So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.
I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.
No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.
Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.
Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.
I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.
The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.
So I officially have two horcruxes. Destroy both and I can't log-in anywhere.
[#]fido #u2f #infosec #NetBSD #arch #keepass #password #horcrux
=> More informations about this toot | More toots from release_candidate@bsd.cafe
text/geminiThis content has been proxied by September (ba2dc).