Hi all. I read a bunch of threads and no one mentioned this before, so I thought I’d post it here.
**How to use your Yubikey to unlock BW (desktop) **
My situation is that I have and use Yubikey as a 2FA to login to BW (OTP or FIDO2) along with a long, complex master pwd. But once logged in, I want it to lock fairly soon (5 min) without the pain of re-typing the master password, and without an easily-observed short pin, when I unlock it.
First, I acknowledge there are many different threat models and situations, so my situation may not really fit what you want. But I want to be able to not have people easily watch me type in a short pin to unlock my BW when I need to use it 20 minutes after I last used it. I’d prefer to use “what I have” to gain access.
So my simple solution is to use the 2nd slot on the YubiKey (“long press”) to store a substantial/long/complex/random STATIC password. Then when I log into BW at the start of the day, I can set the PIN to this password by using the long-press. I can set a short timeout-to-lock on the extension. If it’s locked next time I want to use BW, I just insert key, long press, and I’m in.
If the laptop gets stolen while BW is locked, it’s not a simple 4-digit pin to break. Looking over my shoulder won’t help you break in. I keep my YK on my person except when I actually am using it for a moment or two.
Comments? Pros or Cons?