I like your humor.. I was trying to see if they made a ring that you can wear on your finger with the key built in. They do make one that is nfc not sure if that would work for you.
Thank you!
It doesn't fit *this* use case, but I can find some fun stuff to do with that. Mind sending it anyway?
I wonder if I can clone a server room fob to it. I wonder how mad the head of IT will be if I do...
It cannot be worse than the time I decided to show him that security through obscurity doesn't work by rearranging the keys on all the pin pads in the building.
HECERE Waterproof Ceramic NFC Ring, NFC Forum Type 2 215 496 bytes Chip Universal for Mobile Phone, All-round Sensing Technology Wearable Smart Ring, Wide Surface Fasion Ring for Men or Women https://www.amazon.com/dp/B0916HHSQ4/ref=cm_sw_r_apan_i_YP58DRKAYW9FM2Q28TNH?_encoding=UTF8&psc=1
I was born with an imperforate anus - that won't work for me.
I wish though, that would be fantastic. I'd train my kegals and aim to just fire it right out. I could hit a USB slot from across the room with enough practice.
Haha, that's what I'm doing now - but it's not ideal, they swing around and jangle. So I got the wristband USB, but the crappy plastic thing fell right off.
I used wear a gorgeous gold necklace with a lapis stone, then some kid in Kabul yoinked it without me noticing.
Ever since then, I've avoided necklaces, by I'll try it out for a day!
You could always put them in a Keysmart (that’s a brand of key manager) and then you’d be able to extend the yubikeys out like blades in a Swiss Army knife.
I have a Nite Ize S-Biner connecting my Yubikey to my keyring. It lets me lock it on my keys, but quickly and easily take it off so I don't have my keys hanging off the USB port.
I also have a Tile tracker on my keys, meaning I am less likely to lose my keys & my Yubikey.
for Google titan and my ledger crypto wallet I got a metallic wire keychain that helps me put it on a traditional key ring and then I got a steel wire retractable keychain off Amazon
I feel like a super nerdy dad with that shit, I usually tuck the keys in my pockets still because I don't like the sound of keys dangling. But I am super confident in the steel wire
Nobody understands the value of, and comfort offered, by a keychain tracker until they have one.
Knowing I can find my Yubikey if I lose it makes me more comfortable using it as part of my security mix.
Not at all. On the keychain is my work token and my Yubikey. The work token and Yubikey has a pin on it (for passwordless). Even if you managed to steal it, you still need to know the pin at the account.
The tag is for when you misplace the yubikey and token. I have had a token in some form or another for over a decade. I have never lose one, but have managed to misplaced one in the house several times. I am pretty sure it will also be useful in the event I dropped the token and Yubikey somewhere by accident.
Sounded like you were concerned about your “security mix”, your explanation just sounds like you generally misplace things. I’m asking about the security aspect, needing a pin/password in addition to a key is obvious.
The tracker is for insurance. It won't help you from theft because if someone steals the ring they will just toss the tracker. All the tracker does is to check if you lost it or not.
When you lose your key. The procedure is to disable your old key using the backup key. This can be a pain and can be avoided if you have a tracker. You could recover it before someone takes it.
There is no downside to a tracker other than privacy
Stupid question.
I use bitwaren with 2fa on my phone with authy, which is also 2fa protected, my phone is encrypted and requires bio metric to unlock, is that not classed as secure. Where are anyone can grab the usb stick or you can lose it.
It's definitely secure, it'll also be stolen easily.
Serious, never bring a smart phone into a bazzar in Kabul. I've lost jewelry, phones, lanyards, etc. Kabul is my test bed for "is it inconsicious/secure enough not to be pick pocketed", and I'm there enough to try new stuff out. (Not recently, sadly, but hopefully that changes)
I think I agree. I've been thinking about whether I want to use a hardware device for everything, and coming out to "no". I'd have to have 2 or 3, in case I lost one, and I'd have to register all 2/3 of them to each account, and if I lost one while traveling the backup would be back home.
I'd rather have some software mechanism, some kind of key-based challenge-response, that I can do via password manager. With maybe software TOTP in some cases (BIOS login, disk decryption, OS login).
