SMS 2FA really boggles me. I mean, at that point why bother? What about for computers themselves? Do any of the major OSs support using one for disk or even home folder encryption?
I know Google supports them for anything using their auth provider, but again, at that point, is there one?
The only thing I've seen that requires the keys 100% is Googles Advanced Security thing. But that kills off Third Party app access.
You can use the keys to login to your computers with a pin. Not sure about encrypting drives etc. Would be cool to find out.
However the keys are just a USB drive anyone can plugin and touch. Unless you get a biometric reader anyone with physical access to your keys and password can use them.
I was looking at the Yubi with fingerprint reader, but that falls into the same trap I mentioned in another note about subpoena power.
There really seems to be no real replacement for strong passwords, but adding a layer is still a +
I get a bit "conspiracy theorist" about these new password less logins being pushed by big tech though. Seems like a good day for big brother.
Someone told me about yubi keys and they seem dumb. What’s the benefit exactly?
Mixture of strong passwords and 2FA on a device. Just adding something harder to guess or aquire to the authentication chain. The standard it's called FIDO2 and seems pretty well audited/tested.
How good it is, is what I'm asking about.
What do they protect against? If I have a 2fa app on my phone, what’s wrong with that?
Absolutely nothing. You're already ahead of 90% of the people on the Internet. But there are active phishing scams to get people's 2FAs.
Yes, you have to fall for it.
An authenticator app can be cloned or accessed by a third party. A key is a physical device you have to plug into the device (or tap) to authenticate. So it would be much harder for someone in another continent to access your accounts without physical access to the key. But it's all moot if there's a backup way to get in.
