Yubikey

is it a meme?

Thalidomide Vintage Ad Shirt $22.14

CRIME Shirt $21.68

Thalidomide Vintage Ad Shirt $22.14

  1. 1 month ago
    Anonymous

    no

    • 1 month ago
      Anonymous

      if only they did this for the US government too…

    • 1 month ago
      Anonymous

      Just double your password length or something then, what's stopping the feds from just taking your key if that's who you're trying to protect against?

      • 1 month ago
        Anonymous
      • 1 month ago
        Anonymous

        wha'ts the point of doubling it if the hash is always the same length

        • 1 month ago
          Anonymous

          What's the point of using a physical key to protect against the feds? They can just get a warrant for it if they need it. They can't force you to reveal a password they can't crack.

        • 1 month ago
          Anonymous

          >wha'ts the point of doubling it if the hash is always the same length
          Password hashes aren't decryptable - you cannot reverse them.
          You have to iterate through the possible passwords to eventually match the hash, even if you already know both the hash itself and the exact encryption process.
          Hence why a longer password is still always better for that specific purpose.

    • 1 month ago
      Anonymous

      what the frick, any context?

      • 1 month ago
        Anonymous

        This message appears if you're a known journalist or cybersec guy or whatever. https://security.googleblog.com/2017/03/reassuring-our-users-about-government.html

    • 1 month ago
      Anonymous

      >Google Advanced Protection Program
      This is the shit that techlore was shilling and the reason why he dropped custom roms

      • 1 month ago
        Anonymous

        why does he think that he'll be a target for governments

        • 1 month ago
          Anonymous

          >your brain on US media

    • 1 month ago
      Anonymous

      sure thing google

    • 1 month ago
      Anonymous

      what did you do to piss the ching chong bing bongs or norks off?

    • 1 month ago
      Anonymous

      That's a very intimidating message.

  2. 1 month ago
    Anonymous

    yubikeys are an extremely autistic rabbithole. elder sages are capable of automatically live-decrypting their entire stash that is remote mounted over sshfs via http via ftp on a Raspberry Pi that is ziptied to the ISS by simply plugging in the yubikey, opening the command line, typing away at it for 30 minutes, and then finally touching the capacitive button. if youre as good as they are, then you too can have this power. but beware, it is *not* for the faint of heart.

    • 1 month ago
      Anonymous

      Surely that wouldn't take 30min to do

    • 1 month ago
      Anonymous

      is it possible to learn this power?

      • 1 month ago
        Anonymous

        have to be born autistic

      • 1 month ago
        Anonymous

        not from a normi

    • 1 month ago
      Anonymous

      Fiction, maybe 5 people on earth do this and only 3 of them are important enough to warrant it

      i want to put it inside your moms snatch

      This is not as uncommon as you’d think

      It's a glorified keystroke injector. No seriously.

      That’s otp, ready a book

      https://i.imgur.com/93ifZmo.png

      is it a meme?

      Windows login experience is dogshit, Mac login experience is non-existent, most services still require SMS 2fa before putting a security key on; completely bungling any supposed security benefit. Any cool shit it has going on is nothing to do with web service security(which is totally beholden to vendors) and all about local encryption, key verification, other other ‘minor’ features
      t. ex employee

      • 1 month ago
        Anonymous

        >Fiction, maybe 5 people on earth do this and only 3 of them are important enough to warrant it
        Stop posting

        • 1 month ago
          Anonymous

          Stop being moronic. The number of people who realistically need to do this is very, very small. Sorry anon, you’re not important enough for a sufficiently motivated to target you

          • 1 month ago
            Anonymous

            No, seriously.

          • 1 month ago
            Anonymous

            Anon please, see reason.

          • 1 month ago
            Anonymous

            Reason these balls on yo chin.

    • 1 month ago
      Anonymous

      Thos just means there is a hundred things they could have fricked up. That setup sounds like it has infinite attack vectors.

    • 1 month ago
      Anonymous

      >typing away at it for 30 minutes
      serves no purpose

    • 1 month ago
      Anonymous

      Yeah, but, wtf is it and how does it work?

  3. 1 month ago
    Anonymous

    I got one from work, it's neat but I don't really have a personal use for it.

  4. 1 month ago
    Anonymous

    unfortunately it's one of only 2 solutions currently compliant with NIST 800-53 rev.5 for fedramp moderate and higher. need the non hardware based solutions to get their phishing resistant compliance implemented asap

  5. 1 month ago
    Anonymous

    Depends on what you want to do with it.
    Secure web accounts? Yeah.
    Use it to unlock LUKS or something like that? No.

    • 1 month ago
      Anonymous

      i want to put it inside your moms snatch

      • 1 month ago
        Anonymous

        That use case is considered harmful and has been deprecated.

