What do you think of it?

Is it really the sort of security we've always needed?

Attached: Security-Key-by-Yubico-2-pack.png (1000x1000, 827K)

if by the "security we've always needed" you mean a backdoor into all your accounts then yes it is

Is there any legitimate criticism to make or

2FA is already a bad idea because it's almost always implemented wrong
U2F just takes everything one step forward and makes sure it will actually be a security risk even if it's implemented right.

explain

which part?

1. why is it a bad idea ?
2. how should it implemented/how is it implemented incorrectly
3.how does u2f make it even more insecure

2 - 2FA is almost always implemented in a way that can reset your password and get you access to the account with just the 2FA.
That and most sites that use 2FA will go one step further and reuse the same 2FA secret for your account, that means that if by some reason you lose the device or if someone gets access to your 2FA secret you won't be able to enable it again for that account unless you want the person that got it to have access again.

3 - U2F removes the degree of separation from your 2FA by using a physical device that has to be interact with your computer.
Using U2F on a compromised machine will render the token useless forever instead of just giving the attacker a code he can use for a limited windows of time

I use a onlykey for u2f. Anything better then that?

What's the use case for this? Why would I use it instead of 2FA? Is this the type of thing that is used in place of a password, as supplement to one?

Nigger you can just install a new key on it

It's hardware 2fa.
Webauthn also supports completely passwordless authentication but that isn't well supported yet.
It's a good backup to your regular 2fa codes if you need it as well.

literally none of this is true, do you work for the NSA or something you fucking spook?

Yes, just don't use the FIPS enabled garbage. It is literally designed to be unsafe shit.

>Using U2F on a compromised machine will render the token useless
This is utterly false.

2fa in all forms is fucking gay

It's a pain in my fucking back. It's all because fucking normies couldn't choose a good password and Jews want all out phone numbers and data.

>2FA is almost always implemented in a way that can reset your password and get you access to the account with just the 2FA

No. In most cases it disables the 2FA component of the login.

>Using U2F on a compromised machine will render the token useless forever

That's why you use a separate device to generate 2FA codes using the physical key to prevent glowinthedarks from compromising the hard key.

Is the only way to be truly safe online or remotely (not locally) to just carry around a notebook like a fucking old man full of passwords? I am pretty sure I'm heading towards alzheimers and remembering 33 passwords that are randomly generated ain't the simplest thing in the world

i had that problem but now i just follow a scheme that references the website's name, calling it a faggot in leetspeak and spelling everything in a peculiar way. if you don't remember your password you just try insulting the website with the first silly variation of the website's name that pops into your head.

thinking of switching to one-handed keyboard patterns like As12qwzx though

bump for interest in security

What happens if you lose these? Are you completely fucked? Cuz ur cant just go to a store and buy another set or some shit.