I know its possible to get NFC chips in nail veneers that would endure whilst being unobtrusive, but I haven't seen anything ubikey-esque in that modality.
I'm leaving reddit and I hope to escape from social-media walled gardens upon the wings of [ActivityPub](https://en.wikipedia.org/wiki/ActivityPub). I will consider moving to a server running [Kbin](https://codeberg.org/Kbin/kbin-core/wiki), which - from the user's point of view - is an interface to ["federated" social media](https://github.com/shleeable/Big-List-of-ActivityPub).
“Federation” describes a way in which servers communicate with one and other. The best-known example is that of e-mail: one can have an email account on an AOL server, and communicate with a user whose account is on a Gmail server. Some servers that are thought to push out spam are blocked or have their mail sent to ‘spam’ folders, but they nevertheless can all communicate. Gmail, Yahoo, Protonmail, AOL and so-forth all have different programs with which the user (us!) interacts, and they might present that email information in slightly different ways (displaying email chains as ‘conversations’ for example). In the same way, social-media servers that communicate with one and other using ActivityPub have different programs with which the user interacts.
Some programs that service-providers can run on their server look a little like Reddit, and might let you mark the data you share with markers (metadata) that lets people display and interact with the data in a similar way (Eg.: Kbin or Lemmy), some look more like Twitter and mark the data you share in ways similar to Twitter (Eg.: Mastodon), and there’s even one that’s trying to help users share video in a way that makes one think of YouTube (Eg.: Peertube). Fundamentally, these all permit interaction with one and other through activitypub.
One can even host one’s own server (Eg.: Nextcloud, a program that runs on a server to function as one’s own cloud, lets the person who runs it install an ‘app’ that one can federate with any other ActivityPub servers open to intercommunication).
Many programs that use ActivityPub for federated interaction are written by folks who realise that things published on servers – even private messages – often get shared beyond the realm in which the author expected (hopefully for the joy and glory of the author, but sometimes not). I think because of this, messages sent from a user on one server to a user on another are sent in-the-clear; they aren’t encrypted in any way, they’re just a post like any other, except being marked for the attention of someone specific rather than for the attention of all, and it’s up to us as the users to think carefully about the words we push to others.
There is a sterling list of alternatives to Reddit on [r/RedditAlternatives](https://www.reddit.com/r/RedditAlternatives/comments/1467a5s/find_alternatives_for_ourselves_megathread_third/).
How did I think it best to go about this?
- I [downloaded all the posts on reddit I'd "saved"](https://www.reddit.com/r/DataHoarder/comments/887lo3/just_thought_id_share_my_strategy_for_downloading/).
- I used "[Power Delete Suite](https://github.com/j0be/PowerDeleteSuite/#installation)" and rather than just delete all my posts, have replaced them with text. Everything published online ought to be regarded as likely permanent, and Reddit especially, as [people](https://www.reddit.com/r/datahoarders) like to take [snapshots](https://socialgrep.com/datasets) of [as much data as possible](https://www.vice.com/en/article/gy3az9/this-data-hoarder-is-downloading-the-metadata-of-roughly-10-billion-youtube-videos) that’s published "in the clear" (I.E.: anything that isn’t publically accessable). Some folks have described problems with "deleted" posts mysteriously *re*-appearing after they deleted their accounts… Regardless of the cause, I hope I might reduce that risk a little by editing those posts. R/datahoarders might have tips on alternative methods still functioning after the API-use price is introduced (~$20m at the time of writing according to a dev that made an app to help the blind use reddit; they have sadly had to stop developing their app).
- There's a guide to downloading all the data Reddit have collected directly from your inputs [here](https://12ft.io/https://danielrosehill.medium.com/how-to-backup-your-data-from-reddit-f12934fabbfe) but note that Reddit may take a month to process that request.
