From 78164e8bfdea181cec6186fb5099406030ce19a3 Mon Sep 17 00:00:00 2001
From: Kenny MacDermid <kenny.macdermid@gmail.com>
Date: Wed, 27 May 2020 16:39:29 -0300
Subject: [PATCH] Set touch policy to fixed.

Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.

If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 93eae2b..c539c25 100644
--- a/README.md
+++ b/README.md
@@ -2256,19 +2256,19 @@ To require a touch for each key operation, install [YubiKey Manager](https://dev
 Authentication:
 
 ```console
-$ ykman openpgp set-touch aut on
+$ ykman openpgp set-touch aut fixed
 ```
 
 Signing:
 
 ```console
-$ ykman openpgp set-touch sig on
+$ ykman openpgp set-touch sig fixed
 ```
 
 Encryption:
 
 ```console
-$ ykman openpgp set-touch enc on
+$ ykman openpgp set-touch enc fixed
 ```
 
 YubiKey will blink when it is waiting for a touch. On Linux you can also use [yubikey-touch-detector](https://github.com/maximbaz/yubikey-touch-detector) to have an indicator or notification that YubiKey is waiting for a touch.