Why haven't you switched to yubikeys yet? it's the future

Why haven't you switched to yubikeys yet? it's the future.

Attached: Untitled.png (1046x869, 479K)

Other urls found in this thread:

subscribe.wired.com/subscribe/wired/116349
stallman.org/stallman-computing.html
en.wikipedia.org/wiki/S/KEY
twitter.com/SFWRedditVideos

>proprietary software
no thanks

Because I dont work for jewgle?

what if I lose it?

not OP because OP makes weak b8
not field programmable
your argument is invalid
you buy more than one
enroll 2 or more keys
lose one?
log in with the backup and unenroll the lost key
also, when did you last lose your car keys?
this is a tired argument

the main valid argument against hardware tokens is that nobody supports them well
chrome has u2f, but also webusb
in chrome if you get a browser permission dialog asking for access to your key, you're probably being phished
in firefox, u2f is implemented with javascript and ... gives you a browser dialog asking permission to access your key
*facepalm*
the yubico software is open source, which means it's a pain in the ass to build and/or install
if you can ever get it installed properly, the documentation is pretty good though
it's just a bit scattered about on developers.yubico.com
in any case, a yubikey with QTPass is far superior password protection to some master password bullshit like most password managers and OTP can work with plain old text inputs

I thought we're planning to teach common sense for future?

even if you did, the jackasses running NPM and PyPi are never going to secure their repos
meaning you're gonna get owned by some rouge package at some point
BUT if you have a yubikey, you can store your SSH keys where software can't steal it

Attached: 2018-05-09-113555_1257x151_scrot.png (1257x151, 33K)

Also, if you want to get one dirt cheap, wired is doing a promotion for $5 keys
subscribe.wired.com/subscribe/wired/116349
I'm told they stack, so if you subscribe multiple times with the same email address, you get X keys @ $5 each and X years subscription to Wired
Maybe in a few years, Wired will be less of a Trump hating rag
Their politics are really tiresome
It would be nice if they would just focus on the tech shit like they used to do
BTW, if you use this promo it takes weeeeeks to get the key, so you need to be patient

How many employee accounts were successfully phished before the switch?

fpbp
you buy a new one goy

Thanks for that.

this is a very jewish post

i have to swipe that key twice a day, so annoying

So why not have an encrypted hard drive that reads the key and asks for a password like ssh keys?

Can this be done with luks or veracrypt? (Truecrypt)

I am a massive brainlet, can you explain how these work? What does the end user do with these things?

there's a yubikey luks thing
I have it set up on an ubuntu laptop
but it can be phished
all it really does is take your shit password, pass it through hmac challenge response, and produces a hard password that it uses for the disk decryption
if someone has tampered with your /boot, then all they need to do is capture that output once, just like all they would need to do is capture your shit password once
but then, with your shit password, they don't even need to catch it once, because your password is probably shit and can be broken with GPU clusters in a few minutes

>got the github 2fa yubikey
>it's gimped/doesn't have the complete featureset

gonna get a hsm2 for my CA at some point, purely because I like fucking around. I'd love to implement FIDO2 in our infrastructure at work but that'll never happen.

IE people are still clicking phishing links but the 2FA means that they can't steal everything

/thread

Have one for gpg keys.
Not using them as 2fa because their default mode (one implemented in most sites) uses ubico authorization api. Which means they can track where your key is used. tl;dr botnet.
Other modes in ubikeys are rarely available in sites.
Also not open source.
Also loosing it locks you out for ever.

curious, what do you use gpg keys for in your daily life?

>when did you last lose your car keys
If I lose any type of standard key I can pay a locksmith to make me a new one. A possibility of having to demolish your house because you can't get inside is absolutely unacceptable.

How are you at the level of working for Google and being a victim of phishing at the same time?

>yubikeys
No thanks. I use an SD card + 32 char password to unlock my keepassxc. The sd card is always in my pocket and I keep a backup sd card at home in a safe

Diversity quotas

WHEN YOU GET AN EMAIL FROM A FELLOW DRAGON-KIN YOUR LOGIC TENDS TO GO OUT THE WINDOW

Attached: fullsizeoutput_326-565x537.jpg (565x537, 46K)

>rouge
fuckin red packages

Emails, signing git commits (rare), encrypting some files time from time, also custom mesaging system that uses gpg to validate users.

Better than getting your shit stolen.

>humans
>2018

>just buy more keys user!
>$50 a pop

lmao there are much better solutions for 2fa that aren't expensive.

These keys are great. I have comfy setup wherw I only use it fornmy Bitwarden account. Everything else just uses TOTP.

For the fags asking what if you lose it, either write down the backup code or have a backup key.

You can get them for $20 with NFC capabilities
You can get a fido key for $16
Some other guy even posted the $5 one

Stop trolling

Your lock is shit then.

>2FA

Attached: soy.png (356x423, 33K)

Has anyone know yubikey gnu fuckin analog?

>google "says"
>""""""""says""""""""
really makes you think

yubikey is not field programmable
as a security measure
it's like a microwave or other appliance
you just use it
stallman.org/stallman-computing.html
>As for microwave ovens and other appliances, if updating software is not a normal part of use of the device, then it is not a computer. In that case, I think the user need not take cognizance of whether the device contains a processor and software, or is built some other way. However, if it has an "update firmware" button, that means installing different software is a normal part of use, so it is a computer.

$5 buks? You mean that subscription bonus? That only works in usa? Which will be used to pad "people still care about msm" stat? No.

>not using Dashlane/1Password, Authy for OTP 2FA, and YubiKey for U2F 2FA

FIDO U2F is an open standard

Attached: lsjldfkjgl.png (879x910, 487K)

>arbitrary distinctions from a man that eats dead skin from his feet and stopped mentally maturing in his early teens

So like what happens if you lose the key?
That’s why

>Why haven't you switched to nsakeys yet?
fixed

You go to a website. You put in your username and password. You plug your USB key into your computer. The site accesses your USB port (wtf?) and fails to get the 2fa authentication because you're a Jow Forums faggot and have all kinds of keys, fobs, toys and shit hanging off of your keyring and over time you've peeled the USB traces off of your jack and/or broken the solder connections. You call tech support, they inform you of your massive faggotry, and you have to call Google and beg them to let you access your loli fan site.

The whole thing is so fucking stupid. Assholes can't get authentication done right, so they stack another block on top of that Jenga tower and say "whew jobs done lads, let's go get a pint and suck each other's dicks in the pub". Fuck them, and fuck everybody who thinks this is a good idea.

>work for fucking google
>fall for a phishing scam

>t. Someone who's never used a u2f token

In reality what happens is it asks you for your 2FA code from the authenticator app on your phone with the ***OPTIONAL OPTION*** to login using your u2f token of you have it on hand

>not using bitwarden which is a foss alternative to everything you posted

Then you buy the $20 one faggot

en.wikipedia.org/wiki/S/KEY