YubiKey

YubiKey is a line of security keys manufactured by Yubico. They are hardware-based 2FA devices designed to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols. They come in a handful of form factors, but the key feature you need is on all of them: Someone has to be there - in person - to touch the button and release the key, or you shall not pass.

There are a lot of things made for these keys, but the two main packages you are looking for are the cross-platform YubiKey Manager and Yubico Authenticator.

• YubiKey Manager is what configures the YubiKey itself.
• Yubico Authenticator is a 2FA authentication app, much like the ones that Google & Microsoft make, except it stores things on the YubiKey itself instead of on your phone.

There are all sorts of other official tools for various other things you can bolt your YubiKey into, like your login screen and enterprise networks.

In Linux, you can use Yubi authentication in place of password authentication on the sudo command (and others).

fill in later