specific OTP was turned on by default on both of my keys. The particular default is a Yubikey protocol. An alternative OTP is the Challenge-Response HMAC [0] implementation which I use with Keepass.
2. The OTP is not necessary, and most websites use FIDO2/WebAuthn anyways. It would only be "necessary" if the service used that particular Yubikey OTP protocol instead of FIDO. I use the FIDO2 functionality as my preferred 2FA, falling back on the Yubikey app for TOTP keys.
[0]: https://docs.yubico.com/yesdk/users-manual/application-otp/c...
An AES key is symmetric. Both parties need it for this cryptographic operation.
The OTP key is separate from other keys that enable WebAuthn.
Also, please don't use Yubikey OTPs. While they can't be brute forced like TOTPs, they can be phished. There are better technologies to implement.
I don't think I've ever heard of people actually brute forcing TOTPs on any halfway decent implementation. Since they rotate every so often you'd have to hit the whole range of 000-000 to 999-999 in like 15 seconds. A simple rate limit of only allowing a few tries every 30 seconds would completely prevent TOTP brute forcing while still being plenty accessible.
My understanding is that, TOTP are equally vulnerable to phishing.
Hetzner Cloud and Bitwarden use Yubico OTP.
As someone shopping for physical 2FA tokens right now, do you have any recommendations?
YubiKeys.
Just use FIDO2. I have no idea why OP is trying to use the YubiKey OTP protocol, which is legacy.
I wasn't trying to use it, I was just looking around and came across the "YubiKey Personalization Tool", which doesn't show anything about FIDO2.
Now that FIDO2 has been mentioned as something that solves this issue, it turns out there's another tool called the "YubiKey Manager", which allows you to configure/toggle various "applications" on a key, including Yubico OTP and FIDO2.
YubiKeys are fine, just avoid their proprietary OTP thing. They're fairly configurable and also do FIDO/WebAuthn, as well as TOTP/HOTP, PGPcard and PIV.
I'd recommend using the Yubikey as a GPG smartcard[1]. The private key stays on the Yubikey. I also use it for ssh. But make sure you have a backup key or two, just in case the primary Yubikey gives out. FIDO2 and all other regular Yubikey functionality still work with it.
[1]: https://github.com/drduh/YubiKey-Guide
Pay attention to this warning:
> Transferring keys to YubiKey using keytocard is a destructive, one-way operation only. Make sure you've made a backup before proceeding: keytocard converts the local, on-disk key into a stub, which means the on-disk copy is no longer usable to transfer to subsequent security key devices or mint additional keys.
The order of backup, transfer matters. I did a similar setup years ago before that guide existed (or before I knew about it) and ended up with a backup of nothing. Lol. Thankfully I didn’t used the key to sign anything too important and I learned the value of testing your restore procedure for everything before relying on anything.
You know you shouldn’t move private keys around?
Backup key should have separate private key and all websites should allow adding multiple keys.
Using a 'master key' like in the DrDuh guide does avoid moving the private key around while also allowing for using the same key on multiple devices.
The DrDuh guide suggests generating the key offline (e.g. a live iso), and having a backup of that private key material somewhere. In DrDuh's guide, the 'master' private key is never accessible on an online machine, only the private subkeys.
An advantage with YubiKeys is that the private key material can't be re-accessed, so putting the 3 private subkeys on the YubiKey is even nicer.
I'd found it hard to visualise, so came up with these diagrams: https://rgoulter.com/blog/posts/programming/2022-06-10-a-vis...
> all websites should allow adding multiple keys
Yeah tell that to Paypal and a ton of other sites :(
I once found myself re-encrypting my entire password store because I realized my backup was not a backup at all.
Better that then wait until it was too late.
https://www.passwordstore.org/