YubiKey Replacement

Since I began using a YubiKey for PGP operations in 2015, I’ve always kept a spare YubiKey locked away with my USB Armory, in case the one on my keychain failed. While performing my annual key renewal this month I decided it was time to switch to the spare YubiKey. My old one still works, but it often takes a few attempts to read.

Both YubiKeys are 9 years old. But one has spent those 9 years locked away, while the other spent every day of those 9 years in my pocket (and saw repeated use on most of those days). The new one always works on the first attempt, and it fits into USB ports with a comforting amount of friction. The old one had been worn down so much that it often just falls out of ports if it isn’t being held in. (My calipers measure the front contact area of the old YubiKey at 2.26mm thick, where the new one is 2.40mm.) I’m glad to know that YubiKeys can reliably work for nigh a decade, but next time maybe I’ll start to think about replacing this one after around 5 years of EDC rather than 10.

I was pleasantly surprised to discover that modern versions of GnuPG are happy to use different cards for the same key, so you no longer need to delete keygrip files when switching cards.