undefined | Better HN

0 pointsb1123y ago0 comments

A yubikey would be as useless in this article's specific case, as the problem is losing valuable things (eg, phones). A yubikey is no different.

It too would be lost.

0 comments

lxgr3y ago

That's definitely a problem, and a tricky one to solve in the context of 2FA: One of these factors is usually knowledge (your password); the other then has to be possession or inherence, and the latter has problems as well.

Essentially, if you rule out possession, your choice is between server-side validated biometrics (if offered at all), or "double knowledge" (e.g. a password and email 2FA, with the email account also only protected by a password), which is pretty phishable.

j / k navigate · click thread line to collapse

0 pointsb1123y ago0 comments

A yubikey would be as useless in this article's specific case, as the problem is losing valuable things (eg, phones). A yubikey is no different.

It too would be lost.

0 comments

lxgr3y ago

j / k navigate · click thread line to collapse