[deleted] so the yubikey has different features.

There is an option for "short press" and "long press" of the button.

You can type in your own diceware password in the yubi key "long press" option. (That way if you lose it, you can manually type it in yourself)

Then when you plug it into the phone, or computer, you press the button and hold for a second, and it then rapidly types what ever you have set.

So what you do is...

When you set your phone password....you decide to manually type a short easy one....followed by pressing the yubikey. Because the yubikey acts like an external keyboard this means you can have a much longer password without the inconvenience of having to type it in manually

This means, with the yubikey on its own only provides part of the password so you can't gain access to your phone with JUST the yubikey as you would need to type in your manual password beforehand.

Does this make sense?

    • [deleted]

    L8437 it absolutely does! I have yubikeys and have never tried this. how dod i get to those options?

    • [deleted]

    L8437 NVM figured it out!

      [deleted] nice one, did you manage to get it to work?

      [deleted]
      4 words (not worlds, I know – funny typo) are enough for normal circumstances.
      But if you have an idea for a great 5, 6, or 7 word passphrase, why not?
      It depends on your threat model and a very clever 4 word phrase you keep really private can be better than a bad 7 word phrase – or a good 7 word phrase you don't keep really, really secret. ;-)

      Blastoidea
      No, absolutely not!
      If it is good password (not anything we could find in any dictionary), then it's fine.
      Assuming you don't live in the USA or another country where you can be punished for not unlocking your phone with a fingerprint when it is checked by a police officer, this is sufficient.

      But even in countries with such dubious laws, all you need to do in the event of a police check is press and hold the power button and then quickly tap "Lock" or "Restart".
      The password is then required (I personally wouldn't use a PIN, but a 6-digit PIN is also sufficient as long as the Secure Element can protect you with it).

      L8437
      Yubikey or any other hardware token:
      Don't forget to buy at least two of them and use one or more of them as backup!

      Because: if you loose one or it suddenly doesn't work anymore for any reason, then you are locked out.

      i do 6 digit pin scrambled, unlocks with last correct digit. thats on main startup profile
      no lock on my social media/work profile for quick access during day, considering finger print for that

      5 months later
      • Edited

      I use 15-digit pin and scrambled keypad. is that overkill?

      to answer a phone call, I have to input the pin first before I can answer the call. do you have to enter pin/passphrase first to answer the incoming call? Is there a setting where I can just answer incoming call without entering the pin?

      I use fingerprint for Molly (Signal) and KeepassDX; should I use fingerprint for them?

      • de0u replied to this.

        tomz I use 15-digit pin and scrambled keypad. is that overkill?

        to answer a phone call, I have to input the pin first before I can answer the call.

        Is it possible that the device has a short auto-reboot interval set, so that when a call comes in the device is in the before first unlock (BFU) state?

          de0u

          thanks for your reply.
          I have auto-reboot set for every 4 hrs. I'll change it longer to see if that is the 'smoking gun'
          thx

            tomz I have auto-reboot set for every 4 hrs. I'll change it longer to see if that is the 'smoking gun'

            Great!

            You can also run some experiments, e.g., power device off, power it on, have somebody call: I expect that would require PIN entry to answer. Then hang up the call, tap the power button to activate the screen lock, then have somebody call again.

            I believe that fingerprint authorization times out after some period of time (I don't know how long). Of potential relevance:

            Please note that the developers have requested that people not add "I want this too!" or "Is progress being made on this?" comments to GitHub issues, which are for technical content, not discussion (this here is the discussion forum). It is fine to subscribe to a GitHub issue, or to use one of the reaction emoji to indicate interest, but if an issue garners too much non-technical content the developers may lock discussion on the issue, which can only slow progress down.