I'm curious about what hardware keys you all are using for authentication that you actually like. I've used Yubikey in the past and I'm considering going back to it for our privileged accounts since they're relatively inexpensive and can be ordered quickly without a lengthy approval process. Are there any other brands or options you'd recommend?
6 Answers
As a hybrid worker, I keep a USB Type-C Yubikey docked at home. For accessing the same accounts on my phone, I use passkeys. It’s been a solid setup for me!
I own a Yubikey 5 NFC, but honestly, since I don’t use the OTP or PIV features, it seems a bit over the top. The Security Key series would have sufficed. I also have a couple of Google Titans for admin use, and they work well with just FIDO2.
I use the Yubikey C for work and have a couple of Yubikey 5 USB-A keys personally. Always good to have backups and I set reminders to keep them in sync!
I've been using Yubikeys, specifically the 5C Nano for my laptop and a portable USB-A key that I keep locked away. We've also implemented AAGUID attestation for certain keys in our tenant, and policies to protect our breakglass account by not allowing software passkeys.
Wait, are you really using that 5C nano all the time? That sounds risky!
I've had a good experience with Yubikey, and I’m okay with anything that performs similarly. I usually keep mine in my laptop bag or clip it onto my access key lanyard. Our sysadmins are also on board with it; they continue improving the setup.
We switched to using FEITIAN for our hardware keys. They offer various styles and FIDO2 interfaces, plus we use their OTP tokens for some applications. They're pretty versatile!
That's interesting! I have mine permanently attached to my laptop. It seems like it’s never coming out either, I've actually broken my fingernails trying!