Whatever operation happens inside the key to generate or check codes, why can't that happen inside the app?
-
-
Replying to @adambanksdotcom
the key works with the browser to sign a challenge that includes the actual URL you are visiting. That’s the difference
1 reply 0 retweets 1 like -
Replying to @Pinboard
I read this in the FAQ, but I'm still thinking: whatever the key does when the browser talks to it, why can't that just be done in software?
1 reply 0 retweets 1 like -
-
Replying to @Pinboard
Ah, OK. And it's harder to copy or clone the key because it's, like, more hardware-y?
2 replies 0 retweets 1 like -
Replying to @adambanksdotcom
it’s made to be tamper-resistant and really hard to get the crypto bits out of
1 reply 0 retweets 2 likes -
Replying to @Pinboard
Thank you, that makes a little more sense! I research all kinds of tech for stories but security stuff is always hardest to grasp ¯\_(ツ)_/¯
2 replies 0 retweets 1 like -
Replying to @adambanksdotcom
the U2F stuff is almost comically confusing. I have had to have it explained over and over by crypto nerds, still shaky
1 reply 1 retweet 3 likes -
Replying to @Pinboard @adambanksdotcom
this is the question that took me forever to wrap my head around, thank you for explaining so clearly!
1 reply 0 retweets 1 like -
btw i got my yubikey and set it up today, this guide finally got me to do it. thanks for making it less scary
1 reply 0 retweets 1 like
I channeled my own terror into documentation! I’m delighted you found it helpful
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.