    • 1 month ago
      Anonymous

      >Use it to unlock LUKS or something like that? No.
      Why's that? Haven't got a key yet but considering getting one, being able to use it to decrypt my laptop over a password in addition to online 2factor would be pretty useful
      I'm not worried about getting vanned and having someone using the key, just making sure stuff like SSH keys or private docs are safe. Having to constantly type my decryption pass publicly is a risk, trying to secretly type it in libraries, busses etc is awkward, annoying and suspicious vs plugging in a USB

      • 1 month ago
        Anonymous

        you can do that with a flash drive lmao
        you don't need this gay poopy key crap

        • 1 month ago
          Anonymous

          How?

  6. 1 month ago
    Anonymous

    It's generally a PKCS11 smart card. And if you have TPM, there's already a PKCS11 smart card builr in inside your PC.

    • 1 month ago
      Anonymous

      explain the use case for NEEDING a smart card or poopykey...

      Fiction, maybe 5 people on earth do this and only 3 of them are important enough to warrant it
      [...]
      This is not as uncommon as you’d think
      [...]
      That’s otp, ready a book
      [...]
      Windows login experience is dogshit, Mac login experience is non-existent, most services still require SMS 2fa before putting a security key on; completely bungling any supposed security benefit. Any cool shit it has going on is nothing to do with web service security(which is totally beholden to vendors) and all about local encryption, key verification, other other ‘minor’ features
      t. ex employee

      >That’s otp, ready a book
      you didn't read a book for that you just skimmed wikipedia or some other article or maybe watched a shitskin tutorial on youtube

      • 1 month ago
        Anonymous

        >explain the use case for NEEDING a smart card or poopykey...
        Non-copyable 2FA token.

  7. 1 month ago
    Anonymous

    if you have an iphone and no other apple slop, this allows you to access your accounts after losing said iphone whilst also not having to buy more apple slop to do so... You can also login to your bank and other important accounts securely, independent of apps or registered devices.

  8. 1 month ago
    Anonymous

    It's kinda funny, tbh.
    People are bending and twisting themselves for some silly security gimmicks but ultimately when glowies or other third parties will want to unblock your PC what will be harder? Grabbing your dumb USB key, forcing you to put hand on finger reader, literally making you look into your laptop's camera for a fricking second or interrogating and forcing out of you a password?

    It's a fricking meme because the older option is still safer and some gays are trying to sell you worthless "answers" to safety non-issue.

    • 1 month ago
      Anonymous

      both seem equally easy
      but it's much more likely they'll bruteforce, hack, solicit, &c. a password than send a literal glowie to your house

    • 1 month ago
      Anonymous

      they are really handy option for 2fa it's weird that you don't get it. It means you just need your keys, your password and a modern web browser to access your accounts.

    • 1 month ago
      Anonymous

      Have you even used these things?
      I've literally never seen an implementation of authentication that accepts security keys/cards and doesn't also use a knowledge factor as well.

      • 1 month ago
        Anonymous

        Bitlocker

    • 1 month ago
      Anonymous

      i just use it so i dont have to type a password and my mom doesnt look at my porn without me

      • 1 month ago
        Anonymous

        >and my mom doesnt look at my porn without me
        greentext?

    • 1 month ago
      Anonymous

      passwords are (usually) protected by the 5th amendment btw, other authentication methods are not including bio

      • 1 month ago
        Anonymous

        if you are at that point they will either consider you a terrorist and ignore your rights, or they will tack on new federal charges and get you on those. or hell, if its REALLY serious they'll do something like with ross ulbricht, they'll stand over your shoulder till your logged in then swipe your laptop/keyboard and handcuff you.

        • 1 month ago
          Anonymous

          they did my man Ross dirty. He was about to meet a glow girl

        • 1 month ago
          Anonymous

          passwords are (usually) protected by the 5th amendment btw, other authentication methods are not including bio

          It's kinda funny, tbh.
          People are bending and twisting themselves for some silly security gimmicks but ultimately when glowies or other third parties will want to unblock your PC what will be harder? Grabbing your dumb USB key, forcing you to put hand on finger reader, literally making you look into your laptop's camera for a fricking second or interrogating and forcing out of you a password?

          It's a fricking meme because the older option is still safer and some gays are trying to sell you worthless "answers" to safety non-issue.

          IQfy yet again dosen't recognise what a realistic threat model is, and that it dosen't always include the feds

  9. 1 month ago
    Anonymous

    I mean in a sense. But that's just me talking out of my ass,

  10. 1 month ago
    Anonymous

    No, I use them on my iPhone

  11. 1 month ago
    Anonymous

    It's a glorified keystroke injector. No seriously.

    • 1 month ago
      Anonymous

      yubikeys support several different standards, most of them are based on old SmartCard protocols like PKCS11

    • 1 month ago
      Anonymous

      Wrong FIDO2 U2F is different than an OTP code injector.

