Last time I was checking them out (~year ago) it was basically impossible to use them with android phone. If I remember correctly there was one mobile app that was mostly out of date that worked for some models, but not easy. How is the support now, do you know?
Nitrokey donated their hardware to Arch Developers a few years ago (a +1 in my book): https://www.nitrokey.com/news/2021/nitrokey-equips-arch-linux-developers-usb-keys
TBH I wouldn’t accept a targeted donation of such security critical hardware. It’s of course a nice gesture but could also be an inside job to infiltrate the developer team.
I’m curious,do you use these in your private life? And if so, for what? I only found out about Yubikey recently, when I was handed one by my workplace.
All of the modern yubikeys (and it looks like the nitro keys as well) can have fido2 enabled so that you can use them as a hardware token for sites that support passkeys. I think yubikeys come with only OTP enabled so you need to download their utility to enable the other modes.
If you are a Linux user (that’s required to be on Lemmy right?) you can use either the fido2 or ccid (smart card through pkcs11) mode to keep SSH keys protected. The fido2 ssh key type (ed25519-sk) hasn’t been around that long so some service might not support it. The pkcs11 version gives you a normal RSA key, but is harder to get setup, and if you want extra security they don’t have any way to verify user presence. With fido2 you can optionally require that you must physically touch the key after entering the pin.
There are also pkcs11 and fido2 pam modules so you can use it as a way to login/sudo on your system with an easy to use pin.
And if you have a luks encrypted volume you can unlock that volume with your pin at boot with either pkcs11 or fido2.
Unlocking LUKS2 volumes with TPM2, FIDO2, PKCS#11 Security Hardware on systemd 248
If you are on an Ubuntu based distro initramfs-tools doesn’t build the initramfs with the utilities required for doing that. The easiest way to fix that is to switch to dracut.
Dracut is officially “supported” on 24.10 and is planned to be the default for Ubuntu 25.10 forward, but it can work on previous versions as well. For 24.04 I needed hostonly enabled and hostonly_mode set to sloppy. Some details on that in these two links:
https://discourse.ubuntu.com/t/please-try-out-dracut/48975
So a single hardware token can handle your passkeys, your ssh keys, computer login, and drive encryption. Basically you will never have to type a password ever again.
Isn’t Yubikey Swedish?
HQ in the US: https://en.wikipedia.org/wiki/YubiKey
The founder is, the business not
I’ve been using token2, I should look at this too
Is it me or are they missing a usb-c mini in their lineup?
I use them and can confirm they are great!
also lowkey just better
Could you explain how? In terms of capabilities, YubiKeys support the proprietary Yubi authentication protocol and the open FIDO protocols. The Yubi auth protocol is very handy for compatibility reasons because it acts as a keyboard to perform the authentication. I’m not happy about that, but that auth protocol is necessary for some applications and usage scenarios that i have.
What does the other key do that YubiKeys can’t?
You got a link where to buy lowkey?
Couldn’t find it either
They might have meant that Nitrokey is (lowkey) better than Yubikey, I think.
this is indeed what i meant
Am I the only one using Solokeys ? Not sure where the company is based off, I believe US ?