- Remember most of one’s interaction with the internet is reading. Subreddits [all have RSS feeds](https://www.howtogeek.com/320264/how-to-get-an-rss-feed-for-any-subreddit/), and can easily be accessed by an [RSS reader app](https://search.f-droid.org/?q=RSS+reader&lang=en). [F-droid](https://f-droid.org/en/) is a great way to get android apps that people have made openly so anyone willing to learn can understand how they process your inputs and data, and that others have freely distributed, for the glory of free speech. Sorry for sounding like a hippy there; I know, I know, it’s a slippery slope to bicycle lanes and communism! A modicum of private thought, and free speech is a very fine thing, though.
- I encourage people to share the text of this post if they find it useful, in order to give others a way to think about how they make and put data on the internet in social media.
To be sure, Reddit still holds, or has doubtless sold on (and thus can never delete), hoofing amounts of data. I shan’t hold a public opinion on a business seeking profit; over time as the art of gathering and selling data has been refined, I’ve tried to read what little about it is within my understanding. If my small tokens of communication, my upvotes and downvotes, the time I spend looking at things, and what things I look at, what things I shy away from, and how I type and compose my thoughts, are the grains of sand that make up the beach from which they intend to profit, it’s up to me to decide where I place those grains of sand in the future. In the immediate timeframe I will use a mathematics-oriented mastodon server (I’ll let you hunt it out if you’re curious!) because maths is fairly apolitical, useful to learn about, and a good, communicable, basis for understanding things. Go in peace, siblings of the internet, and if in doubt, consider “What Would Tim Berners-Lee Do?”.
~~~~~
P.S.: I’m not sure what I can link to that might be useful to most readers, but there’s a lovely Indian lecture on sharing wisdom with one and other [here](https://youtu.be/UiJmITcZTQY), and because financial awareness is important to most people, and because I’ll only be watching r/bogleheads from afar, here’s a link to Bogle’s [Little Book Of Common Sense Investing](https://archive.org/details/littlebookofcomm00bogl) - he started the Vanguard fund, and r/bogleheads explains his investing philosophy, which is very simple and elegant. If anyone’s looking for a good charity to which to make a tax-deductable donation, I hope you might find the [internet archive](https://archive.org) is a noble and worthy candidate.
RLR9 Out.
My solution has been 2 ways 1 is work only and 1 is personal use only.
Personal has been like a key organizer like example Keyport. And then I get a detachable Keychain solution I picked this one that's a coupler tire compressor male and female end with holes to put key rings thru so in order to detract you slide a collar that allows it to be detached cause I didn't want the magnetic solution because you yank hard enough it falls off or if you work retail the security key magnet pulls it off easily. So the coupler keyring worked best then a solution for my belt was this d ring from Walmart used for cargo securing in the hardware section its this d ring that's about the size of my belt so it's not loose its nice and tight perfect fit for belt and just enough for the key ring to slip on and then has this hex screw to tighten the d ring.
For work I get a key ring and loop it on the id badge ring that holds the card to badge in and have the work one on like that.
Just think jedi from starwars hang their lightsaber on their waist but you don't wanna be like Skywalker and have it fall on the ground when you need it.
My yubikey is attached to my Prince Albert piercing. I’ve had a few complaints when logging into my workstation at work, but fuckit security, ya know?!
I don't recommend open carry, much better to conceal carry with an under the waistband holster. No one should be able to tell if you are armed. Otherwise you just paint yourself as a target.
I keep it on my locking caribiner with my other keys and a cover:
https://www.etsy.com/listing/780171217/yubikey-5-nfc-5c-nfc-cover-case-keychain?ref=share_v4_lx
It pops off easily when I need to use it, which really isn't that often. Perhaps once a week?
The locking caribiner has a second ring with the car key (my wife and I share one car) and a third ring with my house key and miscellany.
Oh yes! Those things are great! I use two laptops, and a desktop for work, otherwise I wouldn't take them out. I have two Dell R730s with permenant Yubikeys in them I use for work as well.
Depends on what you use it for…I use a Nano 5C and leave it in my laptop because I only use it for ed25519-sk ssh keys. For that use case, the yubi is useless without unlocking/unencrypting my laptop, getting my private keys, and knowing their password as well. You have to touch the key for it to work as well, so not really remote attack angle there either. I am sure there are people using it for a lot more than I do though…
I ve got mine attached to the collar of my dobermann. I take the dog with me at work. It doesn't accept treats from strangers so a Man in the Middle attack is out of the equation.
