Thoughts on Yubikey?
Thoughts on Yubikey?
Mason Brown
Other urls found in this thread:
crowdsupply.com
tedunangst.com
youtube.com
twitter.com
Evan Collins
Botnet
Alexander Scott
How so
Colton Gray
non-free fag
Asher Johnson
my laptop is encrypted, has a firmware admin password and also custom secureboot PK, KEK and db and I only run db signed efi applications.
what fucking value am I going to get from some meme smartcard/tpm bullshit that I couldn't get running whatever crapware on my laptop directly?
Kevin Carter
Jack Foster
ya ya ya ya now go fuck yourself
Nathaniel Walker
>make actual points about trusting your security on a propitiatory product a black box you don't know about, proceed to shit on people
shill
Grayson Harris
>$100 goal
so it's a marketing strategy
Adrian Carter
just build one yourself the parts list is there.
Jacob Roberts
Seems interesting, though quite expensive.
Here is an article that talks about using them for different cases.
tedunangst.com
Owen Bell
What are they used for
Lincoln Nguyen
Shiet that's nice
Jose Stewart
Work has me use one
No idea what it does / how it works I just push the thing to log in
Liam Brown
youtube.com
Yubikeys are alright, but fucking annoying on Windows 10.
Gavin Carter
I have one. It's pretty cool, but I don't have enough stuff to use it with. It's really just Github (which I don't even use) and a weeb porn torrent tracker. I hear there's ways to integrate it with your PGP and SSH keys but I haven't looked into it yet.
Adam Green
You can get one for $10 if you buy a subscription to wired
Asher Hernandez
cute
I wished they used some kind resin for the back though, would be easy to short the caps on the port chassis, especially when pushing it around.
Liam Hall
>razer laptop
Opinion and study disregarded
Andrew Bell
I have the neo and use the shit out of it. It will hold an oath-Totp code on slot one for stuff like last pass or google u2f. Slot two holds a static password that I use for logging into a machine and admin tasks. Slot one is also readable over nfc so I can just touch my phone to it to use u2f on a bunch of different apps. If you do a lot of shit with security or security research they are pretty indispensable.
I’ve also washed it, stepped on it, dropped it, kicked it, etc and it can’t be killed.
Bentley Martin
I'm skeptical. We have them at work. The fact that they just act like a USB keyboard really seems like a weak point. I've wondered if you compromised a kernel how hard it would be to just log the key, do something malicious and then wait for the user to keep slamming the key think it missed the key press.
Honestly I don't like them but that has more to do with all of the retarded security shit that I saw ushered in with them. So I'm probably irrationally biased.
Angel Carter
Hard counters phishing with U2F.
The private key is never shared, it's only used as a challenge-response.
Zachary Bennett
Fido standard is open.
Colton Martin
Nobody in their right mind uses Windows 10. I think most companies are still on Windows 7.