I’ve been thinking about getting a couple of Yubikeys for a partner and myself, but we share certain accounts. While I would love to have the Yubikey 5 that can store TOTP, that seems like it could be problematic for shared accounts.

Would using the cheaper Yubico Security Keys to unlock Bitwarden Premium vaults, that use a Shared Organization, be a better/more sane option than trying to sync up TOTP secrets every time a new shared account gets added? Any other critiques or suggestions?

  • girsaysdoom@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    If you’re just storing the password on the key then, no you can’t get it unless you have the key. The main usage (arguably) for a yubikey is the FIDO2 auth method where you add those keys as MFA methods. That would allow access using either key.

    • Telorand@reddthat.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Thanks, that’s kind of what I was thinking.

      Sounds like a YK5 might still be a viable use case, but I’d have to do a deeper analysis of what account 2FA secrets would need to be shared versus which can be relegated onto individual keys and safely lose that “always accessible anywhere” trait.

    • MostlyBlindGamerA
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      I think of that like putting multiple things in the same basket, but putting two locks on that basket.