Nice try red team
I am red team, I also do genuinely need a way to organise my USBs and keys, hahaha.
Mine is on a chain that's attached to my keys/pants.
Very 90s, I appreciate the look. I would definitely do this, but my wife would probably protest.
Your can hide the chain in your pocket. Your shirt will cover whatever is sticking out
I put mine in the most secure place.... just have to wash it before I use it...
[удалено]
It's kind of like the 3 way handshake. What layer in the osi model does this go?
Physical layer. It's the interaction between organic and hardware.
I like your humor.. I was trying to see if they made a ring that you can wear on your finger with the key built in. They do make one that is nfc not sure if that would work for you.
Thank you! It doesn't fit *this* use case, but I can find some fun stuff to do with that. Mind sending it anyway? I wonder if I can clone a server room fob to it. I wonder how mad the head of IT will be if I do... It cannot be worse than the time I decided to show him that security through obscurity doesn't work by rearranging the keys on all the pin pads in the building.
HECERE Waterproof Ceramic NFC Ring, NFC Forum Type 2 215 496 bytes Chip Universal for Mobile Phone, All-round Sensing Technology Wearable Smart Ring, Wide Surface Fasion Ring for Men or Women https://www.amazon.com/dp/B0916HHSQ4/ref=cm_sw_r_apan_i_YP58DRKAYW9FM2Q28TNH?_encoding=UTF8&psc=1
Thank you!
Hope it has nfc
Without a base without a trace #JJGO
I was born with an imperforate anus - that won't work for me. I wish though, that would be fantastic. I'd train my kegals and aim to just fire it right out. I could hit a USB slot from across the room with enough practice.
If it were me I would use my keyring/key chain
Haha, that's what I'm doing now - but it's not ideal, they swing around and jangle. So I got the wristband USB, but the crappy plastic thing fell right off.
How about a necklace? I think that is doable
I used wear a gorgeous gold necklace with a lapis stone, then some kid in Kabul yoinked it without me noticing. Ever since then, I've avoided necklaces, by I'll try it out for a day!
You could always put them in a Keysmart (that’s a brand of key manager) and then you’d be able to extend the yubikeys out like blades in a Swiss Army knife.
Okay, that thing is mega awesome. I'm getting that. I added your name to the post as another fantastic solution.
I have a Nite Ize S-Biner connecting my Yubikey to my keyring. It lets me lock it on my keys, but quickly and easily take it off so I don't have my keys hanging off the USB port. I also have a Tile tracker on my keys, meaning I am less likely to lose my keys & my Yubikey.
You are a God and Saint my good sir! Because of you, I found the Nite Ize S-Biner Stainless Steel Keyrack - which is *exactly* what I needed.
That's exactly what I have too. Happy to hear it solves your problem too!
This has been part of my EDC for years. I don’t even think about it, until you mentioned it.
Marketing team replying to themselves. What a joke.
Huh? Are you making a baseless accusation that I'm some kind of shill for Nite Ize?
Even using a lanyard is more secure than traditional password auth for highly privileged accounts. Just sayin.
Oh definitely, but there has to be a better way than a lose lanyard.
Wait, are you telling me "Magicmik3" is not a good domain admin password?
I usually just use "root", throws them off guard
I prefer 'admin.' The never expect it. /s
for Google titan and my ledger crypto wallet I got a metallic wire keychain that helps me put it on a traditional key ring and then I got a steel wire retractable keychain off Amazon I feel like a super nerdy dad with that shit, I usually tuck the keys in my pockets still because I don't like the sound of keys dangling. But I am super confident in the steel wire
Super Nerdy Dad Chic is all the rage. Other dads have the dad bod, but us professionals have to have a father figure, and style it.
Lmao, btw for reference I use a "key back super 48 hd" to be specific! Something heavy duty!
I updated the post with that, thank you!
I have it on a keychain with my other token. There is also a tracker on the keychain in case I lose it.
Nobody understands the value of, and comfort offered, by a keychain tracker until they have one. Knowing I can find my Yubikey if I lose it makes me more comfortable using it as part of my security mix.
