I am lazy. But I am also (a bit) concerned with security.
So on my machine (running Fedora), I want to be able to both:
- log into my session using a strong passphrase,
- log into my session using a quick-to-type password when my Yubikey is plugged in.
There are 3 reasons for that:
- I want to be able to log into my machine with a passphrase only (if I lose my Yubikey, or if I’m comfy in my bed and I don’t want to get up grab the Yubikey in my jacket — remember, I’m lazy).
- Yet if I’ve my Yubikey plugged in (e.g. at work), I’d like to log in with a quick-to-type password only (remember, I’m lazy) as I frequently lock my session — and so have to log in back.
- I wouldn’t want to use my Yubikey alone (without password), though, as I might forget to unplug the key when I lock the session (lazy… and concerned about security).
How to setup my user account, so I can log in using either of these two different authentication methods?
- passphrase only,
- password + Yubikey