Security based on hardware keys

I’ve noticed that a number of vendors seem to be pushing for better security via hardware based keys, rather than relying on SMS or authenticator apps. Does anyone have any experience with such keys or any recommendations?

I’ve been seeing this company advertise a fair bit;

It seems these things plug into a USB port and take your fingerprint to activate, rather than requiring any kind of password or phone based verification. Seems to work for many things including local Linux logins, and Google logins. (and by extension, if you’re logging into the Forum with your Google account like me, Forum logins :slight_smile: )

Feels safer, less error prone and less prone to hardware failure (or being dropped) than a mobile phone, anyone tried one or have any alternative recommendations?

At first sight this looks like a great device even for the single user.

I searched the YubiKey site for info and went through the process of finding the most suitable key for my needs. Part of this process was selecting from a long list of organisations that purportedly accept YubiKey logins. Teamviewer was listed, which I use it a lot, but this Teamviewer link puts into question its usability on Teamviewer.

So a good thing to keep an eye on but not to rush into, at least for me.


Yeah, it just sparked my interest as something technology wise to look at maybe in preference to a phone. (I seem to be building up a huge collection of emergency recovery codes for my authenticator app)

Not come across TeamViewer … are you using this for remote support? (is it any good?)

I’ve been using NoMachine for many years re; remote support. This provides remote desktop etc but works via SSH so it should play nice with anything that validates a Linux login, although it can be a bit of a pain to administer.

I was looking to see who Yubi’s main competitors are, but there doesn’t seem to be a vast amount of competition out there at the moment (?)

I’ve been using Teamviewer for many years to help elderly friends (all Linux users) with their computer needs. The eldest is 94 and does need quite a bit of support. All my friends are >100 miles away so remote support is a must.
Although I use the free version the Teamviewer support staff are very helpful on the rare occasions that I need assistance.
The product has increased in complexity over the years, so I struggle a bit when re-installing during my computer upgrades, but they’ve introduced some nice features such as voice communication so I don’t have to use the telephone during remote assistance. File transfer as standard, of course. There’s a on-line management console to manage all one’s computers.
It’s very reliable and easy to use, and it’s a German company, I believe, so I feel more comfortable using it compared with an American one, say. I recommend it heartily. Readers can download it from here.

I wasn’t aware of NoMachine but looking at the free version I notice that this has “PAM based authentication” for Linux & Apple, which may be relevant to this topic, but absolutely no support for the free version. I might try it out of interest and report back.

Just been looking into installing NoMachines. It looks like I need the remote user’s computer login credentials to access it, which is fine if the computer is mine but not if I am controlling someone else’s. I might try it out of interest but I’ll stick with Teamviewer for regular use.


Yeah, maybe a slightly different emphasis on function. I think it’s aimed at remote administration rather than (necessarily) remote interaction. Once the software installed there are two modes of access, I only use ssh. With ssh, typically you connect to the target machine and the user is prompted “Remote User XXX wants to connect” … user says yes, then you share their desktop. Lots of config options, but essentially you need your SSH public key on their box, and their box needs to be publicly addressable.

For home machines I get around this with CloudFlare’s zero trust network, which effectively gives me a free VPN between two points without needing an Internet host or proxy. I like it from a privacy perspective as their’s no ability for a host to get in the middle of the connection and split off a screen mirror, which is something I’ve see some solutions do in the past (and offer it up as a ‘feature’!)

It’s clear that there is more to NoMachine than is shown on the website. I’ve used SSH within my own home for fun and transferring files, but I might struggle to do that over the internet. A bit technical for me.

This where Teamviewer scores: It’s easy and it’s encrypted so I feel safe using it, but I might have go with NoMachines just for the experience.

Erm, is this two machines connecting to a point on the internet, then sharing a screen over that connection?

Well, the connection might be via Teamviewer’s server as they have been known to “suspect commercial activity” and lock me out (just the once), so there may be some kind of monitoring that requires an intermediate connection. I could ask.
If this is the case, then the more paranoid user might prefer ssh which it seems is a direct connection. But requiring more expertise.

Sure, just depends on what you’re doing I suppose. I tend to fall into the ultra paranoid category :wink:

I tend to fall into the ultra paranoid category

So do I but I don’t always have the expertise to do things in a guaranteed secure manner. When I try out NoMachines, perhaps I will post here for advice about using ssh with it.

Sure, it can be difficult when you first use it, I recall many years ago being dragged away from telnet kicking and screaming, however it was for the better! :slight_smile:

I’ve installed it on one machine and will do so on another in a day or so (DIY permitting!) and post for advice.