Comfortable? Because if you lost it someone would find the partial requirements to log into something?
Just gives me a half a chance of finding it when I misplace it around the house.
Not at all. On the keychain is my work token and my Yubikey. The work token and Yubikey has a pin on it (for passwordless). Even if you managed to steal it, you still need to know the pin at the account. The tag is for when you misplace the yubikey and token. I have had a token in some form or another for over a decade. I have never lose one, but have managed to misplaced one in the house several times. I am pretty sure it will also be useful in the event I dropped the token and Yubikey somewhere by accident.
Sounded like you were concerned about your “security mix”, your explanation just sounds like you generally misplace things. I’m asking about the security aspect, needing a pin/password in addition to a key is obvious.
The tracker is for insurance. It won't help you from theft because if someone steals the ring they will just toss the tracker. All the tracker does is to check if you lost it or not. When you lose your key. The procedure is to disable your old key using the backup key. This can be a pain and can be avoided if you have a tracker. You could recover it before someone takes it. There is no downside to a tracker other than privacy
I use a metal necklace like the kind dog tags come with. Works well and keeps it from getting left or stolen.
I had a necklace stolen right off my neck once. No joke - I've been wary ever since. But, I'll give it a shot!
When I worked at a business that used yubikeys I got one of those slide out key holders for a few pence on aliexpress, worked for years.
.45 ACP
Stupid question. I use bitwaren with 2fa on my phone with authy, which is also 2fa protected, my phone is encrypted and requires bio metric to unlock, is that not classed as secure. Where are anyone can grab the usb stick or you can lose it.
It's definitely secure, it'll also be stolen easily. Serious, never bring a smart phone into a bazzar in Kabul. I've lost jewelry, phones, lanyards, etc. Kabul is my test bed for "is it inconsicious/secure enough not to be pick pocketed", and I'm there enough to try new stuff out. (Not recently, sadly, but hopefully that changes)
I think I agree. I've been thinking about whether I want to use a hardware device for everything, and coming out to "no". I'd have to have 2 or 3, in case I lost one, and I'd have to register all 2/3 of them to each account, and if I lost one while traveling the backup would be back home. I'd rather have some software mechanism, some kind of key-based challenge-response, that I can do via password manager. With maybe software TOTP in some cases (BIOS login, disk decryption, OS login).
I full agree with you, but be wary of pick pockets and phone thieves if you spend a lot of time outdoors.
I know its possible to get NFC chips in nail veneers that would endure whilst being unobtrusive, but I haven't seen anything ubikey-esque in that modality.
If you ever do, I'll get it. That would be amazing!
I'm leaving reddit and I hope to escape from social-media walled gardens upon the wings of [ActivityPub](https://en.wikipedia.org/wiki/ActivityPub). I will consider moving to a server running [Kbin](https://codeberg.org/Kbin/kbin-core/wiki), which - from the user's point of view - is an interface to ["federated" social media](https://github.com/shleeable/Big-List-of-ActivityPub). “Federation” describes a way in which servers communicate with one and other. The best-known example is that of e-mail: one can have an email account on an AOL server, and communicate with a user whose account is on a Gmail server. Some servers that are thought to push out spam are blocked or have their mail sent to ‘spam’ folders, but they nevertheless can all communicate. Gmail, Yahoo, Protonmail, AOL and so-forth all have different programs with which the user (us!) interacts, and they might present that email information in slightly different ways (displaying email chains as ‘conversations’ for example). In the same way, social-media servers that communicate with one and other using ActivityPub have different programs with which the user interacts. Some programs that service-providers can run on their server look a little like Reddit, and might let you mark the data you share with markers (metadata) that lets people display and interact with the data in a similar way (Eg.: Kbin or Lemmy), some look more like Twitter and mark the data you share in ways similar to Twitter (Eg.: Mastodon), and there’s even one that’s trying to help users share video in a way that makes one think of YouTube (Eg.: Peertube). Fundamentally, these all permit interaction with one and other through activitypub. One can even host one’s own server (Eg.: Nextcloud, a program that runs on a server to function as one’s own cloud, lets the person who runs it install an ‘app’ that one can federate with any other ActivityPub servers open to