I saw people talking about YubiKey here a few weeks ago so I got curious. Unfortunately, I’m not seeing a lot of helpful reviews for it.

I’m personally getting tired of having to take my phone anytime I need 2FA for Okta but I don’t have a lot of super important accounts to secure so I’m going back and forth in deciding whether the 100+ euro investment (to get two so that there’s a duplicate) would be worth it.

How do you use your YubiKey in your personal life and do you think it’s worth your use case ?

I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown.

I was seeing articles about "passkeys" all summer, not really grokking what they were talking about, clinging to my usernames and passwords and 2FA codes coming out of 1Password, etc.

I just set it up on a few accounts today, initially as an additional 2FA source, but when I set them on GitHub, I saw for the first time how exactly they are used instead of the username and password and 2FA combo to log in, and it seems incredible to me!

For long-time YubiKey users: what are some cool things in the ecosystem that you would recommend looking at?

I have recently noticed an uptick in phishing emails and SMSs, getting me to click on some malicious link and this has been troubling me.
I am fairly good about what I click and so far I haven't clicked anything malicious (I think). However, this has motivated me to up my online security.

All my computers run Linux and I use an Android phone.

For browsing I use Firefox, with NoScript (and uBlock) and use containers for separating personal/shopping sites, etc.
I also have host file blocking on my computers and phone (using AdAway).

I do have a pi-hole setup at home as well.

I also have 2FA setup on all my banking accounts, email accounts etc.
However all my banking account 2FA is still just using SMS. Which I think is now easily circumvented.
Email accounts do use Authenticator apps (like Authy and Google Authenticator).

I also use a password manager (this one), which works well for me, but is only available on my computer and not from my phone. I am split between having my password manager available on my phone tho, since it is always on me and could be stolen or have something malicious installed on. What do you guys think? I am wary of services like LastPass, is that valid?

So I wanted to start a thread to discuss what do you guys do to stay safe online?
I am also considering getting a pair of Yubikey (one backup), are there any caveats/pitfalls I need to be aware of with Yubikey?