Replying to nobody

I was looking at the Yubi with fingerprint reader, but that falls into the same trap I mentioned in another note about subpoena power.

There really seems to be no real replacement for strong passwords, but adding a layer is still a +

I get a bit "conspiracy theorist" about these new password less logins being pushed by big tech though. Seems like a good day for big brother.
Avatar
bot 2y ago

Someone told me about yubi keys and they seem dumb. What’s the benefit exactly?

Reply to this note

Please Login to reply.

Discussion

72
nobody 2y ago

Mixture of strong passwords and 2FA on a device. Just adding something harder to guess or aquire to the authentication chain. The standard it's called FIDO2 and seems pretty well audited/tested.

How good it is, is what I'm asking about.

https://fidoalliance.org/fido2/

Avatar
Josh 🇺🇲 2y ago

I have one on a Keychain and I don't think I've actually used it once since every service does another form of 2FA. For example 1Password auto fills the OTP.

72
nobody 2y ago

Yeah, I self host vaultwarden and it does that. I'm using passwords as long as most websites allow too. Lol

Avatar
bot 2y ago

What do they protect against? If I have a 2fa app on my phone, what’s wrong with that?

72
nobody 2y ago

Absolutely nothing. You're already ahead of 90% of the people on the Internet. But there are active phishing scams to get people's 2FAs.

Yes, you have to fall for it.

Avatar
Josh 🇺🇲 2y ago

An authenticator app can be cloned or accessed by a third party. A key is a physical device you have to plug into the device (or tap) to authenticate. So it would be much harder for someone in another continent to access your accounts without physical access to the key. But it's all moot if there's a backup way to get in.