Patrick McKenzie

Mind shilling a link to your preferred FIDO key? There are a lot of options and they seem to vary in inconsequential ways. Paradox of choice.

The blue one from Yubico on Amazon.

That’s it.

Thanks, finally bit the bullet and picked one of these up. I've been doing 2fa /w sms & authy for awhile, but I feel much more satisfied with this.

I wish they made one compatible with both usb-a and usb-c without needing a dongle.

get two. enroll both. leave them in their respective computers. i use four of them.

Do you carry one with you in case you need to use a computer that isn’t yours?

I feel like “Don’t ever access a Google account from a machine you don’t control” is an unsatisfying answer to that question but I feel it needs to be said.

(Contingent on “If you’re in this conversation you’re a professional and the compromise of your Google account would be Seriously Bad News.”)

also should be mentioned: make a second g suite account to be the g suite admin, NOT your business card/daily driver email. that one should be unprivileged.

Do you know any stores in Japan that sell them? Seems like http://Amazon.jp  only has imports for ¥6000 or so.

Practically speaking, is a hardware FIDO key significantly more secure than a software TOTP key? i.e. Wouldn’t a man-in-the-middle attack be just as effective when spoofing a 2FA prompt with a hardware key as with a software key?

You can’t MITM a hardware key; you can MITM a TOTP challenge satisfied by either a software or hardware device. For further details see https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html#man-in-the-middle-protections-during-authentication …

Oh, interesting! I was given a YubiKey at one point and I just thought it worked by registering itself as a USB keyboard that would type one-time passwords when you touched it. Didn’t realize the device was actually more sophisticated than that.

Pretending to be a keyboard *is* one of the things most yubikeys do - check if your model supports Fido u2f