I'm throwing this idea out there without much critical thought, not as an endorsement, but to hash it out publicly: one account per physical 2fa token?
-
Show this thread
-
Or maybe n accounts for some small n. This would eliminate the "name === identity" problem, enhance security, and make bots significantly less scalable.
3 replies 0 retweets 7 likesShow this thread -
But! I understand it may have some drawbacks. Cost, convenience...
2 replies 0 retweets 2 likesShow this thread -
Replying to @EmilyGorcenski
I think the biggest downside is carrying the tokens and remembering which one totes to which account... Limiting the blast radius from vendor break seems to be the main security advantage, but how many vendors are there?
1 reply 0 retweets 0 likes -
Replying to @jcape @EmilyGorcenski
Like, AWS has theirs, YubiKey works with Google and GitHub, are there others?
1 reply 0 retweets 0 likes -
Replying to @jcape
In theory we could have one device handle keys for many services. E.g. my phone's authenticator app.
1 reply 0 retweets 0 likes -
Replying to @EmilyGorcenski
Sure, but then it's not one token per account :)
1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.