While seaching for for the right hardware key for me , I was disappointed by how unsecure and misleading. I understand that security can’t be perfect but I also believe that security should be priority and not making a quick buck. Now I faced a issue that I want to setup a KeePassXC dateabase which will be accessible only using a hardware key + a long passhrase so I know my passwords are safe. While reasearching I got an idea that I might even want to setup a hardware key to be able to unlock my harddrive which is at the moment protected by a standard fedora installation full disk encryption. To end I would like to hear some reccomendations and thought on the subject , I am wrong or do hardware key seem abit unsecure if used on a Fedora system ?
P.S. An extra idea I had was to use one device as both my 2fa hardware key and a hardware wallet (I do understand the security implications ) but I am interested in some thoughts on the matter as well if anybody has any ?
Can you explain why you believe hardware keys are insecure on Fedora?
I am not sure that I see why hardware tokens are more or less secure on Fedora than they are anywhere else.
Why you are saying that on fedora fedora it self is secure and follows the ethnics of linux and redhat protocol and it is totally secure.
Now as you have mentioned hardware key are secure or not like yubi key are.
So please be assure that using only password is not secure by itself but still now with a good entropy password is good enough for most of the users still it is better to be stay one step ahead so 2fa is a good choice there are software base and hardware base both are extremely secure protocol and it is really good to have a hardware base authentication.
As of now there is now flow in the algorithm of that how it works i will recommended read how it works it is bit technical. But no worry if you have a good key u2f is best possible security that you can get.
And do remember as you improve your security your inconvenience will increase exponentially so choose your security wisely.
Reasons why I do think most of them aren’t worth the price tag they carry. From vulnerabilities ,recalls , side-channel attacks toHardware Security Modules Vulnerabilities .
Well my questions was directed to users how alredy hae the experience of using a hardware key with a Fedora based system. So I can figure out for myself , would adopting one be a useful security practice or just a waste of time and money.
Well I am not, but if take a few seconds and compare Win 11 and Fedora 35 you will get the rason why I think Fedora is safer. I am interested why you think Fedora does not follow these principles ? DId I misunderstand you reply ? My decision is to use a hardware one becasue a phone can be stolen for an example. Software based 2fa just isn’t something I am going for right now. The problem appears in finding the right one. A few good examples are : Nitrokey , Yubico and SoloKeys. If you think there are others I am open to suggestions. Furthermore, I am aware the hardware key can be stolenin a burglary same as a phone, but I have solved that issue. My requirements are : a SECURE CHIP like the Secure Element chip , open source code , real tamper proof technology , can be updated with minimal or no security issues. That’s where the idea for a 2in1 hardware key/hardware wallet came to mind.
The problem is, there is no perfect security model that still allows reasonable access. If there was, everyone would use it. 
Ultimately, building a security strategy for yourself or an enterprise works the same way. You need to figure out which risks are important to you and then work to mitigate those risks.
If you say “I want to mitigate all risks”, you will either fail to do so, end up with a system which is impractical to use or both.
Watch there is no perfect security but you can protect youe privacy with right choice of products if you want better security you may prefer qubes os up from fedora
But i think fedora gives a balance between inconvenience and security and not just fedora most of the linux destros are far ahead of windows or mac os
I did not say something like so fedora follows the open source only protocol.
Which is it self good.
Now yes nitro or yubi or titan they may have some problem but as still it is far more secure then other as it push a long cypher for authenticity which is not possible in sms base or app base 2fa.
No suggestion use anything
I have one but i don’t use it as it makes inconvenience more than security. In my threat model
You set your threat model and then take your security to that level.
*Ultimately it is not upon you whether you are taking the best hifi most advance level security but you will also be compromised if your service provider is not taking security seriously for say maybe they are saving your password in there server in plain text or maybe with simple hashing with out salt so my recommendation always opt in for service which have good security practice and if there server gets hacked you are also hacked.