Password managers like Keepass(I pefer KeepassXC)/Lastpass offer a nice choice to manage all your “accounts” with different user/password strings and with very complex (and long) passwords. If someone gets access on your keepass-database and the password for it – bad luck. Authentication-Hardware like YubiKeys provide more security on your keepass-database and work like a charme on Linux.
Password manager & Authentication-Hardware ?
Many of us use password-managers to manage all our different (online)-Accounts with different credentials (and long different passwords) – but also most of us just use a password (master key) for these databases. A dedicated piece of hardware like the YubiKey together with a master-key (password) improves security a lot on your database. No access to the database without the hardware !
How it works…
Yubikey and Keepass work like a charme on Linux – I prefer keepassXC on Linux and Windows to access my database and it works togehther with YubiKey out of the box using “challenge-response” authentication.
In KeepassXC just create a new database and the “Database – Change Masterkey…” menu allows to define a Masterkey AND register your YubiKey for challenge-response authentication.
From now on opening the database requires your registered YubiKey…
Have fun using YubiKey with KeepassXC 🙂
YubiKey 4 – Linux/dmesg
[ 761.131273] usb 6-1: new full-speed USB device number 2 using xhci_hcd [ 761.305105] usb 6-1: New USB device found, idVendor=1050, idProduct=0407 [ 761.305116] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 761.305122] usb 6-1: Product: Yubikey 4 OTP+U2F+CCID [ 761.305127] usb 6-1: Manufacturer: Yubico [ 761.369886] input: Yubico Yubikey 4 OTP+U2F+CCID as /devices/pci0000:00/0000:00:10.0/usb6/6-1/6-1:1.0/0003:1050:0407.0002/input/input20 [ 761.428523] hid-generic 0003:1050:0407.0002: input,hidraw1: USB HID v1.10 Keyboard [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:10.0-1/input0 [ 761.434522] hid-generic 0003:1050:0407.0003: hiddev0,hidraw2: USB HID v1.10 Device [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:10.0-1/input1 [ 761.434739] usbcore: registered new interface driver usbhid [ 761.434742] usbhid: USB HID core driver