Ask HN: Is GNU pass and Yubikey (via NFC) supported on iPhone?
Hello,
I am considering moving from Android to iPhone in the near future. I think the only thing I can't really evaluate easily is whether or not there is support for GNU pass where the GPG key is stored on a Yubikey.
My Android password manager workflow is:
Need password -> Android pass app requests Yubikey Pin -> App requests NFC tap -> password decrypted.
Can I replicate this UX on iPhone today?
21 comments
[ 3.1 ms ] story [ 57.9 ms ] threadPaired with an encryption key stored in an isolated device like a Yubikey, it makes for a powerfully secure password system — if you like using the command line for your passwords.
I don’t know of any iOS apps that do this, but I now want one.
I suspect rather than suggesting it's a GNU project, OP is creating a sort of portmanteau from GnuPG and pass.
[1] https://www.google.com/search?q=%22gnu+pass%22
[2] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Pass is available in the repositories of most major distributions. As usual, you can also compile from scratch, but, if you do, take note of the dependencies, especially GnuPG (GPG) [6], which creates encryption keys, and Password Generator (pwgen) [7], which generates random passwords that contain random combinations of upper- and lowercase letters, numbers, and special characters. Without GnuPG and pwgen, you will be unable to set up Pass, much less actually use it.
https://www.linux-magazine.com/Issues/2014/158/Command-Line-...
As far as I am aware there is zero relation to GNU projects, aside from pass requiring GPG. I believe the author of pass is the same fellow who wrote wireguard.
Longer answer: iCloud Keychain is end-to-end encrypted credential storage, and its workflow is:
Need password -> Secure system hook to Keychain -> Keychain requests unlock via (face/finger/passphrase as appropriate) -> Password decrypted and auto filled.
There are also third-party options, which can nominally use NFC keys[0] as auth factors, but I’m not currently aware of any that actually do.
Personally, I use 1Password, because I’ve still got a Windows box in my world, and need something cross-platform, and since I’m paying for it, I know it’s the product and not me.
[0] https://developer.apple.com/documentation/authenticationserv...
When wealthy clients come knocking with millions/billions of dollars to spend on advertising to, or vacuuming up data on, a company's customers, you are always potentially the product.
Paying for a product/service doesn't mean that there isn't someone with more money willing to pay for your attention or data via that product/service. Those people become a company's real customers.
The UX of having to grab your Yubikey every time is a bit clunky though (although that is limitation of the security key medium itself rather than the app).