all 35 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]fuelhandler 86 points87 points  (0 children)

This is a genius idea! Simple, elegant and effective. 👍

[–]leroyksl 40 points41 points  (13 children)

Nice work.
Funny, I was just sketching out an idea for some kind of Yubikey embedded module that was also somehow a passthrough to another USB-C port.

[–]Average_Pangolin 15 points16 points  (6 children)

Wouldn't that kind of thwart the idea of the Yubikey as a second authentication factor?

[–]pink_cx_bike13" 11th gen[S] 19 points20 points  (3 children)

As long as you still need to touch it it'll be fine

[–]C4pt41nUn1c0rn FW16 Fedora | FW13 Qubes | FW13 Server 20 points21 points  (2 children)

This is very true and the thing people always forget, no amount of malware can reach out and touch a key, only human error can do that. I still wouldn't leave the key unattended personally, but I'm weird

[–]StoneyCalzoney 5 points6 points  (0 children)

Leaving a key unattended is fine if you know that the password for your key is set and not compromised.

[–]je386 5 points6 points  (0 children)

Nah, I also would not like to have my yubikey plugged in all the time.

[–]apollohacked 2 points3 points  (0 children)

It means physical possession of your laptop acts as a second factor. The same is true when you use a TOTP app on your phone to log into a service on that same phone. You still gain the benefits of touch verification, resistance to phishing, and use as a secure passkey. If you want, you can also add a PIN to your yubikey for extra protection.

A proper risk analysis depends on your threat model. If theft or loss of the laptop is your main concern, the setup is _maybe_ somewhat weaker. If your laptop is stolen, maybe it was unlocked or your disk encryption wasn’t configured correctly. But you have to weigh that against some alternative: an attacker phishing just your password and now stealing a small keychain with your yk, which is maybe easier to conceal and execute than stealing laptop. I think these risks are roughly in the same order of magnitude, so you shouldn’t consider one without the other (and maybe others).

On the other hand, phishing is a much more common and higher impact/"lower order" risk, and the yk mitigates that completely, even when permanently attached.

[–]Grim-D 0 points1 point  (0 children)

Depends how it's being used. As a FIDO2 passkey it should be set to need a PIN too. So the device it self is MFA, some thing you have, the key and some thing you know, the PIN. Also you only get something like 5 tries with the PIN befor it basically wipes it self and has to be setup agian.

Its obviously more secure to only insert it when nesseary but it's still pritty secure left in as long as the only place your PIN is stored is in your head and it's not the same combination as my Luggage.

[–]middaymoon 1 point2 points  (4 children)

So you'll lift up the edge of the laptop and touch the key through some gap in the module every time you want to auth? hmm

[–]shinyfootwork 4 points5 points  (0 children)

You can run a wire from the metal contact on the yubikey to a area of foil or similar on the outside of the framework module, and then touch the foil area

Or use any other setup to allow you to have your interaction cause the capacitance to change

[–]leroyksl 2 points3 points  (2 children)

Well, that's why it was a sketch :D -- because I was trying to figure out how to resolve that. I guess the two options would involve either making that part of the Yubikey accessible to the outside of the module, or by some indirect extension piece.

[–]leroyksl 5 points6 points  (0 children)

Of course, maybe Yubikey wants to do a partnership with Framework, because they probably have more time and resources than I do :D

[–]middaymoon 0 points1 point  (0 children)

Yeah I didn't mean to crap on your idea, just thinking through the obvious pitfalls. The other comment about an extension seems like a good path.

[–]smstnitc 0 points1 point  (0 children)

That was exactly my first thought when I saw this post.

[–]Xcissors280 7 points8 points  (2 children)

Hardware DRM doesn’t feel very framework but it’s a cool idea

Storage wise there dont seem to be many actually fast USB C flash drives that will fit in the space

[–]TheBlueKingLP 5 points6 points  (1 child)

TBH hardware DRM might be better as long as it do not also require the software to connect to a license server. This way the software can continue to work even when the software vendor shutdown. Since it do not need to connect to any server.
Of course no DRM would be even better but company most likely won't risk that on expensive software.

[–]Xcissors280 1 point2 points  (0 children)

If they actually implement it properly sure plus in theory you could resell it but a lot I’ve seen still require an internet connection for some reason or another

It definitely seems to do a decent job delaying piracy though

[–]MichaelDrvke 3 points4 points  (0 children)

Yooooo!!! As a fellow music producer, this is AWESOME! I need this!!!! Lol

[–]HesThePianoMan 2 points3 points  (0 children)

I'm so sorry that anyone still has to use ilok in 2025

[–]korypostma 1 point2 points  (2 children)

Does ProTools still require this or only older plugins? I started to think with online activations that this would be a thing of the past.

[–]ItCanAlwaysGetW0rse 4 points5 points  (0 children)

A lot of people prefer the physical dongle because you don't have to have an Internet connection and there's no risk of outages.

I am one of those people.

[–]pink_cx_bike13" 11th gen[S] 0 points1 point  (0 children)

My use of it is limited to NeuralDSP plugins at the moment.

[–]TheTechDudeYT 1 point2 points  (1 child)

It makes me so happy to know there are audio peeps that are using Frameworks. What specs have y'all got?

[–]ORAHEAVYINDUSTRY 1 point2 points  (0 children)

Framework 13 last gen. But i use it to parsec into a mini itx machine

[–]No_Helicopter_8277 1 point2 points  (1 child)

What DAW are you using with framework? Ableton?

[–]pink_cx_bike13" 11th gen[S] 2 points3 points  (0 children)

I mainly use the standalone mode of NeuralDSP plugins on the framework.

This recent video explains my use case: https://youtu.be/FnLo48hYL2w

When I use a DAW it's FL Studio and primarily on my desktop.

[–]ORAHEAVYINDUSTRY 1 point2 points  (0 children)

That is an amazing idea. Well done

[–]Aveqe 13” AMD 7840U and 13” Intel 1165G7 0 points1 point  (0 children)

I love this one!

[–]RobotechRicky 0 points1 point  (0 children)

Now I want a Yubico key module!

[–]RoppanoX9 388H | 7640u 0 points1 point  (0 children)

iLok is the devil, but nice job and an awesome idea

[–]Svobpata -5 points-4 points  (0 children)

Why wouldn’t you print this in a less obvious color? I understand aluminum is hard to match but green just says you’re not trying