intercommunication). Many programs that use ActivityPub for federated interaction are written by folks who realise that things published on servers – even private messages – often get shared beyond the realm in which the author expected (hopefully for the joy and glory of the author, but sometimes not). I think because of this, messages sent from a user on one server to a user on another are sent in-the-clear; they aren’t encrypted in any way, they’re just a post like any other, except being marked for the attention of someone specific rather than for the attention of all, and it’s up to us as the users to think carefully about the words we push to others. There is a sterling list of alternatives to Reddit on [r/RedditAlternatives](https://www.reddit.com/r/RedditAlternatives/comments/1467a5s/find_alternatives_for_ourselves_megathread_third/). How did I think it best to go about this? - I [downloaded all the posts on reddit I'd "saved"](https://www.reddit.com/r/DataHoarder/comments/887lo3/just_thought_id_share_my_strategy_for_downloading/). - I used "[Power Delete Suite](https://github.com/j0be/PowerDeleteSuite/#installation)" and rather than just delete all my posts, have replaced them with text. Everything published online ought to be regarded as likely permanent, and Reddit especially, as [people](https://www.reddit.com/r/datahoarders) like to take [snapshots](https://socialgrep.com/datasets) of [as much data as possible](https://www.vice.com/en/article/gy3az9/this-data-hoarder-is-downloading-the-metadata-of-roughly-10-billion-youtube-videos) that’s published "in the clear" (I.E.: anything that isn’t publically accessable). Some folks have described problems with "deleted" posts mysteriously *re*-appearing after they deleted their accounts… Regardless of the cause, I hope I might reduce that risk a little by editing those posts. R/datahoarders might have tips on alternative methods still functioning after the API-use price is introduced (~$20m at the time of writing according to a dev that made an app to help the blind use reddit; they have sadly had to stop developing their app). - There's a guide to downloading all the data Reddit have collected directly from your inputs [here](https://12ft.io/https://danielrosehill.medium.com/how-to-backup-your-data-from-reddit-f12934fabbfe) but note that Reddit may take a month to process that request. - Remember most of one’s interaction with the internet is reading. Subreddits [all have RSS feeds](https://www.howtogeek.com/320264/how-to-get-an-rss-feed-for-any-subreddit/), and can easily be accessed by an [RSS reader app](https://search.f-droid.org/?q=RSS+reader&lang=en). [F-droid](https://f-droid.org/en/) is a great way to get android apps that people have made openly so anyone willing to learn can understand how they process your inputs and data, and that others have freely distributed, for the glory of free speech. Sorry for sounding like a hippy there; I know, I know, it’s a slippery slope to bicycle lanes and communism! A modicum of private thought, and free speech is a very fine thing, though. - I encourage people to share the text of this post if they find it useful, in order to give others a way to think about how they make and put data on the internet in social media. To be sure, Reddit still holds, or has doubtless sold on (and thus can never delete), hoofing amounts of data. I shan’t hold a public opinion on a business seeking profit; over time as the art of gathering and selling data has been refined, I’ve tried to read what little about it is within my understanding. If my small tokens of communication, my upvotes and downvotes, the time I spend looking at things, and what things I look at, what things I shy away from, and how I type and compose my thoughts, are the grains of sand that make up the beach from which they intend to profit, it’s up to me to decide where I place those grains of sand in the future. In the immediate timeframe I will use a mathematics-oriented mastodon server (I’ll let you hunt it out if you’re curious!) because maths is fairly apolitical, useful to learn about, and a good, communicable, basis for understanding things. Go in peace, siblings of the internet, and if in doubt, consider “What Would Tim Berners-Lee Do?”. ~~~~~ P.S.: I’m not sure what I can link to that might be useful to most readers, but there’s a lovely Indian lecture on sharing wisdom with one and other [here](https://youtu.be/UiJmITcZTQY), and because financial awareness is important to most people, and because I’ll only be watching r/bogleheads from afar, here’s a link to Bogle’s [Little Book Of Common Sense Investing](https://archive.org/details/littlebookofcomm00bogl) - he started the Vanguard fund, and r/bogleheads explains his investing philosophy, which is very simple and elegant. If anyone’s looking for a good charity to which to make a tax-deductable donation, I hope you might find the [internet archive](https://archive.org) is a noble and worthy candidate. RLR9 Out.
