On "What happens to the static key if you lose your Yubikey?" You are only storing one part of your NXT Passphrase in the pseudo 2 factor authentication use case described. If lost, it cannot be used to gain access to your Nxt account without ALSO knowing the first part of the Nxt Passphrase (which user would memorize)
On "How are you going to get your money out of Nxt account in event of lost Yubikey? Option 1) Make a backup Yubikey and store it in a safe deposit box or other secure location for the contingency of losing your main Yubikey. Option 2) Create a local Keepass database with your Yubikey static key backed up inside the encrypted LOCAL Keepass database.
No, Nxt Passphrase backup is not on Yubikey server. The only involvement of the Yubikey server in the use case I described is to register the Yubikeys and potentially Revoke them if they are lost.
I realize that Lastpass signs and encrypts locally before transmitting encrypted data. STILL, some security paranoid users may not feel comfortable with any option but LOCAL backup of private keys.
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at
https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets.
Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.
Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?
No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server?
As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server.
