Strong team: YubiKey and Keepass (Linux)

Password managers like Keepass(I pefer KeepassXC)/Lastpass offer a nice choice to manage all your “accounts” with different user/password strings and with very complex (and long) passwords. If someone gets access on your keepass-database and the password for it – bad luck. Authentication-Hardware like YubiKeys provide more security on your keepass-database and work like a charme on Linux.

Password manager & Authentication-Hardware ?

Many of us use password-managers to manage all our different (online)-Accounts with different credentials (and long different passwords) – but also most of us just use a password (master key) for these databases. A dedicated piece of hardware like the YubiKey together with a master-key (password) improves security a lot on your database. No access to the database without the hardware !

How it works…

Yubikey and Keepass work like a charme on Linux – I prefer keepassXC on Linux and Windows to access my database and it works togehther with YubiKey out of the box using “challenge-response” authentication.

In KeepassXC just create a new database and the “Database – Change Masterkey…” menu allows to define a Masterkey AND register your YubiKey for challenge-response authentication.

KeepassXC and YubiKey challenge response Auth

From now on opening the database requires your registered YubiKey…

KeepassXC and YubiKey challenge response auth.

Have fun using YubiKey with KeepassXC 🙂

 

Troubleshooting

YubiKey 4 – Linux/dmesg

[ 761.131273] usb 6-1: new full-speed USB device number 2 using xhci_hcd
[ 761.305105] usb 6-1: New USB device found, idVendor=1050, idProduct=0407
[ 761.305116] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 761.305122] usb 6-1: Product: Yubikey 4 OTP+U2F+CCID
[ 761.305127] usb 6-1: Manufacturer: Yubico
[ 761.369886] input: Yubico Yubikey 4 OTP+U2F+CCID as /devices/pci0000:00/0000:00:10.0/usb6/6-1/6-1:1.0/0003:1050:0407.0002/input/input20
[ 761.428523] hid-generic 0003:1050:0407.0002: input,hidraw1: USB HID v1.10 Keyboard [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:10.0-1/input0
[ 761.434522] hid-generic 0003:1050:0407.0003: hiddev0,hidraw2: USB HID v1.10 Device [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:10.0-1/input1
[ 761.434739] usbcore: registered new interface driver usbhid
[ 761.434742] usbhid: USB HID core driver