Yubico USB hardware key questions

Looks like a FIDO2 enabled USB hardware key is required. Presumably the yubico ones (a key and a spare are about $100 it looks like). If so, here are some questions:

Question 1: Does the key need to be plugged in the USB port the whole time?
Do I need that key just for logging into the Internet Computer (and can then unplug it to free up the USB port)? Or does it need to stay plugged in as long as I used the Internet Computer?

Question 2: What if I lose that key? It gets stolen? Or somebody else uses it without my knowledge?
What if somebody else uses that key on their laptop? Will it work for them and allow them to impersonate me / steal my ICP out of my wallets or neurons?

Question 3: What if the USB port format changes?
We have USB A, B and C. What if I buy a key now and it becomes physically no longer suitable for my next computer (when a new USB slot format is developed or USB is replaced with Lightning or something else)?

Is there a way to transfer the identity from one physical key to the other?
And if so, can a hacker/thief not do the same thing with a key they buy to impersonate me?

Question 4: Can I ever get a replacement key?
Does yubico have the ability to send me a replacement key if mine gets stolen, breaks, gets lost, compromised? How will such a new key affect my ability to connect to my neurons, ICP wallets, etc. on the Internet Computer?

Thanks for any answers.


Hi Rich, to the best of my knowledge

  1. The key only needs to be plugged in during the moment you sign. You can take the keys out whenever.
  2. If you lose the key, as long as you have a fallback device (another key or a biomemetric login), you can remove the lost key from your account. The keys can be used on a new device if someone also knows your User #, so do your best to keep both of them safe.
  3. You can use an old usb-a key with a usb c device using a usb dongle. You can’t transfer the key - the private secret is private forever
  4. I don’t know whether any security key providers offer replacement keys. That sounds like a huge security risk via social engineering if they do.

The short of it is - we suggest having multiple authentication strategies that aren’t likely to all disappear simultaneously. If you ever lose control of one of your devices, log in with a fallback device and remove it as soon as is convenient. You can always restore access by re-linking if you locate or recover the device.

1 Like

Thanks for those answers kpeacock!

ad 4) so if technology moves forward and USB ports go away completely, do you think there is ANY way to somehow ‘transfer’ the USB-key to the new modern format (call it ‘hyperbus’ for this argument’s sake)?

Imagine instead of USB we had stored keys on 8 inch floppies. Do you know what I mean? Technology always moves forward and a few years from now that USB hardware stick fits nowhere anymore.

Do you think I could stick the old USB one into one laptop, then plug the new ‘Hypberbus’ one into a new laptop and then somehow magically say ‘Accept the new Hyperbus as my new key’?

Is such a mechanism possible? Is it thought about or planned for?

Just one point re this: You can have multiple devices authorised, so as newer devices emerge you can add them to your account and revoke access for the older ones. You could do this on a rolling basis over time, long term.

1 Like

Yeah, like Ori said, our strategy is to treat authentication strategies as completely interchangeable. As long as you’re able to pass WebAuthentication (or future standards in or out of a browser), you can link the new thing and discard old strategies when you’re done with them

Using Ledger FIDO U2F app which is equivalent to Yubikey is the best way relative to using hardware Yubikey as you have a seed backup here and the same can be ported to another device.

1 Like

Is anything stored inside FIDO U2F when such device is registered for Internet Identity or is everything derived from hardware key in secure enclave? Key + user # == my internet identity secret on my registered device?

The latter. The only issue is you can’t sign tx. Probably once the hardware wallets will have full support that will change