undefined | Better HN

0 pointsdeadbunny4y ago0 comments

Have you tried using something like a YubiKey? You literally just tap it and you're authenticated. No pulling out your phone and typing anything.

0 comments

3 comments · 1 top-level

svnpenn4y ago· 2 in thread

I don't want to use 2FA, and I certainly don't want to have to buy something to use 2FA. What is hard to understand about that?

deadbunnyOP4y ago

It sounded like you didn't like the hassle of using TOTP from a phone which is most people's complaint when using 2FA. I was offering a basically zero friction, more user friendly alternative which provides both convenience and security.

Beltalowda4y ago

But then I need to buy a YubiKey (€45), and set it up on my Linux machines which seems to require some PAM stuff, and lose one of the two USB ports on my laptop, and carry it around, and make a plan for when I lose it or when it breaks.

And the advantage is ... I don't know? If you have a strong random non-reused password I'm not seeing any. The only hypothetical advantage is when someone compromises your email account or desktop, but support departments tend to just reset 2FA if asked, so it's not actually a protection.

1 more reply

j / k navigate · click thread line to collapse