Closed ae00 closed 1 year ago
If you have second yubikey then you can put same secret key on it during initialization. You can use those two keys interchangeably then.
If you don't have second yubikey then you can use ykfde-open -p
to show the LUKS passkey and write/print it on paper or store somewhere.
You may also add second (non ykfde generated) LUKS passkey of your choice and memorize/write/store somewhere. It should be very strong though.
To clarify this. You can always enrol as many Yubikeys as you want (to the limit of the LUKS slots), and you can combine with non-Yubikey ones to satisfy your level of backup strategy.
Is there a way to create a bacup yubikey for this setup if it get lost?