I’ve been thinking about getting a couple of Yubikeys for a partner and myself, but we share certain accounts. While I would love to have the Yubikey 5 that can store TOTP, that seems like it could be problematic for shared accounts.
Would using the cheaper Yubico Security Keys to unlock Bitwarden Premium vaults, that use a Shared Organization, be a better/more sane option than trying to sync up TOTP secrets every time a new shared account gets added? Any other critiques or suggestions?
You may already be aware, but a vulnerability has been recently documented on those.
https://lemmy.zip/post/22094344
Yeah that’s not a dealbreaker IMO
I’m aware. It doesn’t affect Yubikeys with firmware v5.7 and above, which should be any keys bought in May onward (June to be safe).
I don’t have one yet, so when I buy a key, it should be safe from that particular attack; I’ll RMA it if it’s the unpatched firmware version.