feat: Updating yubikey notes.

2025-03-28 08:09:17 -04:00
parent 47f568310e
commit 7c22f75ea4
1 changed files with 31 additions and 7 deletions
--- a/Yubikey.md
+++ b/Yubikey.md
@@ -3,12 +3,29 @@
 A list of sites that my yubikey's are registerd with.

 | Site                 | Primary Key Registered | Backup Key Registered |
-| ----------- | :--------------------: | :-------------------: |
-| Proton      |           ✅           |                       |
+| -------------------- | :--------------------: | :-------------------: |
 | Facebook             |           ✅           |                       |
-| M4-Mac-Mini |           ✅           |                       |
+| first-financial-bank |           ✅           |                       |
 | github               |           ✅           |                       |
 | gitea                |           ✅           |                       |
+| go-daddy             |           ✅           |                       |
+| M4-Mac-Mini          |           ✅           |                       |
+| Macbook-Pro          |           ✅           |                       |
+| Proton               |           ✅           |                       |
+
+## Initial Setup
+
+[Yubikey-Instructions](https://support.yubico.com/hc/en-us/articles/360016649059-Using-your-YubiKey-as-a-smart-card-in-macOS)
+
+I followed the above instructions to setup certificates that allows the yubikey to be used for the
+login screen. I opted not to require it at login as there are warnings about if a key is lost (and
+you use FileVault) then you will not be able to unlock the file system. This does allow the computer
+to be unlocked with a simple passcode though.
+
+There are several PIN / passwords that need setup beyond the above instructions. This seemed easier
+on my iPhone. On the iPhone tap the menu at top right and choose configuration. There you can setup
+the OATH password and FIDO pin (take note to read the [First Financial](#first-financial-bank)
+notes)

 ## Moving GPG keys onto Yubikey

@@ -43,3 +60,10 @@ to be done again, as long as dotfiles are installed and linked correctly).
 gpgconf --launch gpg-agent
 export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh
 ```
+
+## Setting Up at First Financial Bank {#first-financial-bank}
+
+When setting up I could only use my phone it wouldn't allow me on my computer. Once you tab the
+device to the phone it prompts for a PIN, this is referring to the FIDO PIN that needs setup prior.
+This took me a while to figure out and had to factory reset the FIDO application on the yubikey
+after too many failed attempts where I used the primary PIN to try and unlock the yubikey.