My current explanation of security keys is not optimal: “imagine a $20 thumb drive that when you lose it locks you out of your email”
-
-
Replying to @Pinboard
My issue with Yubikey: doesn't do mobile logins, so I need TOTP anyway—confused about value of adding Yubikey if I still need TOTP
2 replies 0 retweets 0 likes -
Replying to @michaelstepner
because the security key can’t be phished no matter what
1 reply 0 retweets 0 likes -
Replying to @Pinboard
But TOTP still provides equivalent access to my account, is possible to phish, and I'll still be using it on mobile = my confusion
1 reply 0 retweets 0 likes -
Replying to @michaelstepner @Pinboard
Could argue it reduces attack surface slightly. But which threat model is this securing against? I don't see value > inconvenience
2 replies 0 retweets 0 likes -
Replying to @michaelstepner
threat model is phishing, which works against even very sophisticated users.
1 reply 0 retweets 0 likes -
Replying to @Pinboard
Is the argument: (i)Phones are relatively secure devices, laptops are relatively insecure-->use better 2FA security on your laptop
1 reply 0 retweets 0 likes -
Replying to @michaelstepner
it is! It’s a terrible argument, we’re all waiting for 2FA that works on the iPhone
1 reply 0 retweets 1 like -
Replying to @Pinboard
Agreed! Feedback—despite knowing the ingredients of the argument, I didn't combine them. It's hard to communicate & w many prereqs
2 replies 0 retweets 0 likes
actually, the argument is worse than that. You need 2FA on every device, but the best kind is not available on iphone yet
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.