Oops: You're not authorized to access this page

[peterbabic]

The non-exportable link does not guide me to anything meaningful, even for registered and logged in user:

Keys stored on YubiKey are non-exportable (as opposed to file-based keys that are stored on disk) and are convenient for everyday use. Instead of having to remember and enter passphrases to unlock SSH/GPG keys, YubiKey needs only a physical touch after being unlocked with a PIN. All signing and encryption operations happen on the card, rather than in OS memory. [source]

It is still available in the web archive:

For security, the firmware on the YubiKey does not allow for secrets to be read from the device after they have been written to the device. Therefore you cannot duplicate or back up a YubiKey or Security Key. For this reason, we recommend having a backup device and registering both with your accounts so that if one is lost or broken you can use the other to log in.

The only exceptions to this are the few features on the YubiKey where if you backup the secret (or QR code) at the time of programming, you can later program the same secret onto a second YubiKey and it will work identically as the first. These features are listed below.

• Static Password
• HMAC-SHA1 Challenge-Response
• OATH-TOTP (Yubico Authenticator)

Note: When the Yubico PAM module is used in challenge-response mode (this is the way the Mac Logon Tool works), it uses the device serial to lookup the expected response, which prevents the module from working unless each YubiKey is registered ahead of time. Backing up the HMAC-SHA1 secret and restoring to a different YubiKey later does not work for this scenario as it will have a different serial.

Suggestions?

[drduh]

Let's link to the archived page. Please send a PR or I can do it.

[peterbabic]

Here it is https://github.com/drduh/YubiKey-Guide/pull/315

I wonder why was the original article removed though.