Yubikey Backups - How to TOTP Across Multiple Yubikeys

"I'll put a link down below to my original video", checking description, only affiliate links. Great thanks man

For durability of Yubikeys: Many seasons ago, my metal keyring broke and my years-old Yubikey was released to the wild while I was running. 4 months later as the snow melted, I spotted it on the path frozen into a muddy puddle. Still worked fine. GPG key and all. (Yes, yes, I'd already moved to a replacement HOTP + GPG set on a new Yubikey in the intervening months ;-) )

A couple of side-notes: 1) Up to a maximum of 32 TOTP codes can be saved per Yubikey. This can be a severe limitation for some people. 2) One can password protect the Yubikey in the event of loss or theft.

You can also transfer the google authenticator to your new phone through the built-in export feature. This will maintain your TOTP Keys. You will need to verify some or most, but its better than starting over.

Brother, quick tips: #1 - If you screenshot the QR code and save it on the same secure place as the back-up codes, you can always re-scan it when new hardware is purchased. #2 - Put a pin/password to access those TOTPs just in case you lose the Yubikey.

Great video. I spent hours looking around YouTube for this information and you laid it out properly. You probably saved me hours of downtime having been able to set up my backup key.

Thanks man! I looked everywhere for that explanation!

I use a paper backup in a secure location. You can rescan them any time you need to add them to a new device.

Coming to this video late, it rules. Thanks so much!

Nicely done - happy to buy a backup key and set it up now.

Mine has been in the washing machine twice, still works

I would not add 4 different backups like e.g. software ones since each additional backup creates an additional vulnerability in terms of hacks (software) or stealing/loosing (hardware) . I would recommend one hardware key for daily usage, one hardware key stored in a safe and handwritten recovery codes for each account at another safe place. I think 1 HW-key + 2 backups are more than enough and everything beyond this creates more risk! My humble 2 cents ;-)

I do it exactly the same as you, perfectly explained!

Google authenticator is allowing to move to different phone and all related account are moved to new device in 1 go. At least I did so earlier this year

I make a screenshot of the QR code and keep it in a secure note in 1Password. That way I can add keys with the same code at different times.

You don't have to do them at the same time. Just write down the numbers. Displayed when you pick can't use qrcode. Then can be entered manually on the other keys.

Love your videos Sir, thank you! May I ask about the rotary telephone in the background? Does that offer a form of security from alternate forms of phones? I've actually pondered the use of a rotary phone and wondered if it's disconnected nature could be of benefit, and here you have one at your desk! Could you please elaborate? Thanks!

Great value great product, needs accessories

It is possible to add a Ubiquiti key later on. However, you will need to take a screenshot of the QR code and save it to an SD-card, USB-stick and safely store it outside your computer. When you want to add it to a different key, just insert the storage device into your computer, fire up the authenticator and let it find the QR code on your screen. It works fine 😊

That was a very clear explanation. For some reason, I was having issues with scanning the QR. I did not want to use my camera as it will store that photo shot on google photos and it literally can be hacked. I have a few questions that i really need some answer and would appreciate it very much if you can help. the first concerns backing up my iphone. I currently am using an iPhone SE 2nd ed. I thought, what if i lost this thing or it broke?? This would be devastating to me. So my question is this, Do you know if it is possible to back up an exact image of my iphone to another iphone that i have if I were to take out the SIM card and put it in this backup iphone? I am guessing it would have to have the same number as my current iphone as that is how all these algorithms are configured for TOTP using Yubico Authenticator? I want to back it up exactly like the old iphone then pull out the SIM card and put back in my current iphone. If it breaks or I lose it, I can get another SIM card from my provider and it will still have the same number. Is there any easier way to back this up with all these codes on it? Or not? I will send PM for the second question but it would be nice to do a video on it as no one has ever even discussed how this can be done, and it can. Edit to say i can't submit. Just beware that Google Authenticator can be hacked from your iphone or desktop. I don't know which one, but it happened to me and it was used to steal crypto accounts and they were able to produce correct 6 digit numbers even though my iphone was never out of my possession. This is why Yubikey is an absolute neccessity.