Ok, I'm going to fully admit I'm not entirely sure how to use #YubicoAuthenticator amongst multiple #YubiKeys vs, say, #Authy or #GoogleAuthenticator after a year+ of off/on looking to try it out.
Do I need to store the #TOTP seeds on every #YubiKey I own? And they all take up a slot? If so, I'm glad for most high value ones, I've been saving encrypted copies of the initial secret key in my password manager. Is that the way it works, all stored in the keys, and not some DB on each device?
Short cautionary story
I wanted to synchronize #OTP on my all #yubikeys - now five because of circumstances, I wanted to have every one replaceable with each other and don't wonder which one I must use.
For people not familiar with them, OTP codes are stored on #yubikey itself, apps are interfaces to interact with it. So they could be used on any device with any version of #YubicoAuthenticator app. I mostly use terminal version on my Linux desktop. And during new account/credential creation user usually writes all in one command, together with seed code.
It was some time since I created something, so I tried to check correct command syntax in #shell #history. And suddenly I realized I have all seed codes stored in history, ready to reuse.
For me it was convenient then, I didn't have to register in all services again, simply copy-paste old commands for new keys. But everyone could see how it could be terrible for #security :blobcat_ohnoes:
Everyone with access to my laptop and terminal could also use them. Of course I use #LUKS so my shell history (or other data on my laptop) isn't easily available :blobCat_evil:
So, be careful what you could have in shell history.
And use full disk #encryption everywhere, just in case, you could forget many small things in various places!
Installing Yubico Authenticator on Linux Without a Package Manager
https://debug.openaiken.net/2023/yubico-authenticator-linux-without-package-manager/
