Does anyone use this?
Does anyone use this?
Bentley Williams
Other urls found in this thread:
dmitryfrank.com
twitter.com
Ryder Sanders
Got one for Christmas to played with PAM and WebAuth.
Now It's taking dust.
Gabriel Hughes
Nope.
Andrew Watson
What is it? Chromecast? Storage?
Wyatt Jenkins
2FA is a joke
remember, that 2FA is a convenience device, not a security device
because if you lose your 2FA device, you ultimately have other factors of authentication
and those other factors of authentication ultimately boil down to a single password.
Jayden Edwards
We use this on all our web applications at our company.
Asher Johnson
I used one for MtGox, and just see where that got me
Dylan Torres
I use Linux
James Lewis
Yep. I have my SSH keys and OTP tokens on it.
Nah, 2FA with U2F is pretty solid. See dmitryfrank.com
Connor Morales
>2FA with U2F is pretty solid
LOL
the solution to losing/breaking/stolen your 2FA device is a backup 2FA device, which could be lost/broke/stolen
Austin Brown
>lost/broke/stolen
You'd really have to be a dumb ass to manage to break your two 2FA devices at the same time. And if you really can't be trusted with 2 2FA devices just make a third. Or a fourth. Or a fith.
Ethan Brown
nah I can just remember strong passwords
2FA is for retards who can barely remember their password is "password" plus the 2FA device
Elijah Parker
I use it only to store my pgp key for SSH and pass. I have a backup key at a friends house in case anything happens to my main one.
Carter Hughes
what if your password leaks
Adam Ross
I got one from wired, but I haven't found any usage for it since I am already using OTP.
Colton Rodriguez
>what if your password leaks
the 2FA password or the real password behind the 2FA scheme?
remember, 2FA is a password substitute, not a replacement as there is still a single password or other factors for account authorization.
what's the point of 2FA if you can regain your account with other factors if your 2FA device is lost/stolen/broken?
the only use for 2FA is for organizations who manage login credentials for users. it makes it easier for retarded lusers to more securely access company resources. arguably, it is for individuals who use (((trusted services))) to have a more convenient login method, but it's not for people who manage their own IT infrastructure (unless it is for their underlings)
Zachary Scott
They make us use them in work to log in to winblows via PingID. They are pretty pointless though once you kill the network they can't authenticate against the service and it falls back to the normal NTlogin. So in theory if someone nicked your laptop it wouldnt have a valid network connection off-site rendering the PingID service null and void
Luke Thompson
XD senpai
Dominic Baker
Nigger you so fucking dumb. Most only allow a list of backup codes, an authenticator application, or a fucking text message. If your phone gets stolen you got bigger problems.
Anthony Cox
>If your phone gets stolen
happened to Linus and his phone wasn't even stolen
they just bypassed 2FA altogether, used social engineering and exploited bad company practices
Easton Thompson
Yes because I got it for $5. Sounds like a ripoff for $60. I have PAM set up so I don't need a password to use sudo while it's plugged in, and it has my gpg keys.