Damn, I expect an #identityManagement company like #Yubico to know better than to give people bad, outdated advice to "rotate passwords."
If you are using random, unique passwords stored in a password manager and using MFA wherever it's available (which is pretty much all sensitive sites nowadays!), there's no reason to rotate passwords that haven't been compromised. Telling people to do so decreases security rather than increasing it.
#infosec #BeIdentitySmart
Ref: https://www.yubico.com/blog/5-fast-cybersecurity-tips-to-clean-up-your-digital-life/
5 fast cybersecurity tips to clean up your digital life

With today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. Weโ€™re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful [โ€ฆ]

Yubico

Maybe I am missing something, but it seems that @librewolf does not support security keys. I mean the option to touch the key is there but it does not react...which does work on native #firefox

#yubico
#security
#2fa

@oliver
Another piece of freedom conquered back ๐ŸŽ‰
I have them in my #yubico authenticator and passwords with #pass. It's nice to have a choice even inside the FOSS-world.

This is what innovation can do!

#AirGapped #Offline #PKI #PrivateKeys #TwoFactor- #2FA #Yubico #Yubikey

======

Vincent Bernat Turns Three YubiKeys and a Cheap Single-Board Computer Into a Secure Offline PKI
https://www.hackster.io/news/vincent-bernat-turns-three-yubikeys-and-a-cheap-single-board-computer-into-a-secure-offline-pki-1735b4ad7fc2

---
Developer Vincent Bernat demonstrates how to turn three Yubico YubiKey USB two-factor authentication dongles into an offline public key infrastructure (PKI) using a low-cost single-board computer as an air-gapped host.

Vincent Bernat Turns Three YubiKeys and a Cheap Single-Board Computer Into a Secure Offline PKI

An air-gapped public key infrastructure is going to be a lot harder to hack โ€” and doesn't have to cost the Earth.

Hackster.io

New Privacy Guides article ๐Ÿ”‘โœจ
by me:

If you are using a YubiKey,

you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.

This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.

I hope you find it helpful!

https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/

#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA

How to Reset Your YubiKey and Create a Backup

This tutorial demonstrates how to reset a YubiKey close to factory defaults and create a backup of most YubiKey applications on a spare key.

Always remember, when it comes to hardware security keys: Two is one, one is none.

Our latest article covers the setup process for two YubiKeys (from Yubico's YubiKey 4 or 5 series) to keep your online accounts safe and secure ๐Ÿ”’ + it goes through resetting your existing keys to a blank slate, and the reasons you might want to do so!

https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/

#YubiKey #HardwareSecurity #Privacy #Yubico #Security #PrivacyGuides #Article

How to Reset Your YubiKey and Create a Backup

This tutorial demonstrates how to reset a YubiKey close to factory defaults and create a backup of most YubiKey applications on a spare key.

apropos of absolutely nothing here's the #NSA's official best practices on mobile device security. some top tips:

1. restart your device regularly (it's very hard for spyware to survive a restart, especially on an iPhone)
2. avoid public wifi
3. do not use public charging stations
4. disable bluetooth
5. don't install apps

to which i would add:

1. if you have an iPhone consider using apple's "Lockdown Mode" which prevents most pegasus style 0-click attacks
2. consider using a hardware USB key for securing your most important accounts. #yubico's #yubikey is a good option.

https://s3.documentcloud.org/documents/21018353/nsa-mobile-device-best-practices.pdf

#privacy #journalism #journalists #infosec #cybersecurity #uspol

#Yubico #Security Advisory YSA-2025-01 โ€“ Partial Authentication Bypass in pam-u2f Software Package (Yubico Said No YubiKey Hardware Impacted By 2FA Bypass Issue) https://www.yubico.com/support/security-advisories/ysa-2025-01/
YSA 2025 01

Security Advisory YSA-2025-01 โ€“ Partial Authentication Bypass in pam-u2f Software Package Published Date: 2025-01-14Tracking IDs: YSA-2025-01CVE: CVE-2025-23013CVSS Severity: 7.3 Summary Yubicoโ€™s open source pam-u2f software package implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has [โ€ฆ]

Yubico

I know #KeePass XC and DX have challenge-response compatibility with Yubikeys for login. However, I think login should also support FIDO2 Security Keys as well.
I've seen people working on this. I hope they can implement it soon.

#Yubico #Yubikey #SecurityKey #KeepassXC #KeepassDX #passkey