Chris Vogel

storing passwords and using a 2nd factor for authentication

https://chrichri.ween.de/o/8664afbd7be046e590b825c371b0c017

Oct 18, 2022 at 10:01amWeb
Show threadChris VogelOct 19, 2022

For the moment being I decided to disable the use of the #OpenPGPcard inside my #Librem5 to force the use of my #LibremKey when gpg is needed on the phone.

Support for multiple smartcards is improved in gpg 2.3.x I read which is not available for my distribution, yet.

This way pass works with the externally connected LibremKey/#Nitrokey as expected.

'Re: Multiple Yubikeys/Smartcards and Thunderbird email client' - MARC

Show threadChris VogelOct 19, 2022

Installed #PassFF in Firefox on my #Librem5 to use pass from the browser along with the host application needed for it to interface with the #pass script.

Successfully logged into one a few sites.

The add-on seems to work just good on the small screen of the phone.

Show threadEtamOct 20, 2022
@me My setup is very similar. I use pass, PassFF and sync using git. For 2FA I use Yubikey and https://developers.yubico.com/yubioath-desktop/ , which unfortunately works only with yubikeys.
About using 2 smartcards at once: gnupg 2.3 says it has improved support (https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html), but yeah, unfortunately it's not the version provided by PureOS.
yubioath-desktop

Show threadtdk   Nov 26, 2022
@me Hi, just read about your solution and wanted to offer another take on this: No FF password store either, passwords are in a keepassfile that I use mainly with keepassxc (with browser integration). To be able to sync only certain passwords to certain devices (i. e. mobile), keepass can export groups to a seperate file and keep them in sync both ways. The files get synced between devices via syncthing. Love it!
BTW: Congrats you your own instance 😃
Show threadChris VogelNov 26, 2022

@tdk thanks for the hint!

I looked briefly at it.

I moved away from password-store, because of the missing integration to browsers and because I wanted to start using gpg.

I already have to keep an eye on my key I use to sign the boot environment of my notebook and to decrypt the key for my cryptfs.

Furthermore I love the fact that I can read, understand and change #pass and #tomb as they are shell scripts using utilities I know already and that are used on nearly every *nix system.

I furthermore like the idea of syncing via a self-hosted gitea.

For this solution I can always fall back to using the command line if something goes wrong.

I'm of forced to use any gui.

Beside carrying an openpgp card my LibremKey (Nitrokey) does check the boot environment via heads and TPM showing a green led if everything seems o.k. and I use it for totp wherever I configured to use 2fa.

A lot would work with a yubikey also, but not the boot checking of my notebook.