So I finally decided that it was time to beef up security over my private network spanning some 14 machines (ranging from VPSes to Raspberry Pis).
I settled on the concept of a hardware token and after some googling I landed on the Yubico site. So the Yubikey 4 seemed to offer was I was looking for in a reasonable price range:
- OTP authentication (verified either through the Yubico cloud service or with a private server – open source code)
- Fixed password authentication (max 38 chars) – as the Yubikey identifies itself as a keyboard, this is ideal for BIOS or hardware encryption passwords
- OpenPGP (GnuPG, for us Linux people) support – can store three 4096 bit RSA keys as an emulated smartcard – typically the keys for signing, decryption and authentication (like SSH login)
- FIDO U2F – the new 2nd factor authentication standard as supported by Google, Github and Dropbox among others. Only supported in the Chrome web browser for now. Local authentication seems possible as well.
I’ve just started trying it out (GnuPG was first out) – first impressions will follow!