Yubikey x = 2fa hw-based successor of GC?

[IvoL]

Having been inspired by Atrax's very good post explaining that Google (and perhaps also other) 3rd-party authenticator-apps work and are fully compatible with PE, I immediately became curious after reading somewhere about the Ubikey.
It comes in various flavours & shapes, and offer several industry-standard types of 2fa.

If google (and other) 2fa-apps work with PE, could that mean that a Ubikey (or similar) may also work?
MA will probably never realease a statement on this since they want us to use their awesome authenticator app of course.

A quick search on PCF only yielded a few mentions of Ubikeys in the GC-Announcement-thread, but I did not find anyone that posted their experience trying to set up a Ubikey-type product as authenticator-token.
Does anybody have any experience with Ubikey or similar in combination with PE?

It could potentially offer a number of advantages / remove the objections against an android (or ios) app by MA:

• not on an easily hackable device like a smartphone
• does not run out of battery as fast
• not depending on MAs app-coding
• completely not-recognisable as PE-related, it could be for many things

To be honest, it has a lot in common with the GC
Although in particular the last option is not offered by the GC, that might even be considered an additional advantage...
Also compared to the folks that are running a windows-based-emulator on which the MA-app is running I think this would be a step up in security as well as user-friendly-ness.

For the record, for me this whole 2fa-app thing is rubbish, I've been a happy GC-user for close to 14 years (my GC card number has only got 3 digits!) - I did replace the battery in the reader once or twice but apart from that it always worked like a charm.

Please post your experience with Ubikey or similar product in combination with PE!

 

[Atrax]

Ouch though;

https://www.yubico.com/store/

Hardware 2fa IS better. If someone has this, or a compliant device it would be cool to be able to use it. I didn't explore the programmability of these but you might be able to use it already.

I'm still reading just came to share the price page lol.

EDIT:

Yubikey says :

• Strong authentication with support for multiple protocols (Yubico OTP, OATH HOTP, OATH TOTP, U2F, PIV, and Open PGP), and FIDO2 the new standard enabling the replacement of weak password-based authentication.

While Google says:

• Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users of mobile applications by Google.

There's no software though the app has to know to look for the authenticator. I think that means work for MA.

 

[IvoL]

I did a quick search (I'm a complete n00b in this area, bear with me if I'm speaking nonsense!) and found there to be TOTP-compatible hardware tokens offered by various parties, prices are ranging from 15-ish to 50-ish euro.
With so many out there I'm hoping at least someone to have one and be able to share experiences with us.

Here's what I've found so far:

• vasco's digipass go 6, familiar name, both my wife and I have a vasco token for work, that is a "3" though which is not compatible with TOTP
• protectimus' protectimus two, to me unknown brand
• virtualsecurity's totp-token , to me unknown brand, dutch website
• Yubico offers several types that can be used with TOTP, but they require you to use a tool to "program" / configure the hardware token: yubico authenticator