I’ve been thinking about getting a couple of Yubikeys for a partner and myself, but we share certain accounts. While I would love to have the Yubikey 5 that can store TOTP, that seems like it could be problematic for shared accounts.
Would using the cheaper Yubico Security Keys to unlock Bitwarden Premium vaults, that use a Shared Organization, be a better/more sane option than trying to sync up TOTP secrets every time a new shared account gets added? Any other critiques or suggestions?
I’m not evaluating whether or not you should do that, but, assuming you trust your partner and their op sec, you could send them the secret via a disappearing message on Signal or some other E2E encrypted communication method.
You set it up on your key, they add it to theirs later, the secret disappears into the ether.
Something to consider, certainly. Might be more complexity than my partner is willing to handle, but I’ll have to have that conversation with them.