On 5/6/20 12:03 PM, Doug wrote:
Am I wrong to presume everyone here uses 2-factor authentication? Yubikey is that, plus it has software that does try to figure out if the servers being contacted are the right ones, and not ones that just look right to a casual observer.
You are wrong in the case of me. I am willing to consider trusting something like the old SecurID (was it called?). It has the virtue of being manual, so I know what it is doing and that it isn't automatically doing things without my knowing. The catch is even something that simple couldn't be trusted: RSA was an idiot organization and they had a systemic breach.
Yubikey feels more "Isn't this cool!?" to me than it feels secure. Why should I trust it will only let me in? Why should I trust it *will* let me in? (What the hell do I do if I damage it? Exactly how screwed am I?)
I do understand the the value of two-factor stuff to fight against compromised endpoints, but it doesn't solve, just hobbles them a little.
Two-factor can be extremely valuable to protect high value stuff, but it does not scale well, and the other things needed to protect such high value targets is too burdensome for slightly normal people.
-kb _______________________________________________ Discuss mailing list Discuss@lists.blu.org http://lists.blu.org/mailman/listinfo/discuss
