NYT article recommends using SMS for two-factor auth on your email. Sad! Use a security key instead; here’s how: https://techsolidarity.org/resources/security_key_gmail.htm …
-
-
Replying to @Pinboard
I know I'm being stupid here but I still don't get how a key (permanently) plugged into a device is more secure than an app on the device?
2 replies 0 retweets 1 like -
Replying to @adambanksdotcom
it’s not a stupid question. App-generated codes can be fooled by impostor websites (phishing); a security key can’t
1 reply 0 retweets 1 like -
Replying to @Pinboard
Whatever operation happens inside the key to generate or check codes, why can't that happen inside the app?
2 replies 0 retweets 1 like -
Replying to @adambanksdotcom
the key works with the browser to sign a challenge that includes the actual URL you are visiting. That’s the difference
1 reply 0 retweets 1 like -
Replying to @Pinboard
I read this in the FAQ, but I'm still thinking: whatever the key does when the browser talks to it, why can't that just be done in software?
1 reply 0 retweets 1 like -
-
Replying to @Pinboard
Ah, OK. And it's harder to copy or clone the key because it's, like, more hardware-y?
2 replies 0 retweets 1 like -
Replying to @adambanksdotcom
it’s made to be tamper-resistant and really hard to get the crypto bits out of
1 reply 0 retweets 2 likes -
Replying to @Pinboard
Thank you, that makes a little more sense! I research all kinds of tech for stories but security stuff is always hardest to grasp ¯\_(ツ)_/¯
2 replies 0 retweets 1 like
I don’t think it’s inherently difficult, but no one has done a very clear public explanation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.