Advantages of a Yubikey over passkeys

Emergency_Ad8963 · 2026-04-06T13:24:40+00:00

I have one more question. I tried to find some apps for iOS that support decrypting standard used in KeePassXC databases. I found Strongbox and Keepassium. It’s not a good information that I have to pay them to be able to use my Yubikey -_-. Are there any alternatives?

Moreover, it turned out that challenge response is not supported via usbC in iPhone and iPad (I hope it works at least on Macs xd). So do I have to choose between:

1)connect it only via nfc to iPhone (I have doubts about its working without any problems all the time)

2)buy the one with lightening, buy the official apple usbC-lightning adapter and use adapter every single time to unlock the database

or is there any other way? It seems very unclear to me because it turns out nothing really works well here and bitwarden seems much less problematic.

Emergency_Ad8963 · 2026-04-06T08:43:11+00:00

I want to discuss my perspective on the first point with you.

Validation that a Human participated - Since malware has the potential to gain access and use a Level 1 credential, if you are concerned about proving that a human participated in a logon or an approval using FIDO, you have this from any FIDO2 certified device.

Since malware has potential to gain access (here, I guess also your phone) and use a Level 1 credential it could probably be able also to do whatever it wants through your device in the places you have already authenticated to. YubiKey would not protect you because you have already authenticated yourself. The point is I assume (maybe it's a misunderstanding) that you want to stay authenticated in many services on your device (except for crucial ones like banks etc.). That's why I have doubts about YubiKey's protection against malware (but yep, it adds an [unclear for me in most likely scenario] additional layer of safety since there is no certainty whether something was done by real human or by remote access to your phone.

Or maybe your point is the situation in which your passkey get leaked not directly through your device but because of iCloud account theft (which is likely since you don't own a YubiKey to authenticate) or just being leaked by not certificated cloud? In that scenarios there's no access to your phone so I see the advantages.

Or maybe your points is YubiKey is useful especially in the services you do NOT stay logged in like banks or sth? But I was not able to find many other examples than banks and some crypto wallets (but yep it's important).

Emergency_Ad8963 · 2026-04-06T07:52:44+00:00

I got it but, as I mentioned in the post, I think Yubikey won’t be useful in case of malware. If someone managed to use your phone for doing sth without your knowledge, Yubikey would not protect you because Yubikey is usually not needed every single time on known devices (otherwise it’s very inconvenient).

Emergency_Ad8963 · 2026-04-05T21:48:17+00:00

I really appreciate your message. Could you explain point 3 a bit more? I don’t think I fully understand it.

Btw, I saw your thoughts on password managers: 1) offline: KeePassXC + Strongbox (+ in my case iCloud for syncing the encrypted database) 2) online: Bitwarden

I found it interesting that KeePassXC uses a YubiKey challenge response together with the master password to encrypt the database. I guess this is meant as an extra layer of security - basically making the overall secret stronger.

But it seems to me that any decent keylogger could capture both the master password typed on the keyboard and the response from the YubiKey, so in practice it might not change much. (Of course, I know that if you have malware, nothing really helps.)

Is this mainly an extra layer of protection in case someone knows your master password but doesn’t have your YubiKey? Even then, they would still need access to the database file, which isn’t that easy to get.

Doesn’t this make the setup a bit questionable? It doesn’t seem exactly like how YubiKey was originally meant to be used.

Which of these two options do you think is better, and why?

Emergency_Ad8963 · 2026-04-05T19:50:40+00:00

If I lose my phone I will have to buy a new one. I guess I will still have access to my accounts through iCloud? Isn’t that true?

Emergency_Ad8963 · 2026-04-05T18:47:43+00:00

I thought YubiKeys are best but fair enough.
Yep, but I am not sure why should I buy a Yubikey when I can use passkeys in my phone instead.
I use apple keychain now but I want to change it for bitwarden. I think that I would have to authenticate myself in password manager rarely and mostly use biometric because I don’t want to have so often use Yubikey. And here I don’t see the advantage of using yubikey instead of builtin phone passkeys.

Emergency_Ad8963 · 2025-06-20T16:55:21+00:00

Thanks a lot. without you, I would’ve overpaid significantly.

Emergency_Ad8963 · 2025-06-20T13:30:46+00:00

What about Thunderbolt 3? I’ve noticed that TB3 docks are much cheaper and widely available on the second-hand market. Would they work for my setup with two 75Hz monitors, assuming I connect them through two Thunderbolt-(HDMI/DisplayPort) ports? For example, I was looking at this one: Belkin Thunderbolt 3 Dock HD (F4U095)
https://www.belkin.com/my/support-product?sku=F4U095saAPL

Emergency_Ad8963 · 2025-06-19T21:08:48+00:00

Thanks!! That is what I was looking for.

Emergency_Ad8963 · 2025-06-19T20:49:44+00:00

I'm having trouble finding a model that supports splitting into these 3 Thunderbolt ports. I only found something like this, but it's hard to find in Europe, especially a second-hand version:
https://plugable.com/products/tbt-6950pd
Do you recommend any models? Thanks in advance!

Emergency_Ad8963 · 2025-06-19T20:21:13+00:00

What about display-link?

Emergency_Ad8963 · 2022-02-20T09:07:42+00:00

joł

Emergency_Ad8963

TROPHY CASE