The Yubikey requires a password by default to use the ssh key stored on it and i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		polack on Aug 20, 2019 \| parent \| context \| favorite \| on: Yubico launches its dual USB-C and Lightning two-f... The Yubikey requires a password by default to use the ssh key stored on it and it will lock itself after 3 failed attempts. So I don’t think your caveat is valid. I rather have my encryption key on hardware design to keep anyone who finds it from brute forcing it than just password protected on a hard drive.

munchbunny on Aug 20, 2019 | [–]

Yup you're right, I mixed up the PIV behavior with specifics around FIDO2 vs. U2F PIN policies.

LIV2 on Aug 20, 2019 | [–]

It can also be configured to require a touch for every signing action or even one for multiple signing actions within a 15 second window I think it is

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact