zlacker

[parent] [thread] 2 comments
1. Terret+(OP)[view] [source] 2022-01-27 20:27:56
> via SMS

Or push, or other supply of a code from somewhere. It's just oddly worded, sounding like the code in all 3 cases is coming over the wire.

Granted, phishing is a diff story, but in practice, I see Yubikeys permanently inserted to their laptop hosts, requiring even less intervention.

replies(2): >>within+xN >>tialar+aW
2. within+xN[view] [source] 2022-01-28 00:28:10
>>Terret+(OP)
Yubikey has a setting to always require a pin before touch. So leaving it always plugged in isn’t that big of a deal.
3. tialar+aW[view] [source] 2022-01-28 01:29:37
>>Terret+(OP)
However the set of attackers who can get any advantage from the laptop sat on a conference table, much less your desk at home or in the office building, is both different and much less scary than the arbitrary crooks phishing people from the far side of the Internet.
[go to top]