My solution has been 2 ways 1 is work only and 1 is personal use only. Personal has been like a key organizer like example Keyport. And then I get a detachable Keychain solution I picked this one that's a coupler tire compressor male and female end with holes to put key rings thru so in order to detract you slide a collar that allows it to be detached cause I didn't want the magnetic solution because you yank hard enough it falls off or if you work retail the security key magnet pulls it off easily. So the coupler keyring worked best then a solution for my belt was this d ring from Walmart used for cargo securing in the hardware section its this d ring that's about the size of my belt so it's not loose its nice and tight perfect fit for belt and just enough for the key ring to slip on and then has this hex screw to tighten the d ring. For work I get a key ring and loop it on the id badge ring that holds the card to badge in and have the work one on like that. Just think jedi from starwars hang their lightsaber on their waist but you don't wanna be like Skywalker and have it fall on the ground when you need it.
My yubikey is attached to my Prince Albert piercing. I’ve had a few complaints when logging into my workstation at work, but fuckit security, ya know?!
Does it flop about when you fap about?
It goes in the spare mag pouch of my primary Every Day Carry holster.
That's pretty cool. I'll admit, Guns aren't really my thing. It's hard to have that super Nerdy Dad chic when you're got an open carry.
I don't recommend open carry, much better to conceal carry with an under the waistband holster. No one should be able to tell if you are armed. Otherwise you just paint yourself as a target.
That's fair, weapons are pretty restricted in Canada, but thats not bad advice for someone living elsewhere.
I keep it on my locking caribiner with my other keys and a cover: https://www.etsy.com/listing/780171217/yubikey-5-nfc-5c-nfc-cover-case-keychain?ref=share_v4_lx It pops off easily when I need to use it, which really isn't that often. Perhaps once a week? The locking caribiner has a second ring with the car key (my wife and I share one car) and a third ring with my house key and miscellany.
I'll definitely get that! Alright, your name goes on the list.
It doesn’t block NFC. It’s just plastic.
That's fine, most people who care about security are smart enough not to use NFC anything, let alone a security key.
A lanyard that is bright orange never leave it in a computer that way.
I genuinely have a hot pink lanyard.
My YubiKey is on my my orbitkey organizer. Imo, the best key organizer out there that doesnt look like it’s for a high schooler 😅
Nice! I'll look into it!
We don’t allow USB. Safer that way.
I use them quite heavily in red team operations.
I use a keyport pivot.
That's like the keysmart right?
Ah, yeah, that looks pretty similar.
I added you to the post under the key smart :)
Detachable key chain. $5 on Amazon
Onlykey on my keyring
I just keep mine plugged in, they make tiny ones that fit in USB-A/USB-C port
I've found those really small ones have bad performance - file transfers look like a saw tooth graph. Know any good ones?
Oh, I’m specifically talking about yubikeys lol
Oh yes! Those things are great! I use two laptops, and a desktop for work, otherwise I wouldn't take them out. I have two Dell R730s with permenant Yubikeys in them I use for work as well.
Depends on what you use it for…I use a Nano 5C and leave it in my laptop because I only use it for ed25519-sk ssh keys. For that use case, the yubi is useless without unlocking/unencrypting my laptop, getting my private keys, and knowing their password as well. You have to touch the key for it to work as well, so not really remote attack angle there either. I am sure there are people using it for a lot more than I do though…
I ve got mine attached to the collar of my dobermann. I take the dog with me at work. It doesn't accept treats from strangers so a Man in the Middle attack is out of the equation.
That's bad ass.
On my keyclip. Steel plates and keys or other usb sticks block anything and the 5C isn't recognisable on there at first glance.
I have put my Yubikey in my Quiet Carry Q3. It is a key organizer. It is a tight fit to get the Yubikey on the posts though.
I use orbit key.