I’ve been thinking about getting a couple of Yubikeys for a partner and myself, but we share certain accounts. While I would love to have the Yubikey 5 that can store TOTP, that seems like it could be problematic for shared accounts.

Would using the cheaper Yubico Security Keys to unlock Bitwarden Premium vaults, that use a Shared Organization, be a better/more sane option than trying to sync up TOTP secrets every time a new shared account gets added? Any other critiques or suggestions?

  • MostlyBlindGamerA
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    I’m not evaluating whether or not you should do that, but, assuming you trust your partner and their op sec, you could send them the secret via a disappearing message on Signal or some other E2E encrypted communication method.

    You set it up on your key, they add it to theirs later, the secret disappears into the ether.

    • Telorand@reddthat.comOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      Something to consider, certainly. Might be more complexity than my partner is willing to handle, but I’ll have to have that conversation with them.