So I’ll be traveling in such a way that I’ll be crossing the US border. I want to take a burner phone so I can wipe it, or have innocuous enough data. The problem: all my passwords are stored in a password manager that uses 2FA tied to my primary phone which will be sitting at home (along with other sites that use 2FA tied to authenticators on my phone).
So remembering passwords is out. And not having access to 2FA presents a catch-22. So what’s the best way to approach that?
Having a Yubikey isn’t supposed to be a secret. Security through obfuscation is poor security.
It wouldn’t be much of a secret anyway, since your device would say something like, “Please present your hardware key,” when logging in. If OP had a Yubikey with them, ICE could simply search them and use it themselves.
Yubikeys are excellent against digital attacks but not physical ones, since it’s akin to carrying a lock and key together.
That’s why a Yubikey is a 2nd factor. You still also need a password which you are not legally bound to divulge (in the US). Additionally if you uninstall your pw manager in advance they may see you have a key but they don’t know what it belongs to.
Yep, I was more thinking about the first step of unlocking a phone, which I believe you can set to just be a Yubikey, rather than having a password and key combination.
“Something you have plus something you know.”
But I wouldn’t rely upon a Yubikey, simply because I would be worried border agents would take it indefinitely.
Security is about making it harder for the bad guys to get to what you don’t want them to get to. If they were sufficiently determined, sure they could get to it, but it is another layer. And one they may not expect, or if they were not sufficiently trained, what to do about.