I wanna make more of myaccounts in the internet secure with two factor. I don’t know much about it, but found out about Fido 2 and so. The security key my webbrowser shows often is the one from Yubico (BTW, I would like to get one that works with Linux, with USB and for phone with NFC) I got concerned when I noticed that Yubico is from USA, (??) Because I think NSA and thibgs like five eyes and so. Is there actually a risk that the for example is made an backdoor in the key?
I been wanting a yubikey but the fact their not open source really kills it. Any alternatives that are still iron clad?
I found this a few months, I have yet to purchase and try it for myself.
I mean it’s very complex and very expensive for “just” a key but if you want something fully auditable maybe Precursor.dev is a good fit. It’s more than a key but the point is that it’s as open as it can be. Honestly I’d consider it more a learning adventure that an tool at this point but still, see https://www.bunniestudios.com/blog/2022/towards-a-more-open-secure-element-chip/ for the philosophy and https://github.com/betrusted-io/xous-core with Vault for the key aspect specifically.
Isn’t Yubico (at least in part) Swedish?
I thought so too, but it might only be manufactured there
The founder lady is (somewhat) Swedish and it was incubated at KTH Royal Institute of Technology. That’s what I gathered from Wikipedia anyhow.
I would imagine the keyes would be more expensive if manufactured there.
I have now looked into Nitrokey, and I’m convinced that I will get me one of these. I would use it to log in to my pc, which has Fedora 40.I do I understand it right, that i f I follow the steps in the following link, I can use it to log into my PC?