I’ve been thinking about getting a couple of Yubikeys for a partner and myself, but we share certain accounts. While I would love to have the Yubikey 5 that can store TOTP, that seems like it could be problematic for shared accounts.

Would using the cheaper Yubico Security Keys to unlock Bitwarden Premium vaults, that use a Shared Organization, be a better/more sane option than trying to sync up TOTP secrets every time a new shared account gets added? Any other critiques or suggestions?

  • Telorand@reddthat.comOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 months ago

    I’m aware. It doesn’t affect Yubikeys with firmware v5.7 and above, which should be any keys bought in May onward (June to be safe).

    I don’t have one yet, so when I buy a key, it should be safe from that particular attack; I’ll RMA it if it’s the unpatched firmware version.