  12. 1 month ago
    Anonymous

    It's meant for phishing protection. If you're not a moron who can be socially engineered into giving up their otp to the curry hotline, then you don't need it.

    If you're an employer who wants peace of mind, then you buy it for your employees.

    If you're a schizo, you don't buy it because it's a black box with a possible back door.

  13. 1 month ago
    Anonymous

    mostly yeah. TOTP gives you 98% as good protection, without need for overpriced hardware trash.

    • 1 month ago
      Anonymous

      The problem with TOTP is that they can still be phished out of people. It's probably great for (You) and your logins since you, of course, aren't moronic, and it's better than no second factor in a group setting, but if you are trying to deploy auth for a lot of team members or employees, it could leave a lot to be desired if they have privileged access and you want to keep glowies/chinks/russians out for sure
      On the other hand, WebAuthn is way more of a b***h to implement custom, it's unreal

  14. 1 month ago
    Anonymous

    Why can't I just use a regular flashdrive for this, is there a way to just have it self-destruct if not ejected properly?

    • 1 month ago
      Anonymous

      >Why can't I just use a regular flashdrive for this
      because pendrive costs 1.50 euro, and yubikey costs 60 euro. what don't you understand?

  15. 1 month ago
    Anonymous

    >keychain
    >not using something that's on you at all times
    not gonna make it

  16. 1 month ago
    Anonymous

    They're a meme if your online accounts can be bypassed with something other than your FIDO key.
    I'm using 2FA TOTP and feel it's largely for show when all these websites let me bypass it even if I never gave them my phone number.

    Why do I even bother when google won't even let you add TOTP to your account without a phone number as a fallback?
    Yes they'll remove your phone number but if they decide to lock out your account, they'll ask for it anyway and you're now fricked.

    • 1 month ago
      Anonymous

      You can add a security key to your Google account without a phone number, just not TOTP

  17. 1 month ago
    Anonymous

    >phishing resistant MFA
    yes, it works well.

  18. 1 month ago
    Anonymous

    My yubikey has single handedly btfo pajeets on a number of occasions. They even tried simswapping me. The yubikey won though

  19. 1 month ago
    Anonymous

    Yubikeys are just expensive hardware to store your WebAuthn passkeys. No need to waste money on them. Just store and sync your passkeys in the Apple cloud like everyone else does. It's secure and comfortable.

  20. 1 month ago
    Anonymous

    I have 2 Yubikeys, purchased before Apple/Google's passkeys came into existence.

    I was finding Microsoft & other services were getting plenty of login attempts from shit holes like Iran & Syria.

    Adding the Yubikey to major services put a stop to it.

    • 1 month ago
      Anonymous

      Who cares about login attempts? They're not getting in either way.

      • 1 month ago
        Anonymous

        For OneDrive or Github, I'm not willing to run the risk.

        • 1 month ago
          Anonymous

          Can you at least password protect your passkeys? So if someone takes it they don't have access? And not have to rely on third party shit for anything?

  21. 1 month ago
    Anonymous

    it has been ever since they went closed-source

  22. 1 month ago
    Anonymous

    doesn't it need some non-free software to be running 24/7 on your system for it to work? no thanks.. if it worked without any additional background software running it would be good.

    • 1 month ago
      Anonymous

      FIDO just uses the USB HID driver.

    • 1 month ago
      Anonymous

      FIDO just uses the USB HID driver.

      And its SmartCard functionality can be accessed via GnuPG.

  23. 1 month ago
    Anonymous

    No, In fact it's really good when it comes to Security.

  24. 1 month ago
    Anonymous

    The USB-A and USB-C Titan Security Keys from Google seem decent.

    • 1 month ago
      Anonymous

      It's made by google, which is a dealbreaker for me.

  25. 1 month ago
    Anonymous

    These don't support many services, right?

  26. 1 month ago
    Anonymous

    So far I'm only using them for GitHub.
    I did manage to set them up to work on WSL2 properly for both SSH authentication (touch the key to fetch from repo) and GPG commit signing (autosign commits if the key is plugged and was already unlocked via the pin during this session)
    That wasn't easy at all but I also learned some new stuff, and repeating the process now only takes a fraction of time.
    Feels pretty good, ngl.

    I'm thinking about setting up KeePassXC next and integrating my YubiKeys into the process somehow.

  27. 1 month ago
    Anonymous

    Why the FRICK does every IQfy thread about cool shit dies wherever I post in it?!

  28. 1 month ago
    Anonymous

    No but I've flashed my own with FLOSS implementations of FIDO2:

    https://web.archive.org/web/20201112213643/https://github.com/solokeys/solo/issues/353

Your email address will not be published. Required fields are marked *