My current explanation of security keys is not optimal: “imagine a $20 thumb drive that when you lose it locks you out of your email”
-
-
Replying to @Pinboard
My issue with Yubikey: doesn't do mobile logins, so I need TOTP anyway—confused about value of adding Yubikey if I still need TOTP
2 replies 0 retweets 0 likes -
Replying to @michaelstepner
because the security key can’t be phished no matter what
1 reply 0 retweets 0 likes -
Replying to @Pinboard
But TOTP still provides equivalent access to my account, is possible to phish, and I'll still be using it on mobile = my confusion
1 reply 0 retweets 0 likes -
Replying to @michaelstepner @Pinboard
Could argue it reduces attack surface slightly. But which threat model is this securing against? I don't see value > inconvenience
2 replies 0 retweets 0 likes -
Replying to @michaelstepner @Pinboard
I don't get Yubikey's cur. value—I've tried! And I love inconvenient things and paying for things that increase my online security
1 reply 0 retweets 0 likes
it effectively protects you against phishing, keylogging, and other forms of password theft, but I assume you know that
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.