Hey, thanks for giving such a detailed answer!
After doing some digging I think you’re right. The Apex Flex does seem to be the best option.
I thought it’s ability to be used as a security key was overkill as I was only looking for storage and since I already have two YubiKeys, but it would be worth it to have an implanted key as well.
This could also work, I would be fine with just creating a KeePass database on a USB stick and storing the password on the xNT.
For the xNT:
This one seems promising, my only concern is security. According to this post it isn’t secure but I don’t completely understand why. Is it a password length issue or is the method of authentication just easy to crack?
If want my data to be safe from someone with 5-10 min of uninterrupted access to the implant, would this be enough? And does it have a limit for incorrect password attempts?
I would tag the author of the post I linked but I’m not sure if that’s breaking any rules.
For the Apex Flex
The only thing making me hesitate on the it now is the price for two reasons:
-
If it breaks or stops working, I’m out $350 depending on what happened.
-
I’d want to have a couple of them implanted in different areas as backups. I could have 5 xNT implanted for the same price as one Apex. With this I’d feel comfortable enough to store my backup info exclusively on the implants and nowhere else.
From the links you provided I see they’re pretty durable but I don’t want to have a single point of failure in the worst case scenario.
I read in another post that both the Apex Flex and FlexSecure can be permanently bricked if an incorrect password is input too many times. Im having trouble understanding all the terms so please let me know if this is wrong, but from what I understand:
The password they’re referring to is the password that’s used to access the entire chip, and is NOT used to actually interface with FIDO2, OTP, or other applets. It’s strictly for managing and installing them.
Assuming I got it right I have a few questions:
-
Can I set a unique pin for each app? So that for FIDO2 logins it’ll ask for my pin on websites that support it and so OTP codes won’t be revealed without it.
-
If someone somehow figured out the password, would it be enough for them to view what’s inside the applets? Basically just bypassing the pins set for each app and just extracting the TOTP secret keys for example.
Thanks again for taking the time to answer my questions.