Skip to content
  • Home Home Home, current page.
  • About

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
patio11's profile
Patrick McKenzie
Patrick McKenzie
Patrick McKenzie
@patio11

Tweets

Patrick McKenzie

@patio11

I work for the Internet, at @stripe, mostly on Atlas. Opinions here are my own.

東京都 Tokyo
kalzumeus.com
Joined February 2009

Tweets

  • © 2019 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    Patrick McKenzie‏ @patio11 9 Sep 2018

    Patrick McKenzie Retweeted Mustafa Al-Bassam

    A FIDO key costs about $20 (or less in quantity) and if you follow me you should have it on all your personal and work Google accounts.https://twitter.com/musalbas/status/1038919152826757122 …

    Patrick McKenzie added,

    0:09
    Mustafa Al-Bassam @musalbas
    Quick phishing demo. Would you fall for something like this? pic.twitter.com/phONMKHBle
    Show this thread
    7:44 PM - 9 Sep 2018
    • 14 Retweets
    • 122 Likes
    • Follow Back Jesse Jones Ray Tsaihong Ken Username Grumpy Bourgeois Lacky Jason Hofmann Tomasz Sakrejda Jay Looney
    12 replies 14 retweets 122 likes
      1. New conversation
      2. sudogene‏ @sudogene 9 Sep 2018
        Replying to @patio11

        Mind shilling a link to your preferred FIDO key? There are a lot of options and they seem to vary in inconsequential ways. Paradox of choice.

        1 reply 0 retweets 1 like
      3. Patrick McKenzie‏ @patio11 9 Sep 2018
        Replying to @sudogene

        The blue one from Yubico on Amazon.

        1 reply 2 retweets 8 likes
      4. sudogene‏ @sudogene 9 Sep 2018
        Replying to @patio11

        Thanks! This one, I'm guessing?https://www.amazon.com/Yubico-Security-Key-USB-Authentication/dp/B07BYSB7FK/ …

        1 reply 1 retweet 9 likes
      5. Patrick McKenzie‏ @patio11 9 Sep 2018
        Replying to @sudogene

        That’s it.

        1 reply 1 retweet 5 likes
      6. Jay Looney‏ @jaymlooney 17 Sep 2018
        Replying to @patio11 @sudogene

        Thanks, finally bit the bullet and picked one of these up. I've been doing 2fa /w sms & authy for awhile, but I feel much more satisfied with this.

        1 reply 0 retweets 1 like
      7. sudogene‏ @sudogene 17 Sep 2018
        Replying to @jaymlooney @patio11

        Me too! Feels great. I got two that I keep physically separate so I can more fully rely on them. And so I can be annoyed at Twitter for only supporting one at a time.

        0 replies 0 retweets 1 like
      8. End of conversation
      1. New conversation
      2. Brian Breslin‏ @brianbreslin 9 Sep 2018
        Replying to @patio11

        I wish they made one compatible with both usb-a and usb-c without needing a dongle.

        1 reply 0 retweets 3 likes
      3. Jeffrey “crypto means hidden” Paul‏ @sneakdotberlin 10 Sep 2018
        Replying to @brianbreslin @patio11

        get two. enroll both. leave them in their respective computers. i use four of them.

        1 reply 0 retweets 1 like
      4. Brian Breslin‏ @brianbreslin 10 Sep 2018
        Replying to @sneakdotberlin @patio11

        Do you carry one with you in case you need to use a computer that isn’t yours?

        1 reply 0 retweets 0 likes
      5. Patrick McKenzie‏ @patio11 10 Sep 2018
        Replying to @brianbreslin @sneakdotberlin

        I feel like “Don’t ever access a Google account from a machine you don’t control” is an unsatisfying answer to that question but I feel it needs to be said.

        1 reply 1 retweet 9 likes
      6. Patrick McKenzie‏ @patio11 10 Sep 2018
        Replying to @patio11 @brianbreslin @sneakdotberlin

        (Contingent on “If you’re in this conversation you’re a professional and the compromise of your Google account would be Seriously Bad News.”)

        1 reply 1 retweet 5 likes
      7. Jeffrey “crypto means hidden” Paul‏ @sneakdotberlin 10 Sep 2018
        Replying to @patio11 @brianbreslin

        also should be mentioned: make a second g suite account to be the g suite admin, NOT your business card/daily driver email. that one should be unprivileged.

        2 replies 0 retweets 7 likes
      8. 1 more reply
      1. New conversation
      2. Jason Bailey‏ @jason_bailey 10 Sep 2018
        Replying to @patio11

        Do you know any stores in Japan that sell them? Seems like http://Amazon.jp  only has imports for ¥6000 or so.

        1 reply 0 retweets 0 likes
      3. Patrick McKenzie‏ @patio11 10 Sep 2018
        Replying to @jason_bailey

        I got mine for like 2 or 3000 yen from Amazon; might need to look through a few sellers.

        0 replies 0 retweets 1 like
      4. End of conversation
      1. New conversation
      2. Chris Frederick‏ @kansaichris 9 Sep 2018
        Replying to @patio11

        Practically speaking, is a hardware FIDO key significantly more secure than a software TOTP key? i.e. Wouldn’t a man-in-the-middle attack be just as effective when spoofing a 2FA prompt with a hardware key as with a software key?

        2 replies 0 retweets 1 like
      3. Patrick McKenzie‏ @patio11 9 Sep 2018
        Replying to @kansaichris

        You can’t MITM a hardware key; you can MITM a TOTP challenge satisfied by either a software or hardware device. For further details see https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html#man-in-the-middle-protections-during-authentication …

        1 reply 2 retweets 3 likes
      4. Chris Frederick‏ @kansaichris 9 Sep 2018
        Replying to @patio11

        Oh, interesting! I was given a YubiKey at one point and I just thought it worked by registering itself as a USB keyboard that would type one-time passwords when you touched it. Didn’t realize the device was actually more sophisticated than that.

        1 reply 0 retweets 1 like
      5. John Carter‏ @there_from_here 9 Sep 2018
        Replying to @kansaichris @patio11

        Pretending to be a keyboard *is* one of the things most yubikeys do - check if your model supports Fido u2f

        1 reply 2 retweets 0 likes
      6. Chris Frederick‏ @kansaichris 10 Sep 2018
        Replying to @there_from_here @patio11

        I just checked and it looks like I have an original YubiKey Nano, which may predate Yubico's adoption of the FIDO U2F spec (thus my relative unfamiliarity with it).

        0 replies 0 retweets 0 likes
      7. End of conversation

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2019 Twitter
      • About
      • Help Center
      • Terms
      • Privacy policy
      • Cookies
      • Ads info