I have seen this used as a reason to use one of the other reccommendations instead of yubikey before. How much of an issue is this to people? has outdated firmware ever caused a security issue for an hardware token before?
Hardware tokens haven’t been around long enough to be sure, but there’s nothing stopping you from getting new yubikeys every few years if you’re worried.
The catch-22 for me is I don’t know enough to know if I should be concerned. I can’t tell if a lack of firmware updates for a yubikey is a real security concern or a hypothetical one or even one at all.
Yubikey have previously replaced keys when a vulnerability has been discovered. I would hope they would do the same for any future issues.
2 Likes