You donot understand your own mistrust. You are trying to make it unnecessarily difficult to use your tool. How would you like a spoon that phishing-resistently refuses to spoonfeed you unless you have sufficiently identified yourself as an authority-authorized credit card owner?
Op ma 16 dec 2024 om 08:49 schreef Jeffrey Walton <noloa...@gmail.com>: > On Mon, Dec 16, 2024 at 2:42 AM 🦓 <czybo...@gmail.com> wrote: > > > > YubiKeys is a password manager in a dongle, thus the exact opposite of > passwordless. Your dogs and your goats are passwordless, they reliably > serve you but have a built in immune system with redundancies protecting > them from abuses of their passwordlessness. > > You don't understand YubiKeys, their capabilities, and Universal > Second Factor. The security requirements of U2F are a token that has: > > 1. high entropy > 2. replay resistant > 3. phishing resistant > > Passwords may satisfy (1), but they completely fail at (2) and (3). > > And your original problem statement stated memorization was the > problem you were trying to solve. Even if a YubiKey serves up a fixed > password (which it does not), then it solves your memorization > problem. > > I have no idea what dogs and goats have to do with things. > > Jeff > > > Op zo 15 dec 2024 om 15:35 schreef Jeffrey Walton <noloa...@gmail.com>: > >> > >> On Sun, Dec 15, 2024 at 6:47 AM 🦓 <czybo...@gmail.com> wrote: > >> > > >> > my mother is currently struggling to memorize all of my dead > stepfather's identities and passwords and that makes me wonder how would > you like an internet of hosts who store everything undeletably and > barrierlessly readably with no secrets whatsoever to humanity nor any other > natural or artificial or divine intelligence? i know this sounds like a > question for debian-devel or debian-policy but i m dumping it onto > debian-user as as of now i m not subscribed to any other. > >> > >> For some of the larger sites you can use a YubiKey. YubiKeys use the > >> FIDO/FIDO2 protocols. I believe WebAuthn also supports YubiKeys. > >> > >> But I found a lot of sites do not support FIDO/FIDO2 protocols. For > >> example, most banks and my mother's credit union do not support them. > >> In this case, I send a letter to the company's legal department and > >> put them on notice. (I also point out the problems with their current > >> authentication system). > >> > >> If you start switching to YubiKeys, then be sure to use two of them. > >> The second is a backup YubiKey, and it also gets enrolled when you > >> convert the account. The backup YubiKey is used in case the first > >> YubiKey is lost. > -- +491601449...@linktr.ee/czyborra🦓
