so ive been looking into a Yubikey because i want 2FA on all of my accounts. however on yubicos website it says it supports linux. but the documentation is confusing and i want the Authentication app to setup my Yubikey on my main OS (NixOS) it seems that yubico only supports ubuntu, which i tried using in distrobox but with no success. so i looked on flathub and found this app however it gets me kinda spooked that the app is made by the community. is it safe to use my yubi key with?
and if not does anyone have any idea how to compile from source, which btw im kinda a noob at compiling from source which i know is ironic because i run nix.
link to flathub application https://flathub.org/apps/com.yubico.yubioath
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.44K Posts
- 57.6K Comments
- Modlog
This yubikey app is packaged for Nix, the package is called
yubioath-flutterIt probably requires you to set
services.pcscd.enable = true;I’ve used the Authenticator app on Ubuntu and Arch (and the Steamiffied Arch running on the Steam Deck). I found the best thing is to manually download the tar from their official site, the make symlinks as necessary to get it in your path.
In theory flatpaks are trustworthy, but I wouldn’t spend the money and time to get TOTP on my Yubikeys (always have a backup!) - just to hope nobody is injecting something malicious into the flatpak.
An alternative is to not rely on desktop apps, but use the iOS or Android apps - both are signed/authored by Yubico if I recall correctly.
To mirror what another commenter said, also look at using FIDO whenever possible - it’s not going to get caught up by a keylogger or a shoulder surfer.
I have used my Yubikey to do FIDO2 auth on Linux Mint with Chromium and Firefox. I have tried M365, Twitter and Facebook but any website that supports FIDO2 should work.
Did not need to install any OS components.
If you’re dedicated to YubiKey, that’s fine, but I strongly suggest Open Source and Open Hardware implementations of security keys, such as SoloKey.
SoloKey supports Linux, in that it has been tested on Linux Mint and Manjaro.
https://docs.solokeys.io/udev/
Perhaps their documentation will help you figure out how to get your YubiKey to work?
i think an opensource option is a good idea however the only reason why i want a yubi key is for the yubikey Bio. which has a fingerprint scanner to make sure its really you. i dont know of any other brand that has a finger print scanner for 2FA. if it wasnt for the scanner i would probably go with a solokey
i did find FEITIAN BioPass FIDO2 which still is not open sourced but is an alternative for a yubikey, there is no app tho
That’s fair, I’m personally against biometrics, because if someone ever gets a copy of your fingerprint… it’s not a “password” that can be changed. Fingerprints can be faked.
https://www.pcmag.com/news/hacking-fingerprints-is-actually-pretty-easy-and-cheap
Once again, personal opinion. You gotta do what works for you.
I’m hoping maybe the link I sent might have some info on getting it set up properly on NixOS. Maybe it just needs those udev rules installed first?
I aim for “Something I am, something I have, something I know”
Hate myself for it most of the time but it’s secure 😂
yeah, i get the disadvantages of bio-metrics, however i kinda thought about worse case. lets say i have my yubi key and i misplace it, a bad actor gets a hold of my key and uses it to unlock my accounts. however if i got the yubikey with biometics if someone got there hands on it. its a paperweight with out my fingerprint. so its not that i think that bio-metrics is super secure but its added protection against theft. and a very interesting article. and i will try to setup udev rules as the guide you have sent may solve my problem, also thanks for the advise!!
The Yubikey is just one factor. The attacker still need to know your account and password to get hold of your account. However, if you’re using passwordless login, bio is a sensible choice.
Nice, I sincerely hope it helps!