I got an onlykey and didn’t realize that password generation didn’t occur on the device; also to use Yubico OTP I had to install the yubikey personalization gui in my linux software repository, which is supposedly safe, and I have to copy-paste the 3 pieces of information into the onlykey application (the copy-paste did not work with Hidden values, also it’s specified to keep it checked in the manual).
I’m wondering if there are some best practices. The copyright is pretty old on the Yubikey personalization gui, 2016, is a newer version important?
Do I need to configure a firewall on the yubikey application? Not sure if its possible at the application level, I think I’d need to specify ports.
Maybe I should just use the onlykey for the 2nd factor (not store the username/password) and generate that on another OS.