I am evaluating keys and was wondering if it is necessary to register each Yubikey at all of your key sites? If you have a few keys, that could be a pain. I purchased 2, then figured a 3rd would be a safe bet. Now I need to go back and register all over again? Any way to pair the 3 keys? Also, any tips or best practices would be appreciated
You would need to register all three keys. Anything else would defeat the purpose of using hardware keys.
1 Like
They are Backup keys, in case the main key is lost, stolen or breaks. If the backups aren’t registered, you can’t get into the account, or you will need to use a one time password or get the account reset.
Which mode of the Yubikey are you using? If you’re using the original mode they designed (oh, seems almost a decade ago now) it has a unique value for each key and a unique counter. There is no way you could synchronize those even if you wanted. I assume that also applies for the FIDO mode as well, as there is no way to get the private key out of the hardware itself, and it relies on a unique private key as a unique proof of authentication. It can also be used as a smart card, and with SSH. In those modes, I believe you load in the data, so in those modes you might be able to have synchronization, but I still think that might be a less secure option, because if one key is lost/stolen, all would become invalid.
1 Like
Thank you. I ended up buying 3 keys. I will wait until they all arrive and then go through each site one by one to convert to YubiKey. I went with the 5Ci.
1 Like