Does a useful hardware key actually exist today?

I must admit the various forms of hardware keys confuse me. But, if I understand, they should be the best form of authentication since they are a physical object. (With the downside that they can be lost or stolen.)

This is what I expect to able able to do with a single hardware key:

  • validate my BIOS on startup
  • unlock my full-disk encryption
  • log into my operating system
  • unlock my OS keyring
  • log into multiple websites
  • encrypt/decrypt my mail with PGP
  • authentication and encrypt in other desktop apps (storage, password manager, messaging…)
  • wherever possible, use the hardware key rather than username/password or TOTP/HOTP
  • do all of the above on my phone, with the same physical hardware key
  • have a backup hardware key

I understand that a lot of this depends on software implementation, so it would be ridiculous to expect this to exist for all devices, apps and services today. But as far as I understand there is no hardware key that could be used for this purpose even if the software did exist, because each model from each vendor supports a different subset of hardware features.

Ok having typed all and looking for proof it appears I am wrong :blush:

Multi-Factor Authenticators - Privacy Guides recommends the YubiKey 5 Series and it does indeed support All The Things.

Time to whip the software vendors!

1 Like